Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Data Streams - logs included


  • This topic is locked This topic is locked
16 replies to this topic

#1 rworx

rworx

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 07 July 2015 - 12:12 PM

Sorry for already having run combo fix I did all this before joining this forum.

 

Here's I've done so far:-

 

Ran Kaspersky TDSS Killer, here is the end of the log. I just decided to remove PreRun.exe as I can always reinstall.

 

15:27:49.0904 0x15c4  Scan finished
15:27:49.0904 0x15c4  ============================================================
15:27:49.0904 0x03e4  Detected object count: 2
15:27:49.0904 0x03e4  Actual detected object count: 2
15:34:09.0835 0x03e4  \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
15:34:09.0835 0x03e4  \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
15:34:09.0850 0x03e4  C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe - copied to quarantine
15:34:09.0850 0x03e4  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce:PreRun - will be deleted on reboot
15:34:09.0850 0x03e4  C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe - will be deleted on reboot
15:34:09.0850 0x03e4  PreRun ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:34:09.0975 0x03e4  KLMD registered as C:\Windows\system32\drivers\79566196.sys
15:34:16.0075 0x059c  Deinitialize success

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Ran Combofix here's the log:-

 

ComboFix 15-07-07.01 - Z87XUD5H 07/07/2015  15:53:29.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.16337.13721 [GMT 1:00]
Running from: c:\users\Z87XUD5H\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 2 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Propellerhead Software\ReCycle
c:\programdata\Propellerhead Software\ReCycle\ReCycle20.dat
c:\users\Z87XUD5H\AppData\Local\Adobe\downloader.dll
c:\users\Z87XUD5H\AppData\Local\Adobe\gccheck.exe
c:\users\Z87XUD5H\AppData\Local\Adobe\gtbcheck.exe
c:\users\Z87XUD5H\AppData\Roaming\Propellerhead Software\ReCycle
c:\users\Z87XUD5H\AppData\Roaming\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\windows\msdownld.tmp
c:\windows\SysWow64\tmp841D.tmp
c:\windows\SysWow64\tmp847C.tmp
c:\windows\SysWow64\tmpF276.tmp
c:\windows\SysWow64\tmpF286.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-07 to 2015-07-07  )))))))))))))))))))))))))))))))
.
.
2015-07-07 14:58 . 2015-07-07 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-07 14:58 . 2015-07-07 14:58 -------- d-----w- c:\users\admin\AppData\Local\temp
2015-07-07 14:58 . 2015-07-07 14:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A54923-AC9B-480A-BE75-E61ED39054F9}\offreg.5384.dll
2015-07-06 16:15 . 2015-07-06 16:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A54923-AC9B-480A-BE75-E61ED39054F9}\offreg.6112.dll
2015-07-06 16:10 . 2015-07-06 16:10 -------- d-----w- C:\boot
2015-07-06 16:09 . 2015-07-06 16:09 -------- d-----w- c:\program files\Macrium
2015-07-06 16:05 . 2015-07-06 16:08 -------- d-----w- c:\programdata\Macrium
2015-07-06 15:34 . 2015-07-06 15:34 -------- dc----w- c:\users\Z87XUD5H\AppData\Local\MigWiz
2015-07-03 20:51 . 2015-07-03 20:51 -------- d-----w- c:\program files (x86)\uTorrent
2015-07-03 20:51 . 2015-07-06 21:27 -------- d-----w- c:\users\Z87XUD5H\AppData\Roaming\uTorrent
2015-07-03 11:10 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49A54923-AC9B-480A-BE75-E61ED39054F9}\mpengine.dll
2015-07-02 20:10 . 2015-07-03 11:12 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2015-07-02 14:23 . 2015-07-02 14:24 -------- d-----w- c:\users\Z87XUD5H\AppData\Local\NFS Underground 2
2015-06-24 21:23 . 2015-06-24 21:23 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-24 21:23 . 2015-06-24 21:23 43112 ----a-w- c:\windows\avastSS.scr
2015-06-16 17:32 . 2015-06-16 17:34 -------- d-----w- c:\users\Administrator
2015-06-10 01:59 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-10 01:58 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-06-10 01:57 . 2015-06-01 19:16 389840 ----a-w- c:\windows\system32\iedkcs32.dll
2015-06-08 20:18 . 2015-06-08 20:18 -------- d-----w- c:\users\Z87XUD5H\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-07 14:36 . 2014-05-04 18:55 25640 ----a-w- c:\windows\gdrv.sys
2015-07-06 20:09 . 2014-04-11 17:19 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-07-06 19:32 . 2014-04-11 17:19 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-07-06 10:51 . 2015-01-14 12:50 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-02 23:44 . 2013-12-21 02:47 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-02 23:44 . 2013-12-21 02:47 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-01 16:18 . 2013-12-19 09:00 25640 ----a-w- c:\windows\etdrv.sys
2015-06-26 14:53 . 2013-12-17 16:14 442264 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-24 21:23 . 2014-06-08 11:55 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-24 21:23 . 2013-12-31 13:12 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-06-24 21:23 . 2013-12-17 16:14 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-24 21:23 . 2013-12-17 16:14 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-24 21:23 . 2013-12-17 16:14 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-24 21:23 . 2013-12-17 16:14 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-06-24 21:23 . 2013-12-17 16:14 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-06-10 02:01 . 2013-12-17 16:55 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 02:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-23 01:47 . 2014-06-21 17:06 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-05-23 01:47 . 2014-02-27 19:33 1320304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-05-23 01:47 . 2014-06-21 17:06 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-05-23 01:47 . 2014-02-27 19:33 1571696 ----a-w- c:\windows\system32\nvspcap64.dll
2015-05-13 06:52 . 2015-05-31 16:31 31552 ----a-w- c:\windows\system32\nvhdap64.dll
2015-05-13 06:52 . 2015-05-31 16:31 195912 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-05-13 06:52 . 2015-01-23 13:29 1558848 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-05-12 06:27 . 2015-05-31 16:31 982672 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-05-12 06:27 . 2015-05-31 16:31 939080 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-05-12 06:27 . 2015-05-31 16:31 408208 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2015-05-12 06:27 . 2015-05-31 16:31 364176 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2015-05-12 06:27 . 2015-05-31 16:31 30478992 ----a-w- c:\windows\system32\nvoglv64.dll
2015-05-12 06:27 . 2015-05-31 16:31 22945424 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-05-12 06:27 . 2015-05-31 16:31 16145176 ----a-w- c:\windows\system32\nvopencl.dll
2015-05-12 06:27 . 2015-05-31 16:31 150832 ----a-w- c:\windows\system32\nvoglshim64.dll
2015-05-12 06:27 . 2015-05-31 16:31 13263568 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-05-12 06:27 . 2015-05-31 16:31 128512 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-05-12 06:27 . 2015-05-31 16:31 1099808 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-05-12 06:27 . 2015-05-31 16:31 10972304 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-05-12 06:27 . 2015-05-31 16:31 1059984 ----a-w- c:\windows\system32\NvIFR64.dll
2015-05-12 06:27 . 2015-05-31 16:30 974480 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-05-12 06:27 . 2015-05-31 16:30 502896 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2015-05-12 06:27 . 2015-05-31 16:30 407296 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2015-05-12 06:27 . 2015-05-31 16:30 2932368 ----a-w- c:\windows\system32\nvcuvid.dll
2015-05-12 06:27 . 2015-05-31 16:30 2599056 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-05-12 06:27 . 2015-05-31 16:30 1898312 ----a-w- c:\windows\system32\nvdispco6435286.dll
2015-05-12 06:27 . 2015-05-31 16:30 1557648 ----a-w- c:\windows\system32\nvdispgenco6435286.dll
2015-05-12 06:27 . 2015-05-31 16:30 14455296 ----a-w- c:\windows\system32\nvcuda.dll
2015-05-12 06:27 . 2015-05-31 16:30 1050256 ----a-w- c:\windows\system32\NvFBC64.dll
2015-05-12 06:27 . 2015-05-31 16:30 11790144 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-05-12 06:27 . 2015-05-31 16:30 42718864 ----a-w- c:\windows\system32\nvcompiler.dll
2015-05-12 06:27 . 2015-05-31 16:30 37741712 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-05-12 06:27 . 2015-01-23 13:29 15048816 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-05-12 06:27 . 2015-01-04 20:03 3363224 ----a-w- c:\windows\system32\nvapi64.dll
2015-05-12 06:27 . 2015-01-04 20:03 17540416 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-05-12 06:27 . 2015-01-04 20:03 15858728 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-05-12 06:27 . 2015-01-04 20:03 12849056 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-05-12 06:27 . 2014-11-03 14:27 2971776 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-05-12 06:27 . 2014-02-27 17:28 176064 ----a-w- c:\windows\system32\nvinitx.dll
2015-05-12 06:27 . 2014-02-27 17:28 154256 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-05-12 03:30 . 2014-02-27 17:29 937288 ----a-w- c:\windows\system32\nvvsvc.exe
2015-05-12 03:30 . 2014-02-27 17:29 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-05-12 03:30 . 2014-02-27 17:29 385352 ----a-w- c:\windows\system32\nvmctray.dll
2015-05-12 03:30 . 2014-02-27 17:29 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-05-12 03:30 . 2014-02-27 17:29 6872392 ----a-w- c:\windows\system32\nvcpl.dll
2015-05-12 03:30 . 2014-02-27 17:29 3490448 ----a-w- c:\windows\system32\nvsvc64.dll
2015-05-12 02:34 . 2015-05-31 16:33 571024 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-05-11 17:01 . 2014-02-27 17:29 4391871 ----a-w- c:\windows\system32\nvcoproc.bin
2015-05-01 13:17 . 2015-05-13 11:59 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 11:59 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 11:57 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 11:57 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 11:57 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 11:57 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 11:57 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 11:57 328704 ----a-w- c:\windows\system32\services.exe
2013-12-18 15:11 . 2013-12-18 15:11 802136 ----a-w- c:\program files (x86)\uTorrent.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2014-06-26 87040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-24 5515496]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2009-07-27 236040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTune"="c:\program files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe" [2013-11-13 10240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2014-6-5 23322624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvSnSht;DrvSnSht;c:\program files (x86)\R-Drive Image\DrvSnSht64.sys;c:\program files (x86)\R-Drive Image\DrvSnSht64.sys [x]
R3 e1rexpress;Intel® PCI Express Network Connection Driver R;c:\windows\system32\DRIVERS\e1r62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1r62x64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 etocdrv;etocdrv;c:\windows\etocdrv.sys;c:\windows\etocdrv.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Mv_Process;Marvell process notification.;c:\windows\syswow64\mv_process.sys;c:\windows\syswow64\mv_process.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 R-ImageDisk;R-ImageDisk;c:\program files (x86)\R-Drive Image\R-ImageDisk64.sys;c:\program files (x86)\R-Drive Image\R-ImageDisk64.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 gadjservice;GIGABYTE Adjust;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 GUP7Serv;UP7 Click OC service;c:\program files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe;c:\program files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 ALSysIO;ALSysIO;c:\users\Z87XUD5H\AppData\Local\Temp\ALSysIO64.sys;c:\users\Z87XUD5H\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioDelta.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys;c:\program files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 43978163
*NewlyCreated* - ALSYSIO
*Deregistered* - 43978163
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-24 21:23 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-25 391128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-25 771544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-25 770520]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-23 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-05-23 1571696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3219CB09-FBC6-4C27-9E5A-D5D95D0E7812}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-RunOnce-PreRun - c:\program files (x86)\Gigabyte\AppCenter\PreRun.exe
SafeBoot-16866877.sys
SafeBoot-43978163.sys
SafeBoot-53112281.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-CMIUSB&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\CMIUSB&1B1C&1C00
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-Native Instruments Hardware Controller Support - c:\programdata\{05835455-7C7C-4AA0-A7A0-63D407FC9E17}\Hardware Controller Support Setup.exe
AddRemove-{06B60360-9DBD-4593-90A0-FD237F0845A2} - c:\programdata\{B2DCFF49-8E43-4A91-B043-7CCB41EA24CE}\denoise5_setup_ext.exe
AddRemove-{1E970C1F-CCD2-4017-BD67-51E33C1798AF} - c:\programdata\{4D68C4FD-B046-4FEA-93B8-7D991CC91BBB}\simplify4_setup_ext.exe
AddRemove-{F0CE32FE-FF83-4C25-8235-CE2166EDE110} - c:\programdata\{8B58FE9C-EF68-4651-846D-09F3FBCA14E5}\simplify4_setup.exe
AddRemove-{FA85C599-2569-4C48-9AA6-2B8D8F029FA7} - c:\programdata\{16996CC6-7043-45AD-9C8D-A784409115E4}\clean3_setup_ext.exe
AddRemove-{FB237A35-F491-4AC1-95E0-85118D6751D9} - c:\programdata\{9DE75BC9-6CF5-4972-8A4E-86BAAD477DC6}\adjust4_setup_ext.exe
AddRemove-{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F} - c:\programdata\{63212DDB-3722-4A80-B4BE-CF435DDAD17C}\Maschine Setup.exe
AddRemove-Search Protection - c:\users\Z87XUD5H\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="35-SD3W-GA5P-CXV5-ZTS8-ZCXH-R288YMN"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-07  16:00:29
ComboFix-quarantined-files.txt  2015-07-07 15:00
.
Pre-Run: 580,072,374,272 bytes free
Post-Run: 579,992,305,664 bytes free
.
- - End Of File - - 0A25AED42F2AEF8B29E4E0897C9ED03D
5FB38429D5D77768867C76DCBDB35194
 

------------------------------------------------------------------------------------------------------------------------------------------

 

I then cleaned out temporary files with OldTimers TFC.exe

 

-----------------------------------------------------------------------------------------------------------------------------------------------

 

I then ran ADWCleaner here is the log of what I deleted :-

 

# AdwCleaner v4.207 - Logfile created 07/07/2015 at 16:46:40
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Z87XUD5H - Z87XUD5H-PC
# Running from : C:\Users\Z87XUD5H\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Z87XUD5H\AppData\Local\PackageAware

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v

-\\ Google Chrome v

[C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

-\\ Opera v30.0.1835.88

*************************

AdwCleaner[R0].txt - [1313 bytes] - [07/07/2015 16:22:55]
AdwCleaner[S0].txt - [1244 bytes] - [07/07/2015 16:46:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1303  bytes] ##########

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

I then ran FRST here are the logs from that :-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Z87XUD5H (administrator) on Z87XUD5H-PC on 07-07-2015 17:06:23
Running from C:\Users\Z87XUD5H\Desktop
Loaded Profiles: Z87XUD5H (Available Profiles: Z87XUD5H & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\Z87XUD5H\Desktop\SYSTEM UTILS\CoreTemp64\Core Temp.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Windows\SysWOW64\DeltaIITray.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\DeltaIITray.exe [236040 2009-07-27] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\RunOnceTask.exe [10240 2013-11-13] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3373236962-3203910689-726919213-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-3373236962-3203910689-726919213-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [176064 2015-05-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-12] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2014-02-27]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3373236962-3203910689-726919213-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3373236962-3203910689-726919213-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3373236962-3203910689-726919213-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3373236962-3203910689-726919213-1000 -> {A01CC1F6-2BF6-4E8B-91E2-870C73072911} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3373236962-3203910689-726919213-1000 -> {DD17E003-B79F-4510-90E9-365A9E9530AD} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-11] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-11] (Avast Software s.r.o.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3219CB09-FBC6-4C27-9E5A-D5D95D0E7812}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3219CB09-FBC6-4C27-9E5A-D5D95D0E7812}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{617D276D-E6D9-4CE4-A82B-234DA59F0A33}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{F6541BA6-5B35-44F5-A297-6A42F989A40B}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Z87XUD5H\AppData\Roaming\Mozilla\Firefox\Profiles\jgzt6206.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Extension: SeoQuake - C:\Users\Z87XUD5H\AppData\Roaming\Mozilla\Firefox\Profiles\jgzt6206.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2015-04-19]
FF Extension: SEO Doctor - C:\Users\Z87XUD5H\AppData\Roaming\Mozilla\Firefox\Profiles\jgzt6206.default\Extensions\seodoctor@prelovac.com.xpi [2015-04-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-28]
CHR Extension: (Google Docs) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-28]
CHR Extension: (YouTube) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-28]
CHR Extension: (Google Search) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-03-28]
CHR Extension: (Google Sheets) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-28]
CHR Extension: (Hola Better Internet) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-03-28]
CHR Extension: (Avast Online Security) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-28]
CHR Extension: (Gmail) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Z87XUD5H\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-02-20]
StartMenuInternet: (HKU\S-1-5-21-3373236962-3203910689-726919213-1000) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 astcc; C:\Windows\SysWOW64\astsrv.exe [57344 2008-11-26] (Nalpeiron Ltd.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-24] (Avast Software)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 GUP7Serv; C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe [18512 2013-06-26] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-07-05] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-01] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-03] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-29] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2013-11-26] ()
S3 DrvSnSht; C:\Program Files (x86)\R-Drive Image\DrvSnSht64.sys [120792 2007-12-21] (R-TT Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 e1rexpress; C:\Windows\System32\DRIVERS\e1r62x64.sys [495376 2013-04-05] (Intel Corporation)
S3 etocdrv; C:\Windows\etocdrv.sys [15584 2013-10-30] (Giga-Byte Technology CO., LTD.)
S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2010-02-04] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 R-ImageDisk; C:\Program Files (x86)\R-Drive Image\R-ImageDisk64.sys [127064 2007-12-21] (R-TT Inc.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2014-02-02] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-24] (Avast Software)
R3 ALSysIO; \??\C:\Users\Z87XUD5H\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 17:06 - 2015-07-07 17:06 - 00022060 _____ C:\Users\Z87XUD5H\Desktop\FRST.txt
2015-07-07 17:06 - 2015-07-07 17:06 - 00000000 ____D C:\FRST
2015-07-07 17:05 - 2015-07-07 17:06 - 02112512 _____ (Farbar) C:\Users\Z87XUD5H\Desktop\FRST64.exe
2015-07-07 16:22 - 2015-07-07 16:46 - 00000000 ____D C:\AdwCleaner
2015-07-07 16:22 - 2015-07-07 16:22 - 02244096 _____ C:\Users\Z87XUD5H\Desktop\AdwCleaner.exe
2015-07-07 16:16 - 2015-07-07 16:16 - 00448512 _____ (OldTimer Tools) C:\Users\Z87XUD5H\Desktop\TFC.exe
2015-07-07 16:00 - 2015-07-07 16:00 - 00030460 _____ C:\ComboFix.txt
2015-07-07 15:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-07 15:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-07 15:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-07 15:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-07 15:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-07 15:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-07 15:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-07 15:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-07 15:51 - 2015-07-07 16:00 - 00000000 ____D C:\Qoobox
2015-07-07 15:51 - 2015-07-07 15:59 - 00000000 ____D C:\Windows\erdnt
2015-07-07 15:46 - 2015-07-07 15:46 - 05632562 ____R (Swearware) C:\Users\Z87XUD5H\Desktop\ComboFix.exe
2015-07-06 17:28 - 2015-07-06 17:28 - 00000000 ____D C:\Users\Z87XUD5H\Documents\Reflect
2015-07-06 17:09 - 2015-07-06 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2015-07-06 17:09 - 2015-07-06 17:09 - 00000000 ____D C:\Program Files\Macrium
2015-07-06 17:08 - 2015-07-06 17:10 - 00313224 _____ C:\Reflect_Install.log
2015-07-06 17:05 - 2015-07-06 17:08 - 00000000 ____D C:\ProgramData\Macrium
2015-07-06 17:05 - 2015-07-06 17:07 - 00000000 ____D C:\Users\Z87XUD5H\Downloads\Macrium
2015-07-06 17:05 - 2015-07-06 17:05 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\Z87XUD5H\Downloads\ReflectDL.exe
2015-07-06 16:34 - 2015-07-06 16:34 - 00000000 ___DC C:\Users\Z87XUD5H\AppData\Local\MigWiz
2015-07-06 15:05 - 2015-07-06 15:05 - 274190744 _____ C:\Users\Z87XUD5H\Downloads\atih_installer_wd_en-US.exe
2015-07-05 15:58 - 2015-07-05 15:58 - 00346416 _____ C:\Windows\Minidump\070515-20264-01.dmp
2015-07-03 21:51 - 2015-07-06 22:27 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Roaming\uTorrent
2015-07-03 21:51 - 2015-07-03 21:51 - 00000949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-07-03 21:51 - 2015-07-03 21:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
2015-07-03 21:50 - 2015-07-03 21:51 - 00399224 _____ (BitTorrent, Inc.) C:\Users\Z87XUD5H\Downloads\utorrent_2.2.1.exe
2015-07-02 21:15 - 2015-07-02 21:15 - 01640768 _____ C:\Users\Z87XUD5H\Downloads\battlelog-web-plugins_2.7.1_162 (1).exe
2015-07-02 21:10 - 2015-07-03 12:12 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-07-02 21:06 - 2015-07-02 21:06 - 00000343 _____ C:\Users\Z87XUD5H\Desktop\bf4 error.txt
2015-07-02 20:49 - 2015-07-02 20:49 - 01640768 _____ C:\Users\Z87XUD5H\Downloads\battlelog-web-plugins_2.7.1_162.exe
2015-07-02 15:23 - 2015-07-02 15:24 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Local\NFS Underground 2
2015-06-30 12:28 - 2015-06-05 13:14 - 157286400 _____ C:\Users\Z87XUD5H\Downloads\memtest86-usb.img
2015-06-30 12:28 - 2015-06-05 13:14 - 00417936 _____ (PassMark Software) C:\Users\Z87XUD5H\Downloads\imageUSB.exe
2015-06-30 12:28 - 2015-06-05 13:14 - 00006109 _____ C:\Users\Z87XUD5H\Downloads\ReadMe_imageUSB.txt
2015-06-30 12:28 - 2015-06-05 13:14 - 00003666 _____ C:\Users\Z87XUD5H\Downloads\readme.txt
2015-06-30 12:28 - 2015-06-05 13:14 - 00000000 ____D C:\Users\Z87XUD5H\Downloads\Help
2015-06-30 04:23 - 2015-06-30 04:24 - 00390600 _____ C:\Windows\Minidump\063015-19890-01.dmp
2015-06-29 18:30 - 2015-06-29 18:31 - 00000113 _____ C:\Users\Z87XUD5H\AppData\Roaming\.ptbt0
2015-06-29 18:30 - 2015-06-29 18:30 - 00017832 _____ C:\Users\Z87XUD5H\Desktop\DSC_2188 - DSC_2191.pto.mk
2015-06-27 17:13 - 2015-06-27 17:13 - 00000000 _____ C:\Windows\system32\cd
2015-06-27 16:40 - 2015-07-05 15:58 - 823325398 _____ C:\Windows\MEMORY.DMP
2015-06-27 16:40 - 2015-06-27 16:40 - 00354224 _____ C:\Windows\Minidump\062715-23634-01.dmp
2015-06-24 22:23 - 2015-06-24 22:23 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-24 22:23 - 2015-06-24 22:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-20 17:36 - 2015-06-20 17:36 - 00000132 _____ C:\Users\Z87XUD5H\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-16 19:19 - 2015-06-16 19:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2015-06-16 18:37 - 2015-06-16 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2015-06-16 18:36 - 2015-06-16 19:18 - 00000000 ____D C:\Users\Administrator\Documents\temp
2015-06-16 18:36 - 2015-06-16 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-06-16 18:36 - 2015-06-16 18:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-06-16 18:34 - 2015-06-16 18:34 - 00001373 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-16 18:34 - 2015-06-16 18:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-06-16 18:33 - 2015-06-16 18:33 - 00069112 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 18:32 - 2015-06-16 18:34 - 00000000 ____D C:\Users\Administrator
2015-06-16 18:32 - 2015-06-16 18:32 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-06-16 18:32 - 2015-06-16 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2015-06-16 18:32 - 2015-06-16 18:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2015-06-16 18:32 - 2014-11-14 04:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2015-06-16 18:32 - 2014-03-15 19:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2015-06-16 18:32 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-16 18:32 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-15 17:35 - 2015-06-15 17:36 - 00000000 ____D C:\Users\Z87XUD5H\Desktop\NKSC_PARAM
2015-06-14 14:14 - 2015-06-15 18:01 - 00000185 _____ C:\Users\Z87XUD5H\Desktop\NIKON 200 F4 SHUTTER SPEEDS.txt
2015-06-10 03:00 - 2015-05-25 19:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 03:00 - 2015-05-25 19:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 03:00 - 2015-05-25 19:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 03:00 - 2015-05-25 19:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 03:00 - 2015-05-25 19:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 03:00 - 2015-05-25 19:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 03:00 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 03:00 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 03:00 - 2015-05-25 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 03:00 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 03:00 - 2015-05-25 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 03:00 - 2015-05-25 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 03:00 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 03:00 - 2015-05-25 19:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 03:00 - 2015-05-25 19:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 03:00 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 03:00 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 03:00 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 03:00 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 03:00 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 03:00 - 2015-05-25 19:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 03:00 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 03:00 - 2015-05-25 18:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 03:00 - 2015-05-25 18:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 03:00 - 2015-05-25 18:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 03:00 - 2015-05-25 18:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 03:00 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 03:00 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 18:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 03:00 - 2015-05-25 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 03:00 - 2015-05-25 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 03:00 - 2015-05-25 17:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 03:00 - 2015-05-25 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 02:59 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 02:59 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 02:59 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 02:59 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 02:59 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 02:59 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 02:59 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 02:59 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 02:59 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 02:59 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 02:59 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 02:59 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 02:59 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 02:59 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 02:58 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 02:58 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 02:58 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 02:58 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 02:58 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 02:58 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 02:58 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 02:58 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 02:58 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 02:58 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 02:58 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 02:58 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 02:58 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 02:58 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 02:58 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 02:58 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 02:57 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 02:57 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 02:57 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 02:57 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 02:57 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 02:57 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 02:57 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 02:57 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 02:57 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 02:57 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 02:57 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 02:57 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 02:57 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 02:57 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 02:57 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 02:57 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 02:57 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 02:57 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 02:57 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 02:57 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 02:57 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 02:57 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 02:57 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 02:57 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 02:57 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 02:57 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 02:57 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 02:57 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 02:57 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 02:57 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 02:57 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 02:57 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 02:57 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 02:57 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 02:57 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 02:57 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 02:57 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 02:57 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 02:57 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 02:57 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 02:57 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 02:57 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 02:57 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 02:57 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-08 21:18 - 2015-06-08 21:18 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 17:06 - 2014-04-06 11:22 - 00000021 _____ C:\Users\Z87XUD5H\AppData\Roaming\config_data.dat
2015-07-07 16:56 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-07 16:56 - 2009-07-14 05:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-07 16:54 - 2013-12-17 16:24 - 01718309 _____ C:\Windows\WindowsUpdate.log
2015-07-07 16:48 - 2014-05-04 19:55 - 00025640 ____N (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-07-07 16:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 16:48 - 2009-07-14 05:51 - 00164094 _____ C:\Windows\setupact.log
2015-07-07 16:47 - 2015-01-04 21:04 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-07 16:10 - 2010-11-21 04:47 - 00264280 _____ C:\Windows\PFRO.log
2015-07-07 15:59 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-07-07 15:58 - 2013-12-18 14:18 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Roaming\Propellerhead Software
2015-07-07 15:58 - 2013-12-18 14:18 - 00000000 ____D C:\ProgramData\Propellerhead Software
2015-07-07 15:58 - 2013-12-18 00:23 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Local\Adobe
2015-07-07 15:34 - 2014-06-02 15:12 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-06 22:27 - 2015-01-01 18:32 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Roaming\vlc
2015-07-06 22:27 - 2014-03-15 23:06 - 00000000 ____D C:\ProgramData\Origin
2015-07-06 21:09 - 2014-04-11 18:19 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-07-06 20:32 - 2014-04-11 18:19 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-07-06 20:24 - 2014-02-27 19:03 - 00000000 ____D C:\Users\Z87XUD5H\Documents\temp
2015-07-06 19:09 - 2014-02-11 13:48 - 00000000 ___RD C:\Users\Z87XUD5H\Desktop\SYSTEM UTILS
2015-07-06 19:01 - 2013-12-17 16:24 - 00000000 ____D C:\Users\Z87XUD5H
2015-07-06 14:38 - 2009-07-14 06:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 19:20 - 2014-12-09 19:40 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-05 19:20 - 2014-04-23 11:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-05 18:55 - 2013-12-17 17:14 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-05 16:05 - 2014-07-30 20:18 - 00000000 ____D C:\Symbols
2015-07-05 15:58 - 2013-12-18 20:32 - 00000000 ____D C:\Windows\Minidump
2015-07-03 21:44 - 2015-05-09 17:47 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Roaming\Kodi
2015-07-03 00:44 - 2013-12-21 03:47 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-03 00:44 - 2013-12-21 03:47 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-02 16:34 - 2015-03-12 16:17 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Roaming\Winamp
2015-07-02 15:21 - 2014-02-01 17:44 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-02 12:10 - 2014-02-02 19:26 - 00000020 ____H C:\ProgramData\PKP_DLbx.DAT
2015-07-02 11:58 - 2015-03-04 19:46 - 00001456 _____ C:\Users\Z87XUD5H\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-01 21:29 - 2013-12-20 15:59 - 00007639 _____ C:\Users\Z87XUD5H\AppData\Local\resmon.resmoncfg
2015-07-01 20:56 - 2014-02-11 13:50 - 00000000 ___RD C:\Users\Z87XUD5H\Desktop\VARIOUS
2015-07-01 19:28 - 2014-04-11 16:48 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-01 19:17 - 2014-01-20 18:52 - 00000000 ____D C:\Users\Z87XUD5H\IE Bookmarks - Favourites
2015-07-01 17:18 - 2013-12-19 10:00 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2015-06-30 20:13 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-29 19:56 - 2015-04-22 11:58 - 00000000 ____D C:\Users\Z87XUD5H\Desktop\New folder
2015-06-27 16:58 - 2015-04-18 11:32 - 11032736 _____ (SurfRight B.V.) C:\Users\Z87XUD5H\Downloads\HitmanPro_x64 (2).exe
2015-06-26 15:53 - 2013-12-17 17:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-25 20:19 - 2015-02-20 13:34 - 00004048 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1424435655
2015-06-25 20:19 - 2014-04-06 10:47 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-24 22:23 - 2014-06-08 12:55 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-24 22:23 - 2013-12-31 14:12 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-24 22:23 - 2013-12-17 17:14 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-24 22:23 - 2013-12-17 17:14 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-24 22:23 - 2013-12-17 17:14 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-24 22:23 - 2013-12-17 17:14 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-24 22:23 - 2013-12-17 17:14 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-24 21:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-23 13:30 - 2010-11-21 04:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-16 18:35 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-13 16:07 - 2013-12-23 20:26 - 00000000 ___RD C:\Users\Z87XUD5H\Desktop\PHOTO GRAPHICS
2015-06-11 18:58 - 2013-12-23 13:39 - 00000000 ___RD C:\Users\Z87XUD5H\Desktop\SECURITY
2015-06-10 11:36 - 2014-11-13 12:24 - 00000000 __SHD C:\Users\Z87XUD5H\AppData\Local\EmieBrowserModeList
2015-06-10 11:36 - 2014-04-09 13:19 - 00000000 __SHD C:\Users\Z87XUD5H\AppData\Local\EmieUserList
2015-06-10 11:36 - 2014-04-09 13:19 - 00000000 __SHD C:\Users\Z87XUD5H\AppData\Local\EmieSiteList
2015-06-10 03:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 03:10 - 2009-07-14 05:45 - 04926352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 03:06 - 2014-11-13 15:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 03:05 - 2013-12-17 17:55 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:01 - 2013-12-17 17:55 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 21:28 - 2014-04-11 16:49 - 00000000 ____D C:\Users\Z87XUD5H\AppData\Roaming\Origin

==================== Files in the root of some directories =======

2013-12-18 16:11 - 2013-12-18 16:11 - 0802136 _____ (BitTorrent Inc.) C:\Program Files (x86)\uTorrent.exe
2015-06-29 18:30 - 2015-06-29 18:31 - 0000113 _____ () C:\Users\Z87XUD5H\AppData\Roaming\.ptbt0
2015-06-20 17:36 - 2015-06-20 17:36 - 0000132 _____ () C:\Users\Z87XUD5H\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-04-06 11:22 - 2015-07-07 17:06 - 0000021 _____ () C:\Users\Z87XUD5H\AppData\Roaming\config_data.dat
2014-02-02 19:30 - 2014-02-02 19:30 - 0000268 ___RH () C:\Users\Z87XUD5H\AppData\Roaming\Repeat Routines
2015-03-04 19:46 - 2015-07-02 11:58 - 0001456 _____ () C:\Users\Z87XUD5H\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-01-18 01:40 - 2015-01-06 17:34 - 0117702 _____ () C:\Users\Z87XUD5H\AppData\Local\ars.cache
2014-03-11 18:23 - 2015-01-06 17:34 - 0467592 _____ () C:\Users\Z87XUD5H\AppData\Local\census.cache
2014-05-30 15:02 - 2015-01-13 20:49 - 0009216 _____ () C:\Users\Z87XUD5H\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 01:24 - 2014-01-18 01:24 - 0000036 _____ () C:\Users\Z87XUD5H\AppData\Local\housecall.guid.cache
2013-12-20 15:59 - 2015-07-01 21:29 - 0007639 _____ () C:\Users\Z87XUD5H\AppData\Local\resmon.resmoncfg
2014-06-02 13:26 - 2015-01-06 17:29 - 0000010 _____ () C:\Users\Z87XUD5H\AppData\Local\sponge.last.runtime.cache
2014-02-02 19:26 - 2015-07-02 12:10 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2015-04-01 15:31 - 2015-04-01 15:31 - 0000000 _____ () C:\ProgramData\PKP_DLdy.DAT
2014-02-02 19:30 - 2014-02-02 19:30 - 0000268 ___RH () C:\ProgramData\Rock

Some files in TEMP:
====================
C:\Users\Z87XUD5H\AppData\Local\Temp\Quarantine.exe
C:\Users\Z87XUD5H\AppData\Local\Temp\sqlite3.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\expsrv.dll
C:\Windows\System32\nvapi.dll
C:\Windows\System32\nvd3dum.dll
C:\Windows\System32\nvspcap.dll
C:\Windows\System32\nvwgf2um.dll
C:\Windows\System32\VBAJET32.DLL

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 03:25

==================== End of log ============================

 

---------------------------------------------------------------------------------------------------------------------------------------------

 

Here is the FRST Additions log:-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Z87XUD5H at 2015-07-07 17:06:42
Running from C:\Users\Z87XUD5H\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3373236962-3203910689-726919213-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3373236962-3203910689-726919213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3373236962-3203910689-726919213-1002 - Limited - Enabled)
Z87XUD5H (S-1-5-21-3373236962-3203910689-726919213-1000 - Administrator - Enabled) => C:\Users\Z87XUD5H

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B13.0910.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
@BIOS B13.0910.1 (x32 Version: 3.00.0000 - GIGABYTE) Hidden
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
µTorrent (HKU\S-1-5-21-3373236962-3203910689-726919213-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM-x32\...\{ECC3F760-1D99-40F4-8988-7A6F50CE56C5}) (Version: 9.0.0.0 - Ableton)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
ACID Pro 7.0 (HKLM-x32\...\{10B39DCD-0325-49FE-BFBC-8EC011CB7CA8}) (Version: 7.0.653 - Sony)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Alien Skin Bokeh 2 (HKLM\...\Alien Skin Bokeh 2) (Version:  - Alien Skin)
Alien Skin Exposure 5 (HKLM\...\Alien Skin Exposure 5) (Version:  - Alien Skin)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
Antares Hyperprism v1.5.6 DX (HKLM-x32\...\Antares Hyperprism v1.5.6 DX) (Version:  - )
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0417 - Gigabyte)
APP Center (x32 Version: 1.15.0417 - Gigabyte) Hidden
ArKaos GrandVJ 1.6.5 (HKLM-x32\...\{4D7FB91C-F15D-4531-B800-C62AAA820611}) (Version: 1.6.5 - ArKaos)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)
BBE Sonic Maximizer Plugin (HKLM-x32\...\BBE Sonic Maximizer Plugin) (Version:  - )
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.13.0911.1 -  GIGABYTE)
CalMAN Studio (x32 Version: 5.4.0.1816 - SpectraCal, Inc) Hidden
Camel Audio Alchemy (HKLM-x32\...\Camel Audio Alchemy) (Version: 1.25.0 - Camel Audio)
Camera Control Pro 2 (HKLM-x32\...\{FE96C49B-DB90-405E-A00E-09E38372F880}) (Version: 2.0.0 - Nikon)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.3 - NIKON CORPORATION)
Capture NX-D (HKLM\...\{794529D3-D489-4CF2-B2ED-CF241809E5EC}) (Version: 1.0.0 - Nikon)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.4.5110 - Corsair)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\CMIUSB&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Jukebox Driver (HKLM-x32\...\Creative Jukebox Driver) (Version:  - )
Crysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DxO Optics Pro 9 (HKLM\...\{849847D6-9BD9-48E1-B47D-B87141198EDE}) (Version: 9.0.0 - DxO Labs)
EaseUS Data Recovery Wizard 6.1 (HKLM-x32\...\EaseUS Data Recovery Wizard 6.1_is1) (Version:  - EaseUS)
EasyDuplicateFinder v4.5 (HKLM\...\Easy Duplicate Finder 4_is1) (Version:  - WebMinds, Inc.)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
EZSetupN B13.1114.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
EZSetupN B13.1114.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE)
Fast Boot (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FEAR (HKLM-x32\...\{2B653229-9854-4989-B780-D978F5F13EAB}) (Version: 1.00.0000 - Vivendi Universal Games, Inc.)
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Genuine Fractals 6.0 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 6.0 - onOne Software)
GForce impOSCar v1.10 VSTi RTAS (HKLM-x32\...\GForce impOSCar v1.10 VSTi RTAS) (Version:  - )
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.67.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.61.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE OC_GURU II (x32 Version: 1.67.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GMediaMusic - Oddity VST2 (HKLM-x32\...\Oddity VST2) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRM Tools VST v1.0 (HKLM-x32\...\GRM Tools VST) (Version:  - )
GTL 2.0 (HKLM-x32\...\InstallShield_{AE5E0804-27F6-439C-BD0A-0EE9E15EF98D}) (Version: 1.00.0000 - GIGABYTE)
GTL 2.0 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)
HDR Efex Pro 2 (HKLM-x32\...\HDR Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.)
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
ID3 Tag Editor 1.0 (HKLM-x32\...\{671DC096-9262-4943-A3D8-ED8A757B60D5}_is1) (Version:  - ID3TagEditor.com)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Image Trends' Fisheye-Hemi Plug-In 1.2.5 (HKLM-x32\...\{D2F46689-78FD-449E-810D-8C38600F711B}) (Version: 1.2.5 - Image Trends, Inc. )
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) (HKLM\...\ImagenomicNoisewareProPlugin) (Version:  - )
Imagenomic Portraiture 2.1 Plug-in (build 2105) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Imagenomic RealGrain 1.1 Plug-in (build 1103) (HKLM\...\ImagenomicRealGrainPlugin) (Version:  - )
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iZotope Alloy (HKLM-x32\...\iZotope Alloy_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Iris (HKLM-x32\...\iZotope Iris_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar (HKLM-x32\...\iZotope Nectar_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Stutter Edit (HKLM-x32\...\iZotope Stutter Edit_is1) (Version: 1.03 - iZotope, Inc.)
Jupiter-8V2 2.5.2 (HKLM-x32\...\jupiter8v25_is1) (Version: 2.5.2 - Arturia)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-3373236962-3203910689-726919213-1000\...\Kodi) (Version:  - XBMC-Foundation)
Korg Legacy Collection v1.0.0.2 (HKLM-x32\...\Korg Legacy Collection v1.0.0.2) (Version:  - )
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Lexicon PSP 42 VST DX v1.0 (HKLM-x32\...\Lexicon PSP 42 VST DX v1.0) (Version:  - )
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Live 8.0.1 (HKLM-x32\...\Live 8.0.1) (Version:  - )
LoopBe1 - Internal MIDI Port (HKLM-x32\...\LoopBe1) (Version:  - )
LuSH-101 1.1.2 (64bit) (HKLM\...\{47A8E039-235B-4512-9FE4-B5F691F25B31}) (Version: 1.1.2.0 - D16 Group Audio Software)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.708 - Paramount Software (UK) Ltd.) Hidden
MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )
M-Audio Delta Driver 6.0.2 (x64) (HKLM\...\{9CE5F7AE-9D50-4BE6-A32A-00E6914BDB71}) (Version: 6.0.2 - M-Audio)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{68ADAEAA-DABD-45C1-9CC2-F995407549CD}) (Version: 7601 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Native Instruments Absynth 1.3 (HKLM-x32\...\Native Instruments Absynth 1.3) (Version:  - )
Native Instruments Absynth 2 (HKLM-x32\...\Native Instruments Absynth 2) (Version:  - )
Native Instruments Absynth 3 (HKLM-x32\...\Native Instruments Absynth 3) (Version:  - )
Native Instruments Absynth 4 (HKLM-x32\...\Native Instruments Absynth 4) (Version:  - )
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Battery v1.0 (HKLM-x32\...\Native Instruments Battery v1.0) (Version:  - )
Native Instruments Battery v2.1 (HKLM-x32\...\Native Instruments Battery v2.1) (Version:  - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
Native Instruments FM7 (HKLM-x32\...\Native Instruments FM7) (Version:  - )
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - )
Native Instruments Hardware Controller Support (HKLM-x32\...\Native Instruments Hardware Controller Support) (Version:  - Native Instruments)
Native Instruments Lazer Dice (HKLM-x32\...\Native Instruments Lazer Dice) (Version: 1.0.0.5 - Native Instruments)
Native Instruments Maschine 2 (HKLM-x32\...\Native Instruments Maschine 2) (Version: 2.0.5.1057 - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version:  - Native Instruments)
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version:  - )
Native Instruments Metaphysical Function (HKLM-x32\...\Native Instruments Metaphysical Function) (Version:  - )
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor v4.1.3.005 (HKLM-x32\...\Native Instruments Reaktor v4.1.3.005) (Version:  - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS (HKLM-x32\...\Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS) (Version:  - )
NI Reaktor v3to4 TruEmu - OxYGeN (HKLM-x32\...\NI Reaktor v3to4 TruEmu - OxYGeN) (Version:  - )
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OC Button (HKLM-x32\...\InstallShield_{E27E691E-6D86-4BC3-A5AC-E14CFD43CFAD}) (Version: 1.00.0000 - GIGABYTE)
OC Button (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Ohm Force - Mobilohm VST2 (HKLM-x32\...\Mobilohm VST2) (Version:  - )
Ohm Force - Ohmicide VST (HKLM-x32\...\Ohmicide VST) (Version:  - )
Ohm Force - Quad Frohmage VST2 (HKLM-x32\...\Quad Frohmage VST2) (Version:  - )
Ohm Force - Symptohm VST2 (HKLM-x32\...\Symptohm VST2) (Version:  - )
OhmForce Hematohm VST2 (HKLM-x32\...\Hematohm VST2) (Version:  - )
Ohmforce MobilOhm DX v1.0 (HKLM-x32\...\Ohmforce MobilOhm DX v1.0) (Version:  - )
OhmForce Ohmboyz VST2 (HKLM-x32\...\Ohmboyz VST2) (Version:  - )
OhmForce Ohmygod VST2 (HKLM-x32\...\Ohmygod VST2) (Version:  - )
OhmForce Predatohm VST2 (HKLM-x32\...\Predatohm VST2) (Version:  - )
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Opera Stable 30.0.1835.88 (HKU\S-1-5-21-3373236962-3203910689-726919213-1000\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PCM Native Reverb Bundle (HKLM-x32\...\PCM Native Reverb Bundle) (Version:  - Lexicon)
PCM Native Reverb Bundle (x32 Version: 1.1.3 - Lexicon) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1030.0 - Passmark Software)
Photomatix Pro version 3.2.7 (HKLM\...\PhotomatixPro3x32_is1) (Version: 3.2.7 - HDRsoft Sarl)
Picture Control Utility 2 (HKLM\...\{D4893C47-704F-4B84-8486-9DE4974ACA6F}) (Version: 2.0.0 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PSP.Audioware.PSP.84.DX.RTAS.VST.v1.4.1-DAC (HKLM-x32\...\PSP.Audioware.PSP.84.DX.RTAS.VST.v1.4.1-DAC) (Version:  - )
PTGui Pro 9.1.8 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
R-Drive Image (remove only) (HKLM-x32\...\R-Drive Image) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
ReBirth 2.0 (HKLM-x32\...\{427B2195-6A44-4B5F-81A1-135C8918038D}) (Version: 2.0.1 - Propellerhead Software AB)
ReBirth RB-338 2.01 (HKLM-x32\...\ReBirth 2) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
ReCycle 2.0 (HKLM-x32\...\ReCycle 2.0) (Version:  - )
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Renoise 2.8.0 (HKLM-x32\...\Renoise_is1) (Version: 2.8.0 - Renoise)
Sakura (HKLM-x32\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.)
Smart TimeLock B13.0910.1 (HKLM-x32\...\InstallShield_{5D93E30A-78A3-4890-962F-56B61A5873DD}) (Version: 1.00.0001 - GIGABYTE)
Smart TimeLock B13.0910.1 (x32 Version: 1.00.0001 - GIGABYTE) Hidden
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
Sound Forge Pro 10.0 (HKLM-x32\...\{3F9170C9-A7C2-408F-A4D8-EC77250040BF}) (Version: 10.0.368 - Sony)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Steinberg GRM Tools Vol.2 (HKLM-x32\...\Steinberg GRM Tools Vol.2) (Version:  - )
Sylenth1 v2.20 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
SynthMaster 2.5 VST/VSTi (x64) version 2.5.3.109 (HKLM-x32\...\{724D6BD0-88D0-4354-A124-6EE4D36E9EF2}_is1) (Version: 2.5.3.109 - KV331 Audio)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TC|Native Essentials (HKLM-x32\...\TC|Native Essentials) (Version:  - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TL-WN822N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.00.0000 - TP-LINK)
Topaz  InFocus (HKLM-x32\...\Topaz  InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz  InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (64-bit) (HKLM-x32\...\Topaz DeJpeg 4 (64-bit)) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (64-bit) (Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (x32 Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.1.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (Version: 3.1.0 - Topaz Labs) Hidden
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.1.0 - Topaz Labs)
Topaz ReMask 3 (x32 Version: 3.1.0 - Topaz Labs) Hidden
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
T-RackS 3 Deluxe (HKLM-x32\...\{423C4130-EBC3-410A-B3A0-37BBF9D607D5}) (Version: 1.0.0 - IK Multimedia)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viveza 2 (HKLM-x32\...\Viveza 2) (Version: 2.0.0.9 - Nik Software, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Waldorf D-Pole v1.6.2 (HKLM-x32\...\Waldorf D-Pole v1.6.2) (Version:  - )
Waves Complete VST RTAS TDM v7.1.16 (HKLM-x32\...\Waves Complete v7_is1) (Version:  - )
Waves Mercury Bundle (HKLM-x32\...\Waves Mercury Bundle) (Version: 5.0 - Team AiR)
Waves SSL Collection v1.2 (HKLM-x32\...\Waves SSL Collection v1.2) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-3373236962-3203910689-726919213-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Leaf Imaging Ltd. Image  (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010  - Leaf Imaging Ltd.)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
YUV Player Deluxe (HKLM-x32\...\YUV Player Deluxe) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

19-06-2015 08:26:16 Windows Update
24-06-2015 04:33:20 Windows Update
24-06-2015 22:22:10 avast! antivirus system restore point
30-06-2015 12:11:59 Windows Update
05-07-2015 18:41:10 Windows Modules Installer
05-07-2015 18:50:45 Windows Modules Installer
05-07-2015 19:20:19 Windows Modules Installer
06-07-2015 15:16:48 Windows Backup
06-07-2015 17:09:23 Installed Macrium Reflect Free Edition
06-07-2015 19:15:19 1st System Restore Point Created after Disk Migration to 1TB
07-07-2015 16:31:50 Removed Adobe Reader XI (11.0.11).
07-07-2015 16:53:23 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-07-07 15:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13B0F7CC-BA11-4B7E-897E-5AE562C02276} - System32\Tasks\{D809071F-1A6F-41DC-BD23-BE6ACCEE7B2E} => pcalua.exe -a C:\Users\Z87XUD5H\Downloads\hijackthis_sfx\HijackThis.exe -d C:\Users\Z87XUD5H\Downloads\hijackthis_sfx
Task: {1F9CCF98-87E1-4C81-AF0E-BDB8AA505EE1} - System32\Tasks\{18A0F639-9335-4D2D-B8E9-F06C6599D95C} => pcalua.exe -a C:\Users\Z87XUD5H\Downloads\mb_utility_ezsetup_8series.exe -d C:\Users\Z87XUD5H\Downloads
Task: {4E67FDE2-ABF8-4289-AE12-8BFFA23D9A3D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {50319A3C-40FF-4641-858A-636773AF801C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-24] (Avast Software s.r.o.)
Task: {5984513C-8FA5-4C6D-9DAF-4DD23CCF53CA} - System32\Tasks\Opera scheduled Autoupdate 1424435655 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {7002FC62-45E1-4FE0-92E0-0052D869A949} - System32\Tasks\Start CorsairLINK Hardware Monitor => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.exe [2013-08-06] (Corsair Components, Inc.)
Task: {7A0C3DD3-DF0F-47F9-82D3-0B114EF1B298} - System32\Tasks\AdobeAAMUpdater-1.0-Z87XUD5H-PC-Z87XUD5H => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {7D6D135A-1E5C-400E-BF7E-976F64A4DBE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {C09BA507-6AC1-4528-B8C6-F840354E7D8C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {C9F5A6CF-18A2-4D3D-AD90-5D6D27ACF416} - System32\Tasks\{9145E8EF-2443-4A38-B1B0-A30F99EBCD47} => pcalua.exe -a "C:\Program Files (x86)\WinRAR\WinRAR.exe"
Task: {DAB0356A-B269-41D8-A14C-242C158F1A12} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E34FF608-A4C1-45BE-A61D-A21DA7B481B1} - System32\Tasks\Core Temp Autostart Z87XUD5H => C:\Users\Z87XUD5H\Desktop\SYSTEM UTILS\CoreTemp64\Core Temp.exe [2013-10-08] ()
Task: {E5BF7C35-6363-4BEF-B8CD-3EB864C8BF38} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {FAF75D07-6A3C-4E58-AD3F-14595500E7E4} - System32\Tasks\{F7B1E16D-5D28-4A1F-A479-F4CD96C2980A} => pcalua.exe -a "C:\Users\Z87XUD5H\Downloads\OC_GURU II V1.61_B140110.exe" -d C:\Users\Z87XUD5H\Downloads

==================== Loaded Modules (Whitelisted) ==============

2015-01-04 20:58 - 2015-05-12 04:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-14 15:27 - 2015-04-14 15:27 - 00016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2013-06-26 18:06 - 2013-06-26 18:06 - 00018512 _____ () C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
2014-06-02 21:26 - 2014-10-03 13:21 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-02-12 17:29 - 2013-10-08 14:23 - 00890016 _____ () C:\Users\Z87XUD5H\Desktop\SYSTEM UTILS\CoreTemp64\Core Temp.exe
2014-06-26 19:39 - 2014-06-26 19:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 16:57 - 2014-05-16 16:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 19:39 - 2014-06-26 19:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2009-07-27 14:44 - 2009-07-27 14:44 - 00236040 _____ () C:\Windows\SysWOW64\DeltaIITray.exe
2015-06-24 22:23 - 2015-06-24 22:23 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-24 22:23 - 2015-06-24 22:23 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-07 11:32 - 2015-07-07 11:32 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15070700\algo.dll
2014-04-06 11:22 - 2013-07-26 14:33 - 00140288 _____ () C:\Program Files (x86)\Corsair\Corsair Link\UsbClink.dll
2014-06-02 13:34 - 2014-06-02 13:34 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2015-05-27 17:20 - 2015-05-23 02:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-06-02 13:34 - 2014-06-02 13:34 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-06-02 13:34 - 2014-06-02 13:34 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2012-11-28 07:03 - 2012-11-28 07:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EasyTune\ycc.dll
2013-08-23 18:37 - 2013-08-23 18:37 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\EasyTune\MFCCPU.dll
2015-04-11 13:15 - 2015-04-11 13:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-02 13:34 - 2014-06-02 13:34 - 00000000 _____ () C:\Windows\system32\VBAJET32.DLL
2014-06-02 13:34 - 2014-06-02 13:34 - 00000000 _____ () C:\Windows\system32\expsrv.dll
2013-12-23 16:57 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-02 13:34 - 2014-06-02 13:34 - 00000000 _____ () C:\Windows\system32\nvwgf2um.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Z87XUD5H\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
AlternateDataStreams: C:\Users\Z87XUD5H\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3373236962-3203910689-726919213-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Z87XUD5H\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NIHardwareService => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LoopBe1 Monitor.lnk => C:\Windows\pss\LoopBe1 Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Z87XUD5H^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop.scf => C:\Windows\pss\Desktop.scf.Startup
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{87D19F07-9849-498D-85AB-B50280317D4D}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{F65CF67D-FAAE-4679-B3DD-49FCD794A82A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{CF414E57-95C3-4EC2-A700-79247A003015}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{C0067F62-C14D-480E-BB3D-1E12AF788B12}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{4D3628B0-D185-4E53-B58C-E9CD68A6B9A8}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{19466AB8-BA66-4899-A887-ADF98F9E39A2}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{F682F14A-D10F-4342-81E0-3B5FD768FFA3}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{ED8F8345-14D1-411E-B4AB-7ED9AB9549E7}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [TCP Query User{38D6B9F2-DFEA-4D00-AD53-4AE763280FD0}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [UDP Query User{CEBE37E4-12A1-4DAD-95A9-7964635D4D4F}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [TCP Query User{636E1471-C33D-4FCA-8563-4794EF21B341}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{204995FC-EAB2-495D-95DB-4B3ABF3C5583}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [{A14EB5B2-D6BB-4FA2-92DA-F02EFF17E858}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{881110F0-C5D0-4344-955A-2F2BB873F25B}] => (Allow) C:\Program Files (x86)\Sierra\FEAR\FEAR.exe
FirewallRules: [{E6DEF399-AAF2-4EED-B2D3-44E7DD47CC53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D965FBF4-8445-4B1B-AA66-B060A7F148A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0C29ABA9-BEF8-43F9-94C2-88F58727EC70}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B6DB3A31-D6C5-4AD8-A52F-A14E8D3E96BD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CBEB9B72-3261-44B1-8F6C-1ED49FFDD226}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07E6E459-9E2F-48AB-B71A-2652D0EA7AAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{1D16E1B1-15E3-4361-9C4E-178FE75931EC}C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe] => (Block) C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe
FirewallRules: [UDP Query User{EBDDBC36-1E31-4542-9994-CD8C0E1F933D}C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe] => (Block) C:\program files (x86)\arkaos grandvj 1.6.5\grandvj.exe
FirewallRules: [TCP Query User{7BA7A86D-78E4-40D0-A2F8-F6F408D093E3}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{CA71F60D-F0C3-475D-A458-4B603EB723A9}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{45DCD781-0AA2-4A1D-9286-0045887589C5}] => (Block) %ProgramFiles%\Nik Software\HDR Efex Pro 2\HDR Efex Pro 2.exe
FirewallRules: [{CEDB9CC5-1A43-45B8-8D5D-ACB027606317}] => (Block) %ProgramFiles%\Nik Software\HDR Efex Pro 2\HDR Efex Pro 2.exe
FirewallRules: [{22A9E818-DEF1-4D8C-B533-2D4A2B74AFFF}] => (Block) %ProgramFiles%\Nik Software\Viveza 2\Viveza 2.exe
FirewallRules: [{5A3C0F4C-2601-4A79-B3F6-0AB3377DAF41}] => (Block) %ProgramFiles%\Nik Software\Viveza 2\Viveza 2.exe
FirewallRules: [{1E6F3DCD-F051-4F9D-96A9-6E4C3C7A3334}] => (Block) %ProgramFiles%\Nikon\Capture NX 2\Capture NX 2.exe
FirewallRules: [{CF59248E-EB6D-4A3F-852E-8A5A1BA61565}] => (Block) %ProgramFiles%\Nikon\Capture NX 2\Capture NX 2.exe
FirewallRules: [{7CDD3875-1A93-4F1A-A395-A509434CB312}] => (Block) %ProgramFiles%\DxO Labs\DxO Optics Pro v9\DXOOpticsPro.exe
FirewallRules: [{CA1E2B6C-F562-439C-B252-4A7B16BB345D}] => (Block) %ProgramFiles%\DxO Labs\DxO Optics Pro v9\DXOOpticsPro.exe
FirewallRules: [{362E2483-7208-4B7D-8C95-FBD88680DCD9}] => (Block) %SystemDrive%\Sound Utilities\Programs\FL Studio 11\FL.exe
FirewallRules: [{0DDF5E76-4D7B-4DEC-B6B0-022E5FFE0603}] => (Block) %SystemDrive%\Sound Utilities\Programs\FL Studio 11\FL.exe
FirewallRules: [{3B4A6B4E-7842-4E0F-8E63-22F01AB093AD}] => (Block) %ProgramFiles%\Alien Skin\Exposure 5\Alien Skin Exposure 5 x64.exe
FirewallRules: [{ECE7E67E-CEE6-43F0-A8FF-9B2B103BB2EA}] => (Block) %ProgramFiles%\Alien Skin\Exposure 5\Alien Skin Exposure 5 x64.exe
FirewallRules: [{EA788277-0599-4566-B225-8D129D477A32}] => (Block) %ProgramFiles% (x86)\Alien Skin\Exposure 5\Alien Skin Exposure 5.exe
FirewallRules: [{4F2EFF4F-A8B8-4C69-9CD8-7CBB7E2A7AD6}] => (Block) %ProgramFiles% (x86)\Alien Skin\Exposure 5\Alien Skin Exposure 5.exe
FirewallRules: [{B5053A7E-64D8-4C58-8186-1ECB0630C4F5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{517B609E-C161-4CDB-9F47-27F439516EB4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5CE63DA2-F093-4817-9E4C-AA2839D9A000}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FFC773F2-B6AE-46D8-9CDC-C9A9EACDDC1A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{89EB8942-8C50-4DEA-AED1-4F4038AEBA1D}] => (Block) LPort=10322
FirewallRules: [{06448C18-F4BB-4BEE-BC38-2743E639951C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{72E2E2C5-663A-46F2-9944-D5F1395C38A7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{A5DB674D-4908-4E51-A0F3-62DEAE62FEC3}] => (Block) LPort=65371
FirewallRules: [{6675EA86-5A48-4427-BB62-34FFEDAF4FBE}] => (Block) LPort=49225
FirewallRules: [{30F7EB5D-47B6-409A-A9B9-89EF35222313}] => (Block) LPort=50312
FirewallRules: [TCP Query User{3F819295-A42B-4CA7-A501-0A69E540C060}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{1D5678AA-0DD0-4494-BB03-FE9EC187C3DD}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{7F15C629-857D-4E1B-AB5F-08166F9C5ABF}C:\program files\perfectplayer\jre\bin\javaw.exe] => (Allow) C:\program files\perfectplayer\jre\bin\javaw.exe
FirewallRules: [UDP Query User{96D2A78A-9A93-49AF-ADF6-63E9C326F354}C:\program files\perfectplayer\jre\bin\javaw.exe] => (Allow) C:\program files\perfectplayer\jre\bin\javaw.exe
FirewallRules: [{17310842-EFC1-4A2C-8A70-2DD7126BB779}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{E0B712BC-568F-4B32-9ED8-55E5273D6DF9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{53FEE7A9-7E83-4B34-9DD4-048A30F3422C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{4AB8F421-D7CF-46D7-AAEA-C644AA854960}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{2E6A8A15-1327-4A21-B51A-768431774B99}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{11B870DA-5B60-4837-86D2-FF56AD03D3EB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{220A1C5B-DB9F-46C4-89A6-59CBD2839516}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{566CF645-DC87-4DB6-8AD6-28AA2F01C6FF}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

==================== Faulty Device Manager Devices =============

Name: Intel® I210 Gigabit Network Connection
Description: Intel® I210 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1rexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: nerds.de LoopBe1 - Internal Midi Port (WDM)
Description: nerds.de LoopBe1 - Internal Midi Port (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: nerds.de GbR
Service: LoopBeMidi1
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2015 04:48:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2015 04:11:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2015 03:35:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2015 03:21:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 07:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 07:18:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 07:03:14 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2015 07:03:14 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2015 07:03:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/06/2015 07:03:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (07/07/2015 04:47:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athExt.dll
Error Code: 126

Error: (07/07/2015 04:47:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/07/2015 04:46:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/07/2015 04:46:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Smart TimeLock Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (07/07/2015 04:46:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/07/2015 04:46:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/07/2015 04:46:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/07/2015 04:46:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/07/2015 04:46:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/07/2015 04:46:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-07-07 15:58:43.289
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-07 15:58:43.258
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16337 MB
Available physical RAM: 12957.25 MB
Total Virtual: 24527.21 MB
Available Virtual: 20942.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:540.07 GB) NTFS
Drive d: (SATA-300) (Fixed) (Total:279.47 GB) (Free:116.05 GB) NTFS
Drive e: (SATA2-250-1) (Fixed) (Total:232.88 GB) (Free:53.29 GB) NTFS
Drive f: (SATA2-250-2) (Fixed) (Total:232.88 GB) (Free:20.85 GB) NTFS
Drive g: () (Fixed) (Total:465.54 GB) (Free:44.66 GB) NTFS
Drive h: (SATA2-250-16) (Fixed) (Total:232.88 GB) (Free:23.91 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

I created a Fixlog.txt and ran it, here are the results from that:-

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Z87XUD5H at 2015-07-07 17:37:18 Run:1
Running from C:\Users\Z87XUD5H\Desktop
Loaded Profiles: Z87XUD5H (Available Profiles: Z87XUD5H & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
*****************

Could not move "C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-07 17:39:46)<=

"C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm" => Could not move

==== End of Fixlog 17:39:46 ====

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

I am concerned about the following entries

 

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Z87XUD5H\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
AlternateDataStreams: C:\Users\Z87XUD5H\My Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

How do these logs look to you?

 

I use a closed loop cooling system for my CPU I have a temperature profile curve enabled it suddenly ramps up on its own sometimes.

 

I used Process Explorer to see what could cause it, I found 2 entries of dllhost.exe which disappeared and then conhost.exe appeared so I decided to close it (process) down, I have noticed these 2 culprits a few times.

 

My CPU fan then went back to normal after terminating it, does anything in the above logs look out of place?

 

Would be grateful for any help regarding this matter....Thanks.


Edited by rworx, 07 July 2015 - 01:40 PM.


BC AdBot (Login to Remove)

 


#2 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 10 July 2015 - 04:23 PM

Delete this thread now if you want...


Edited by rworx, 11 July 2015 - 06:53 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 11 July 2015 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3373236962-3203910689-726919213-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Avast Online Security) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
R3 ALSysIO; \??\C:\Users\Z87XUD5H\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#4 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 12 July 2015 - 03:41 PM

Hi, thanks a lot for the help 1st of all

 

The computer is running OK in general but as I said earlier the fan keeps unnecessarily ramping up now and again, I really don't think there is a hardware fault..

 

Even if I log out of my account and physically remove the TP-link adaptor I use to extend the WIFI, there is strange activity normally (roughly) around 1am and 5 am GMT, it can also happen during the day for no reason I can think of.

 

One thing that is odd to me is I am pretty sure I have never installed chrome, as I am not a fan of it and also I don't think I have ever installed Firefox on this system.

 

Anyway I did what you said and here is the log.

 

---------------------------------------------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Z87XUD5H at 2015-07-12 21:24:35 Run:3
Running from C:\Users\Z87XUD5H\Desktop
Loaded Profiles: Z87XUD5H (Available Profiles: Z87XUD5H & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3373236962-3203910689-726919213-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Avast Online Security) - C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-11]
R3 ALSysIO; \??\C:\Users\Z87XUD5H\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP6\WNt500x64\Sandra.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3373236962-3203910689-726919213-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => key removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
ALSysIO => Service stopped successfully.
ALSysIO => Service removed successfully
catchme => Service not found.
GPUZ => Service not found.
Mv_Process => Service not found.
SANDRA => Service not found.
WinRing0_1_2_0 => Service stopped successfully.
WinRing0_1_2_0 => Service removed successfully
EmptyTemp: => 2.5 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-12 21:27:34)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move

==== End of Fixlog 21:27:35 ====



#5 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 12 July 2015 - 04:12 PM

There's a lot of disk activity in resource monitor from Imagestore.dat...Internet explorer...and webcache.dat

 

and NTFS volume log.... other than typing this my computer is generally idle.

 

also IE/low content (hash looking numbers) ...one is a .js file

 

PREFETCHSEARCHFILTERHOST...sorry it was in caps

 

probably legit stuff I best stop looking...



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 13 July 2015 - 07:14 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#7 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 July 2015 - 11:19 AM

I have also pasted a Malwarebytes log I ran after Zoek rebooted...I did not delete any of it's results though. I am happy to remove the whole program that is showing PUP's.

 

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Z87XUD5H on 13/07/2015 at 16:30:32.13.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Z87XUD5H\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13/07/2015 16:32:28 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\DivX deleted successfully
C:\PROGRA~2\Futuremark deleted successfully
C:\PROGRA~2\Marvell deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Native Instruments deleted successfully
C:\PROGRA~2\Runtime Software deleted successfully
C:\PROGRA~2\VS Revo Group deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\Program Files\onOne Software deleted successfully
C:\Program Files\Topaz Labs deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\PROGRA~3\Nalpeiron deleted successfully
C:\PROGRA~3\{ECD5EDEB-48B5-47BB-BD2E-1F95422B2C33} deleted successfully
C:\Users\Z87XUD5H\AppData\Roaming\Audio Ease deleted successfully
C:\Users\Z87XUD5H\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Z87XUD5H\AppData\Roaming\NetMedia Providers deleted successfully
C:\Users\Z87XUD5H\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Z87XUD5H\AppData\Roaming\SynthMaker deleted successfully
C:\Users\Z87XUD5H\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Z87XUD5H\AppData\Local\EmieSiteList deleted successfully
C:\Users\Z87XUD5H\AppData\Local\EmieUserList deleted successfully
C:\Users\Z87XUD5H\AppData\Local\Ubisoft Game Launcher deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3373236962-3203910689-726919213-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A01CC1F6-2BF6-4E8B-91E2-870C73072911} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\DivX not found
C:\PROGRA~2\Futuremark not found
C:\PROGRA~2\Marvell not found
C:\PROGRA~2\Native Instruments not found
C:\PROGRA~2\Runtime Software not found
C:\PROGRA~2\VS Revo Group not found
C:\PROGRA~3\{ECD5EDEB-48B5-47BB-BD2E-1F95422B2C33} not found
C:\PROGRA~2\ID3 Tag Editor deleted
C:\PROGRA~3\DivX deleted
C:\Maschine 2.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Z87XUD5H\AppData\Roaming\.ptbt0" deleted
"C:\Users\Z87XUD5H\AppData\Roaming\Repeat Routines" deleted
"C:\ProgramData\Rock" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [24/06/2015 22:23]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Z87XUD5H\AppData\Roaming\Mozilla\Firefox\Profiles\jgzt6206.default
- SeoQuake - %ProfilePath%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
- SEO Doctor - %ProfilePath%\extensions\seodoctor@prelovac.com.xpi

==== Firefox Plugins ======================

==== Chromium Look ======================

Chrome Hotword Shared Module - Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{DD17E003-B79F-4510-90E9-365A9E9530AD} Google  Url="https://www.google.com/search?q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Z87XUD5H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Z87XUD5H\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Z87XUD5H\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Z87XUD5H\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=75 folders=45 239335862 bytes)

==== Empty Temp Folders ======================

C:\Users\admin\AppData\Local\temp emptied successfully
C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Z87XUD5H\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Z87XUD5H\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 13/07/2015 at 16:43:16.08 ======================

 

 

Heres the Malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/07/2015
Scan Time: 16:59
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.13.03
Rootkit Database: v2015.07.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Z87XUD5H

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 499400
Time Elapsed: 10 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MultiPlug.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Native Instruments Maschine Controller Driver, , [dd6a14cd7b0fe056592f0e808e76738d],
PUP.Optional.MultiPlug.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}, , [dd6a14cd7b0fe056592f0e808e76738d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}, , [dd6a14cd7b0fe056592f0e808e76738d],

Files: 7
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\Maschine Controller Driver Setup.dat, , [dd6a14cd7b0fe056592f0e808e76738d],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\instance.dat, , [dd6a14cd7b0fe056592f0e808e76738d],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\Maschine Controller Driver Setup.exe, , [dd6a14cd7b0fe056592f0e808e76738d],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\Maschine Controller Driver Setup.msi, , [dd6a14cd7b0fe056592f0e808e76738d],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\Maschine Controller Driver Setup.par, , [dd6a14cd7b0fe056592f0e808e76738d],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\Maschine Controller Driver Setup.res, , [dd6a14cd7b0fe056592f0e808e76738d],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}\mia.lib, , [dd6a14cd7b0fe056592f0e808e76738d],

Physical Sectors: 0
(No malicious items detected)

(end)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 13 July 2015 - 01:29 PM

Remove everything found by Malwarebytes.

===

How is the computer running now?

#9 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 17 July 2015 - 10:48 AM

Removed everything found by malwarebytes,,,It's still the same though, is there much more than can be done?

 

I'm thinking of just using Linux for internet stuff when its left switched on over night and use win 7 for anything non internet related.

 

I'm guessing it may be legitimate windows processes causing it.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 17 July 2015 - 01:25 PM

This may help identifying the culprit.

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

#11 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 20 July 2015 - 10:27 AM

Ahhhh I totally forgot about that, I haven't used it since XP days.

 

I have just done it now and will restart,

 

I did notice quite a few unnecessary services in there that load on start up.

 

If all goes well, I will re enable all services except the unnecessary ones, some I will disable others switch to manual, I will then hopefully have solved the problem.

 

Will report back with the outcome in 2-3 days.

 

Thanks.



#12 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 22 July 2015 - 03:30 PM

Just had a BSOD winsys32

 

Heres the debug info.

 

-----------------

 

Microsoft ® Windows Debugger Version 6.3.9600.17029 AMD64
Copyright © Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\072215-23103-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.18798.amd64fre.win7sp1_gdr.150316-1654
Machine Name:
Kernel base = 0xfffff800`03660000 PsLoadedModuleList = 0xfffff800`038a5890
Debug session time: Wed Jul 22 20:47:01.632 2015 (UTC + 1:00)
System Uptime: 0 days 7:44:32.986
Loading Kernel Symbols
...............................................................
................................................................
.......................................................
Loading User Symbols
Loading unloaded module list
........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {fffff900bb6f345f, 1, fffff960001509a7, 2}

Could not read faulting driver name
Probably caused by : hardware ( win32k!xxxCallHook2+33b )

Followup: MachineOwner
---------

6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffff900bb6f345f, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff960001509a7, If non-zero, the instruction address which referenced the bad memory
 address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------

Could not read faulting driver name

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff8000390f100
GetUlongFromAddress: unable to read from fffff8000390f1c0
 fffff900bb6f345f

FAULTING_IP:
win32k!xxxCallHook2+33b
fffff960`001509a7 008b4f4483f9    add     byte ptr [rbx-67CBBB1h],cl

MM_INTERNAL_CODE:  2

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  iexplore.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17029 (debuggers(dbg).140219-1702) amd64fre

TRAP_FRAME:  fffff8800bc4d5e0 -- (.trap 0xfffff8800bc4d5e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000bc5f9fd rbx=0000000000000000 rcx=0000000000001000
rdx=fffff900c1fe9610 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960001509a7 rsp=fffff8800bc4d770 rbp=fffff8800bc4db60
 r8=fffff900c1ebf010  r9=fffff8800bc4da98 r10=0000000000000001
r11=0000000000000003 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
win32k!xxxCallHook2+0x33b:
fffff960`001509a7 008b4f4483f9    add     byte ptr [rbx-67CBBB1h],cl ds:ffffffff`f983444f=??
Resetting default scope

MISALIGNED_IP:
win32k!xxxCallHook2+33b
fffff960`001509a7 008b4f4483f9    add     byte ptr [rbx-67CBBB1h],cl

LAST_CONTROL_TRANSFER:  from fffff8000374d5fb to fffff800036d2a40

STACK_TEXT: 
fffff880`0bc4d478 fffff800`0374d5fb : 00000000`00000050 fffff900`bb6f345f 00000000`00000001 fffff880`0bc4d5e0 : nt!KeBugCheckEx
fffff880`0bc4d480 fffff800`036d0b6e : 00000000`00000001 fffff900`bb6f345f 00000000`00000100 fffff900`c1ebf010 : nt! ?? ::FNODOBFM::`string'+0x402d6
fffff880`0bc4d5e0 fffff960`001509a7 : fffff900`c1ebf010 fffffa80`14e8f578 00000000`00000000 00000000`00000001 : nt!KiPageFault+0x16e
fffff880`0bc4d770 fffff960`0015065f : fffff900`c1ebf203 fffff900`00000000 00000000`00000001 fffff880`0bc4da98 : win32k!xxxCallHook2+0x33b
fffff880`0bc4d8e0 fffff960`0018c90f : fffff900`c1ebf010 fffff880`0bc4da98 00000000`00000000 00000000`00000000 : win32k!xxxCallHook+0x37
fffff880`0bc4d930 fffff960`0018ccb5 : 00000000`00000000 fffff800`000025ff 00000000`00000000 fffffa80`ffffffff : win32k!xxxRealInternalGetMessage+0x53f
fffff880`0bc4da10 fffff960`0018e6ff : 00000000`7efa1000 00000000`0000461e fffff880`0bc4db60 fffff800`036dce42 : win32k!xxxInternalGetMessage+0x35
fffff880`0bc4da50 fffff800`036d1cd3 : fffffa80`14e8f470 00000000`7efa1000 00000000`00000020 00000000`74d9aeac : win32k!NtUserGetMessage+0x8b
fffff880`0bc4dae0 00000000`74dbfe8a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`02cee6d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74dbfe8a

STACK_COMMAND:  kb

FOLLOWUP_IP:
win32k!xxxCallHook2+33b
fffff960`001509a7 008b4f4483f9    add     byte ptr [rbx-67CBBB1h],cl

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  win32k!xxxCallHook2+33b

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  hardware

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION:  6.1.7601.18906

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  X64_IP_MISALIGNED

BUCKET_ID:  X64_IP_MISALIGNED

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_ip_misaligned

FAILURE_ID_HASH:  {45769616-fd06-8c70-4b8b-74a01eddc0cd}

Followup: MachineOwner
---------

6: kd> lmvm hardware
start             end                 module name
6: kd> .trap 0xfffff8800bc4d5e0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000bc5f9fd rbx=0000000000000000 rcx=0000000000001000
rdx=fffff900c1fe9610 rsi=0000000000000000 rdi=0000000000000000
rip=fffff960001509a7 rsp=fffff8800bc4d770 rbp=fffff8800bc4db60
 r8=fffff900c1ebf010  r9=fffff8800bc4da98 r10=0000000000000001
r11=0000000000000003 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na pe nc
win32k!xxxCallHook2+0x33b:
fffff960`001509a7 008b4f4483f9    add     byte ptr [rbx-67CBBB1h],cl ds:ffffffff`f983444f=??



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 23 July 2015 - 07:27 AM

This problem can be caused by a few things.
Read about it.

Bug Check 0x50: PAGE_FAULT_IN_NONPAGED_AREA
https://msdn.microsoft.com/en-ca/library/windows/hardware/ff559023(v=vs.85).aspx

===

Looking at the Parameter 3 I suspect that you have bad RAM.
Arg3: fffff960001509a7, If non-zero, the instruction address which referenced the bad memory

This is not caused by malware and not my forte.

I suggest you start a new topic in the Internal Hardware forum and post you last log.
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

An expert should be able to guide you better than I can.

I will leave this topic open for 5 days. If you need to return please do.

#14 rworx

rworx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 27 July 2015 - 04:06 PM

Nasdaq your suggestions have sorted my problem out, the last one where I disabled unnecessary services seemed to do the trick.

 

Thanks a lot for your help, I really appreciate it, I've had some good advice from this forum over the years just from google searches, so knew it was the best place to ask questions.

 

Just one more thing, do I need to remove the following or can I keep them for future investigations?

 

Zoek, Combofix FRST, ADW Cleaner, TFC and Security Check.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 28 July 2015 - 06:31 AM

You should keep FRST. Use this tool from now on to report problems.

ADW I would keep and run it every time I installed 3rd party software.
These programs normally comes with unwanted programs that you did not ask for.

Remove Combofix using the instructions on this page.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The other tools you can just delete the folder.

===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users