Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis log file review support request


  • This topic is locked This topic is locked
8 replies to this topic

#1 peaceandquiet

peaceandquiet

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 11 July 2015 - 04:43 AM

Hello,

I'm just cleaning up my computer and ensuring i don't have any unwanted viruses/malware/spyware/etc infecting my computer at the moment.

I've ran spybot search & destroy, and fixed the issues it raised at the end of the report.

I've also ran a few recent Malware Antibytes scans that are now returning no issues.

However my concern is that sometimes these programs miss things or dont catch everything, thats why i've ran the hijackthis program again. It helped me clear a virus previously that spybot and malware bytes were unable to fix.

 

 

basically what i've done is: download hijack this, go offline, and ran the program as administrator then saved the log file.

I was just hoping i could get someone to look over the log file and advise me as to whether there is anything listed that is a concern?

Thanks! :)

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 11 July 2015 - 11:25 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 peaceandquiet

peaceandquiet
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 12 July 2015 - 05:59 PM

HI Jurgen,

 

Thanks for helping with this.

I ran FRST, and here are the logs as requested:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by flynn (administrator) on FLYNN-PC on 13-07-2015 08:56:10
Running from C:\Users\flynn\Desktop
Loaded Profiles: flynn (Available Profiles: flynn)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\flynn\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PureVPN) C:\Program Files (x86)\PureVPN\purevpn.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) G:\Programs\LG Power Tools\Power2Go\CLMLSvc.exe
(CyberLink Corp.) G:\Programs\LG Power Tools\PowerDVD8\PDVD8Serv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitLeader) G:\Programs\LG Power Tools\lg tool kit\fwupdate.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => G:\Programs\LG Power Tools\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => G:\Programs\LG Power Tools\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => G:\Programs\LG Power Tools\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => G:\Programs\LG Power Tools\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => G:\Programs\LG Power Tools\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => G:\Programs\LG Power Tools\lg tool kit\lgfw.exe [27760 2014-09-14] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => G:\Programs\LG Power Tools\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3207680 2015-05-20] (GoPro)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\...\MountPoints2: {ae4037b5-d3aa-11e3-9b43-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-06] (Microsoft Corporation)
Startup: C:\Users\flynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2015-04-16]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{FF6AB816-F67B-4A4E-A0DE-C1DC0762D365}: [NameServer] 8.8.8.8,208.67.222.222
Tcpip\..\Interfaces\{FF6AB816-F67B-4A4E-A0DE-C1DC0762D365}: [DhcpNameServer] 10.1.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\zfggq87z.default
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2014-04-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Extension: Ghostery - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\zfggq87z.default\Extensions\firefox@ghostery.com.xpi [2014-05-04]

Chrome:
=======
CHR Profile: C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Google Wallet) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-22] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2014-09-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-09-30] (Creative Technology Ltd) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 MBAMScheduler; G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2015-01-28] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-19] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [271760 2009-04-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2013-04-19] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 08:56 - 2015-07-13 08:56 - 00016557 _____ C:\Users\flynn\Desktop\FRST.txt
2015-07-13 08:55 - 2015-07-13 08:56 - 00000000 ____D C:\FRST
2015-07-13 08:53 - 2015-07-13 08:53 - 02133504 _____ (Farbar) C:\Users\flynn\Desktop\FRST64.exe
2015-07-11 19:22 - 2015-07-11 19:22 - 00014119 _____ C:\Users\flynn\Desktop\hijackthis.log
2015-07-11 19:12 - 2015-07-11 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\flynn\Desktop\HijackThis(2).exe
2015-07-09 18:48 - 2015-06-17 16:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-09 18:47 - 2015-07-09 18:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-09 18:47 - 2015-06-17 19:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-09 18:47 - 2015-06-17 19:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-09 18:47 - 2015-06-17 19:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-09 18:40 - 2015-05-19 13:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-09 18:40 - 2015-05-19 13:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-06 14:25 - 2015-07-09 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 22:14 - 2015-07-05 22:14 - 00000068 _____ C:\Users\flynn\Desktop\pats emails.txt
2015-07-05 14:40 - 2015-07-05 21:16 - 00000000 ____D C:\Users\flynn\Documents\The Witcher 3
2015-07-01 19:29 - 2015-07-01 19:29 - 00000000 ____D C:\Users\flynn\AppData\Local\Steam
2015-06-30 19:25 - 2015-06-30 19:34 - 00000000 ____D C:\Users\flynn\Desktop\BRENOS SHIAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 08:55 - 2014-05-30 22:27 - 01649130 _____ C:\Windows\WindowsUpdate.log
2015-07-13 08:51 - 2015-04-16 22:11 - 00000000 ____D C:\ProgramData\purevpn
2015-07-13 08:51 - 2014-09-14 10:49 - 00000376 _____ C:\Windows\lgfwup.ini
2015-07-13 08:51 - 2014-09-14 10:46 - 00000000 ____D C:\Users\flynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools
2015-07-13 08:51 - 2014-05-30 22:25 - 00110049 _____ C:\Windows\setupact.log
2015-07-13 08:51 - 2014-05-04 12:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-13 08:51 - 2014-05-04 10:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 08:51 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 03:00 - 2009-07-14 14:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 03:00 - 2009-07-14 14:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 02:55 - 2014-05-04 13:44 - 00000000 ____D C:\Users\flynn\AppData\Local\Battle.net
2015-07-13 02:34 - 2014-05-04 10:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 02:26 - 2014-12-12 18:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 05:37 - 2009-07-14 15:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-11 22:05 - 2014-05-04 14:17 - 00000000 ____D C:\Users\flynn\AppData\Roaming\foobar2000
2015-07-11 17:37 - 2014-05-20 22:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 16:59 - 2014-05-20 22:28 - 00000791 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 16:59 - 2014-05-20 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 16:37 - 2014-10-19 13:03 - 00018885 _____ C:\Users\flynn\Desktop\good tunes.txt
2015-07-11 05:03 - 2014-05-04 13:25 - 00000000 ____D C:\Users\flynn\AppData\Roaming\uTorrent
2015-07-10 20:26 - 2014-12-12 18:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 20:26 - 2014-05-04 14:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-10 20:26 - 2014-05-04 14:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 19:18 - 2014-05-04 12:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-09 18:49 - 2014-09-14 10:50 - 00000000 ____D C:\Temp
2015-07-09 18:49 - 2014-05-04 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-09 18:48 - 2014-05-04 12:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-09 18:41 - 2014-05-04 12:48 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-09 18:35 - 2014-07-23 18:33 - 00179670 _____ C:\Windows\PFRO.log
2015-07-09 18:35 - 2014-05-10 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-08 05:37 - 2014-05-04 10:19 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-29 21:38 - 2015-06-06 10:25 - 00000000 ____D C:\Users\flynn\AppData\Roaming\GoPro
2015-06-29 21:28 - 2015-06-06 10:24 - 00000000 ____D C:\Users\Public\CineForm
2015-06-27 05:12 - 2014-05-04 16:53 - 00000000 ____D C:\Users\flynn\AppData\Local\CrashDumps
2015-06-24 21:36 - 2014-09-22 22:25 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-24 21:36 - 2014-09-22 22:25 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-24 21:36 - 2014-05-04 13:16 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-24 21:36 - 2014-05-04 13:16 - 01320120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-18 08:41 - 2014-05-20 22:28 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-05-20 22:28 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-05-20 22:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 19:10 - 2015-02-28 12:39 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-17 19:10 - 2014-05-04 12:47 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-17 16:48 - 2014-05-04 12:47 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 16:48 - 2014-05-04 12:47 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-15 23:21 - 2015-03-24 20:55 - 00000895 _____ C:\Users\flynn\Desktop\TO DO LIST.txt
2015-06-15 18:17 - 2014-05-04 14:20 - 00000000 ____D C:\Program Files\PeerBlock

==================== Files in the root of some directories =======

2014-09-22 22:32 - 2014-09-22 22:32 - 0000036 _____ () C:\Users\flynn\AppData\Roaming\MTScdAgt.dat
2014-09-23 13:36 - 2014-09-23 13:36 - 0007618 _____ () C:\Users\flynn\AppData\Local\Resmon.ResmonCfg
2014-05-30 20:54 - 2014-05-30 20:54 - 0126141 _____ () C:\ProgramData\1401446094.bdinstall.bin
2014-05-04 10:27 - 2014-05-04 10:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-22 21:13 - 2010-01-14 17:00 - 0000235 _____ () C:\ProgramData\UDATHXD.ini

Some files in TEMP:
====================
C:\Users\flynn\AppData\Local\Temp\CTPBSeq.exe
C:\Users\flynn\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\flynn\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 00:02

==================== End of log ============================

 

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by flynn at 2015-07-13 08:56:30
Running from C:\Users\flynn\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1457570109-1059728803-1889502381-500 - Administrator - Disabled)
flynn (S-1-5-21-1457570109-1059728803-1889502381-1000 - Administrator - Enabled) => C:\Users\flynn
Guest (S-1-5-21-1457570109-1059728803-1889502381-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1457570109-1059728803-1889502381-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Any Audio Converter 4.0.6 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{9D29D67C-315D-46A1-A3A9-3CAF24871578}) (Version: 1.0.022 - ASUSTek Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.11.002 - Portrait Displays, Inc.)
DNS Leak Fix for OpenVPN version 1.2 (HKLM-x32\...\{8CFA1D01-AECD-4913-9FB8-1E8A82F47824}_is1) (Version: 1.2 - dnsleaktest.com)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoPro App (x32 Version: 0.1.443 - GoPro, Inc.) Hidden
GoPro Studio 2.5.5 (HKLM-x32\...\{5d43231e-c765-405a-a122-81de16acd8b4}) (Version: 2.5.5.443 - GoPro, Inc.)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.55.55 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{88FD4472-F950-4083-A6FA-A829AC785B04}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kvisoft Data Recovery1.5.2 (HKLM-x32\...\Kvisoft Data Recovery_is1) (Version: 1.5.2 - Kvisoft Co.,Ltd.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LG CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3325 - CyberLink Corp.)
LG CyberLink Power2Go (x32 Version: 6.2.3325 - CyberLink Corp.) Hidden
LG CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.5529 - CyberLink Corp.)
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815d - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 8.0.2815d - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2130 - CyberLink Corp.) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LG Power Tools (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
LG Power Tools (x32 Version: 6.0.3316 - CyberLink Corp.) Hidden
Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.5 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Pivot Pro Plugin (x32 Version: 9.61.004 - Portrait Displays, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 4.0.0.0 - PureVPN)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SDK (x32 Version: 2.40.007 - Portrait Displays, Inc.) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1457570109-1059728803-1889502381-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\flynn\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1457570109-1059728803-1889502381-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\flynn\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1457570109-1059728803-1889502381-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\flynn\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1457570109-1059728803-1889502381-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\flynn\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1457570109-1059728803-1889502381-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\flynn\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-01-10 13:07 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {094988D7-D762-4C53-B534-09997B8F8DD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {14E77DDF-BB55-4E50-A5E7-F44C2108BB91} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {21C1603D-BBD5-49C2-99EA-5AACCCFB281B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {2459DD8A-C088-45F2-A36C-CFAD937EC135} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {3A68CCAB-CAAC-4111-A293-AAA8D3D3662D} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-02-02] (Hewlett-Packard Co.)
Task: {429E4742-D005-4CCB-B525-73B419B321FB} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HpWebReg.exe [2010-02-02] (Hewlett-Packard Co.)
Task: {5C383DBD-5758-4D33-BB9B-B46057A306D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {D0184853-FDCD-4A72-9ECA-F9110C46DD8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
Task: {D0E97387-01CA-43A9-BE87-164A9FEA9F29} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {E064510D-65EA-47D6-8E45-A1488FBAF668} - System32\Tasks\{E5CDCAE2-DD6D-41A2-A101-CE3FDD0D1F25} => pcalua.exe -a C:\Users\flynn\Downloads\wlsetup-web(1).exe -d C:\Users\flynn\Downloads
Task: {FB23DCEB-BC6D-4B8F-8FEA-A7F1F5DF7F46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-18] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-04 12:47 - 2015-06-17 16:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-05-19 05:06 - 2014-05-19 05:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-14 10:47 - 2009-04-16 00:56 - 00271760 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2014-05-15 19:54 - 2013-06-18 12:26 - 00677160 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
2014-05-15 19:54 - 2013-06-18 12:26 - 00714024 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-30 20:42 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-30 20:42 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-30 20:42 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-30 20:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-30 20:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-07-09 18:41 - 2015-06-24 21:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () G:\Programs\LG Power Tools\Power2Go\CLMediaLibrary.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () G:\Programs\LG Power Tools\Power2Go\CLMLSvcPS.dll
2014-09-22 21:13 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-09-22 21:13 - 2009-10-02 16:07 - 00176128 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-09-22 21:13 - 2010-11-25 15:21 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2015-05-20 09:59 - 2015-05-20 09:59 - 02291712 _____ () C:\Program Files (x86)\GoPro\Tools\Importer\gopro-lib-win-analytics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 208.67.222.222

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ED2F0DF8-AFC4-445B-9C64-58E51681399E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{037AA8C6-74B1-4421-BBD6-BBBC75B21520}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{74C95C0A-80FF-4AA0-90A3-D9091FC5D263}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F7DF4388-6A17-4828-909A-3235E828D6A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D73FA6D9-F4FB-4D5F-AB46-392185FEC802}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ACF9D72F-7649-446C-84B4-B3CECA24E7BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8926990C-C57A-40B5-BA8C-24E9AC6578F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{7886DD82-8F6C-4299-A72E-AF2E32D294D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{394A6CAA-A1EF-4376-BDC9-6E447ED99215}] => (Allow) G:\Games\Battle.net\Battle.net.exe
FirewallRules: [{68B49C3E-2D86-4A76-8D1C-F63B7D1BEB08}] => (Allow) G:\Games\Battle.net\Battle.net.exe
FirewallRules: [{03E1E09D-8DE5-4592-AB44-3A7CE492B17A}] => (Allow) G:\Games\Diablo III\Diablo III.exe
FirewallRules: [{7BD8E24E-53D6-4338-905C-92DB00ACB74B}] => (Allow) G:\Games\Diablo III\Diablo III.exe
FirewallRules: [{C99E77EB-76CA-4345-A510-8D38B417C032}] => (Allow) G:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{E1087E86-5FFE-4305-9BBC-B41F454CD963}] => (Allow) G:\Games\StarCraft II\StarCraft II.exe
FirewallRules: [{5E041C9E-798B-4121-9354-29B0CA79863B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{2B0B7E23-BCD0-410E-9552-0D5244D114F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{5E2647D9-A951-4083-91ED-EB77ED252B87}] => (Allow) F:\Programs\Steam\Steam.exe
FirewallRules: [{7F368EA8-8288-43E2-95AD-A0D58292EC71}] => (Allow) F:\Programs\Steam\Steam.exe
FirewallRules: [{DF22A662-E3EB-43B3-9E77-998F456F561F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{0C558FE8-AC77-4A79-951A-3EDE72A244D4}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{15FF932E-72A0-46AB-9C27-49CCEE5D7A30}] => (Allow) G:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{1EF1DCA9-1D83-466C-996B-06EB952A46C4}] => (Allow) G:\Program Files (x86)\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{9C526A82-9263-4654-B77B-BC4C077AE1A5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{385A2AA2-3F8E-4585-AAE8-6A1F9D38ACFE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2E431095-C22F-4A06-A275-F4D56A0109E5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{73609D15-1405-495D-9A32-18D202B6ABF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4E6EBE7D-FF85-4BE0-8A36-EC0566F4E4EF}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{C497EE22-1A7C-4EDB-80A6-BD2AAE4C1AF6}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{6D3C3BCF-4703-4256-9DB8-FB37AB0B76BF}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{FF69D73A-7E65-4CC7-857A-084ECDE82287}] => (Allow) G:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{3DD2144F-099B-43FA-9ADA-6189B9A0398B}] => (Allow) C:\Users\flynn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A6353036-E801-4559-AB13-639A2CD5C0FE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A5F60EB9-60F1-4466-8B87-94FC76103053}] => (Allow) LPort=2869
FirewallRules: [{5410BADD-F220-4B13-BD68-F93B4A62CCFD}] => (Allow) LPort=1900
FirewallRules: [{9945E62B-862A-45ED-B08C-CA9F3A9EAEEE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{7F6E9024-C88A-47E5-BA8A-C3D583DC29EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7738991F-EC3B-4FFB-93E7-9E1C784EDEF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B818BD5E-4529-4554-B3DE-FB4E9551FEC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F50BA029-11FF-46B4-93E1-97FA886724B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57E7A9D5-BCE7-4300-A811-93F94CBEE001}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{C76016E4-1B5A-487E-B678-920A7E01F6EF}] => (Allow) F:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5882A746-266C-4491-BBA1-2F5EBF6D8FFE}] => (Allow) F:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0744DCCD-644C-4DF8-9C83-18609A27D77F}] => (Allow) F:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{A41728B7-C701-4377-A1A2-D4AC8C4AE3A4}] => (Allow) F:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{68349D4F-2AC3-4EF2-9FFC-B7255FA58509}] => (Allow) G:\Programs\LG Power Tools\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{3D8DDE09-2A02-4D1A-8EF6-347C90DF276D}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{2DE1691F-4239-49E8-BA53-0B4579F79748}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{794C670D-D633-49FF-B311-40A1D9ED191A}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{C0BF81AC-2428-44D4-AB56-EFF132B23DB3}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{E5E29C92-7163-46C5-B998-CBDB26DB7722}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{73A3F2E3-36A3-4C88-A714-A079B4707098}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{A82EACDB-79C1-4524-921C-6D75D477BF76}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{B114851C-0C34-4771-9FBD-D7A82195D000}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{C5F4900D-C7DE-4F56-87C0-D50257211589}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{75BD78DD-A1C7-4F16-8C08-06E2FA0331D3}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{03CE0066-1505-442F-89A3-C27DF773338B}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{26B5134F-1A43-4B34-B435-7D216CBFA771}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{CB9F9841-FFF9-4366-BF10-DAC20CCF8DAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7E24928-56B1-4236-A752-7811F0E88A11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A57615E5-EE46-48CA-8E7D-17CC87D54E04}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1642BE7B-B3FF-4BC8-A1AA-C37514B51543}] => (Allow) F:\Programs\Steam\steamapps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{99A065AF-1534-4C95-AF46-DC299FA30BF4}] => (Allow) F:\Programs\Steam\steamapps\common\Magic 2015\DotP_D15.exe
FirewallRules: [{3CE5AA7F-89E6-4C70-988F-7410137A13B0}] => (Allow) F:\Programs\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{66E5845F-BB1D-4253-9A4B-20C693E94C8A}] => (Allow) F:\Programs\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{9F8F7B35-75B2-482B-9B6B-0BCBE922B1E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2015 08:16:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/07/2015 07:47:34 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/06/2015 12:30:22 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/05/2015 12:30:15 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/04/2015 12:30:15 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/02/2015 10:10:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/01/2015 12:30:22 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/30/2015 07:22:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: HPScanMiniDrv_DJ2050_510g.dll_unloaded, version: 0.0.0.0, time stamp: 0x4b5f5209
Exception code: 0xc0000005
Fault offset: 0x000007feeefc6362
Faulting process id: 0xa04
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3

Error: (06/30/2015 12:30:12 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/29/2015 06:56:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (07/09/2015 09:07:11 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/09/2015 06:41:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/03/2015 09:40:25 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/01/2015 07:29:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (07/01/2015 07:29:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (07/01/2015 07:16:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (07/01/2015 07:16:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (06/30/2015 07:22:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/29/2015 07:24:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/27/2015 11:05:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemUpdatekb70007 service failed to start due to the following error:
%%216


Microsoft Office:
=========================
Error: (07/10/2015 08:16:36 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/07/2015 07:47:34 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/06/2015 12:30:22 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/05/2015 12:30:15 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/04/2015 12:30:15 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/02/2015 10:10:11 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/01/2015 12:30:22 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/30/2015 07:22:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPScanMiniDrv_DJ2050_510g.dll_unloaded0.0.0.04b5f5209c0000005000007feeefc6362a0401d0b3101bc1fb58C:\Windows\system32\svchost.exeHPScanMiniDrv_DJ2050_510g.dll97608fac-1f09-11e5-8d59-e03f4977e54d

Error: (06/30/2015 12:30:12 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/29/2015 06:56:22 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 16281.73 MB
Available physical RAM: 12615.3 MB
Total Virtual: 16779.93 MB
Available Virtual: 12854.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.9 GB) (Free:4.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (New Volume) (Fixed) (Total:1862.89 GB) (Free:305.53 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:552.69 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:2794.39 GB) (Free:354.81 GB) NTFS
Drive i: (SAMSUNG) (Fixed) (Total:1862.79 GB) (Free:80.02 GB) FAT32
Drive j: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:55.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: CF556B4F)
Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: FC8C6AC1)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 13 July 2015 - 02:16 AM

Hi there,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    RemoveProxy:
    FF NetworkProxy: 
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
 
 
 
 
warning.gif No resident protection warning

Always have one (and no more than one!) Antivirus program, as the resident protection is absolutely a must-have on any Windows!Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards.

For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal solution that works for everyone, and there is no single best anti-virus. What works for me may not work for you and your machine.

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 peaceandquiet

peaceandquiet
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 15 July 2015 - 11:44 PM

Hello,

Thanks again for your help.

1. here is a copy of the fixlog output:

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by flynn at 2015-07-16 11:21:05 Run:1
Running from C:\Users\flynn\Desktop
Loaded Profiles: flynn (Available Profiles: flynn)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
RemoveProxy:
FF NetworkProxy:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

Firefox Proxy settings were reset.


The system needed a reboot..

==== End of Fixlog 11:21:05 ====

 

 

 

 

 

 

 

 

 

2. here is the ESET online scanner Log. the 'removeWAT' entries are the issue i think.

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2c44a0d61d48b0488ca0268d4534c53c
# end=init
# utc_time=2015-07-16 01:24:15
# local_time=2015-07-16 11:24:15 (+1000, AUS Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2c44a0d61d48b0488ca0268d4534c53c
# end=init
# utc_time=2015-07-16 01:25:17
# local_time=2015-07-16 11:25:17 (+1000, AUS Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24821
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2c44a0d61d48b0488ca0268d4534c53c
# end=updated
# utc_time=2015-07-16 01:27:29
# local_time=2015-07-16 11:27:29 (+1000, AUS Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2c44a0d61d48b0488ca0268d4534c53c
# engine=24821
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-16 03:47:39
# local_time=2015-07-16 01:47:39 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 735370 188651909 0 0
# scanned=363246
# found=27
# cleaned=0
# scan_time=8410
sh=2C6BDB07BBA01186B59DBF1BA107BD27C2D9E00D ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{9F0608C3-C6A2-459A-A771-8E8044E52A35}\Custom.dll"
sh=2C6BDB07BBA01186B59DBF1BA107BD27C2D9E00D ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{A71C674C-3F4C-45FE-A715-776E7CFF45BA}\Custom.dll"
sh=9927B82A825E80CFB729DEB18F1C168BEC922B02 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\ProgramData\InstallMate\{FEE49657-0252-4CE9-AE02-4A702507B4A1}\Custom.dll"
sh=2C6BDB07BBA01186B59DBF1BA107BD27C2D9E00D ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{9F0608C3-C6A2-459A-A771-8E8044E52A35}\Custom.dll"
sh=2C6BDB07BBA01186B59DBF1BA107BD27C2D9E00D ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{A71C674C-3F4C-45FE-A715-776E7CFF45BA}\Custom.dll"
sh=9927B82A825E80CFB729DEB18F1C168BEC922B02 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{FEE49657-0252-4CE9-AE02-4A702507B4A1}\Custom.dll"
sh=F8A733DE31D816E8C6D9F5F7E666A99DAB50600F ft=1 fh=68d34f8e2da3fc6c vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="E:\ALL BACKUPS\Desktop\GOMPLAYERENSETUP.EXE"
sh=507B6AD46C471804A48A6E7A4D17E1C0B3B7FE74 ft=1 fh=250619b7b5b96cd4 vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="E:\ALL BACKUPS\Desktop\Setup_FreeConverter.exe"
sh=38B0153A8F24B8C9AE4D3FB611D253EEBBB3527E ft=1 fh=b50f879fb2c04138 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="E:\ALL BACKUPS\Desktop\SoftonicDownloader_for_mkv-player.exe"
sh=12BC4EB67AE9D9081AD7A33A410488549FB64765 ft=1 fh=c7e352f8628a9da1 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="E:\ALL BACKUPS\old desktop and settings files\Desktop\GOMPLAYERENSETUP.EXE"
sh=28D708F1ACA2EC3EEF0A994D02D92C061C2E12D8 ft=1 fh=ade3728bbb74c600 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\ALL BACKUPS\old desktop and settings files\Desktop\winamp5601_full_emusic-7plus_en-us.exe"
sh=C5A07C6647A4228B39A382EE5246235CFDD94A82 ft=1 fh=1901ca3fd08316cd vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="F:\Downloads\Firefox Downloads\cbsidlm-cbsi134-dBpoweramp_Music_Converter-ORG-10042534.exe"
sh=600A0295369F89C300038D770E5E114F2E25A3AF ft=1 fh=df0838ff15738a3a vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="F:\Downloads\Firefox Downloads\cbsidlm-tr1_9-GetFLV-ORG2-10618974.exe"
sh=180C8ED7C81E3AE7B0507B26C927EA93584B017C ft=1 fh=b0b83453fcc7b480 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\Downloads\Firefox Downloads\ccsetup327.exe"
sh=2E0A2E6B19FF7FC60A0AEB4969B0C96D02C5507D ft=1 fh=27aed8f2e7bf663e vn="Win32/SoftonicDownloader.E potentially unwanted application" ac=I fn="F:\Downloads\Firefox Downloads\SoftonicDownloader_for_steam.exe"
sh=35693D56DE53FA01146DD146B10732703C5D118B ft=1 fh=c5553e8c701c6bb8 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="F:\Downloads\Firefox Downloads\Speedtest_TuneUpUtilities2012_en-AU.exe"
sh=C868083BF36BEBBFB11CBC44DC05186070475D22 ft=1 fh=5f8bb7ff13af2599 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Downloads\Firefox Downloads\winamp563_full_emusic-7plus_all(1).exe"
sh=C868083BF36BEBBFB11CBC44DC05186070475D22 ft=1 fh=5f8bb7ff13af2599 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Downloads\Firefox Downloads\winamp563_full_emusic-7plus_all.exe"
sh=1BC16D199953EEDFA21BFFF7805A9255F897DFAB ft=1 fh=a791349df2a4acf4 vn="a variant of Win32/HackTool.Patcher.N potentially unsafe application" ac=I fn="F:\Programs\GetFLV\GetFLV 9.1.2.0 ~ IPASuperior\GetFLV.v9.1.2.0-kg-REPT\GetFLV.v9.1.2.0.loader.exe"
sh=E64507DB6DBBCC0C3F0D115E250C27887648EF92 ft=1 fh=7f4ebb3e07bfc27c vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="F:\Programs\utorrent\uTorrent.exe"
sh=6046326F54B7275DDEE8D747E73C81D6F6859229 ft=1 fh=f41fe1325ab7b80b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="G:\Downloads\Firefox Downloads\any-audio-converter.exe"
sh=29C3D20A6AEB4138E9AF34A0B98B755E2C03E91B ft=1 fh=c71c00115cf3b0ad vn="a variant of Win32/Amonetize.AS potentially unwanted application" ac=I fn="G:\Downloads\Firefox Downloads\Removewat 2.2.7 Activator full__8354_i699352861_il9375.exe"
sh=E11A6EA90913CEC1F92B9519F91340E35E390DF1 ft=1 fh=1ce3e30805622250 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="G:\Downloads\Firefox Downloads\removewat 2.2.7 windows 7 activation working.exe"
sh=29C3D20A6AEB4138E9AF34A0B98B755E2C03E91B ft=1 fh=c71c00115cf3b0ad vn="a variant of Win32/Amonetize.AS potentially unwanted application" ac=I fn="G:\Downloads\Firefox Downloads\RemoveWAT 2.2.7 Windows 7 activation working__8354_i698979179_il14062156.exe"
sh=CF9EC30C9943A3356778B93619B524326E332FBF ft=1 fh=d9818aff3c452ef5 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="G:\Downloads\Firefox Downloads\RemoveWAT.2.2.8 [www.Expert2Program.net].zip(1).exe"
sh=1CECAC863482C8C5F689EB60E4627BD5FAE5864A ft=1 fh=cad15b4c5135257a vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="G:\Downloads\Firefox Downloads\removewat.2.2.8 [www.expert2program.net].zip.exe"
sh=D8F91A17C77E253215C983FD85B573774CE78B00 ft=1 fh=f920e23a4d0004e5 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="G:\Downloads\Firefox Downloads\uTorrent.exe"



3. latest FRST scan results are as follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by flynn (administrator) on FLYNN-PC on 16-07-2015 14:43:48
Running from C:\Users\flynn\Desktop
Loaded Profiles: flynn (Available Profiles: flynn)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PureVPN) C:\Program Files (x86)\PureVPN\purevpn.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) G:\Programs\LG Power Tools\Power2Go\CLMLSvc.exe
(CyberLink Corp.) G:\Programs\LG Power Tools\PowerDVD8\PDVD8Serv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(GoPro) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe
(Blizzard Entertainment) G:\Games\Battle.net\Battle.net.5952\Battle.net.exe
(AVAST Software) G:\Downloads\Firefox Downloads\avast_free_antivirus_setup_online.exe
(AVAST Software) C:\Users\flynn\AppData\Local\Temp\_av_iup.tm~a04184\instup.exe
(AVAST Software) C:\Users\flynn\AppData\Local\Temp\_av_iup.tm~a04184\New\instup.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => G:\Programs\LG Power Tools\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => G:\Programs\LG Power Tools\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => G:\Programs\LG Power Tools\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => G:\Programs\LG Power Tools\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePPShortCut] => G:\Programs\LG Power Tools\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => G:\Programs\LG Power Tools\lg tool kit\lgfw.exe [27760 2014-09-14] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => G:\Programs\LG Power Tools\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [AsioReg] => REGSVR32 /S CTASIO.DLL
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3207680 2015-05-20] (GoPro)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\...\MountPoints2: {ae4037b5-d3aa-11e3-9b43-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-06] (Microsoft Corporation)
Startup: C:\Users\flynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2015-04-16]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{FF6AB816-F67B-4A4E-A0DE-C1DC0762D365}: [NameServer] 8.8.8.8,208.67.222.222
Tcpip\..\Interfaces\{FF6AB816-F67B-4A4E-A0DE-C1DC0762D365}: [DhcpNameServer] 10.1.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\zfggq87z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2014-04-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Extension: Ghostery - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\zfggq87z.default\Extensions\firefox@ghostery.com.xpi [2014-05-04]

Chrome:
=======
CHR Profile: C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Google Wallet) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR HKU\S-1-5-21-1457570109-1059728803-1889502381-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-22] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-09-22] (Creative Labs) [File not signed]
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2014-09-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-09-30] (Creative Technology Ltd) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 MBAMScheduler; G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2015-01-28] (The OpenVPN Project)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-19] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [271760 2009-04-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 NVFLASH; C:\Windows\system32\drivers\nvflash.sys [15648 2013-04-19] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 14:42 - 2015-07-16 14:42 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-16 14:42 - 2015-07-16 14:42 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-16 11:24 - 2015-07-16 11:24 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-16 11:23 - 2015-07-16 11:24 - 02870984 _____ (ESET) C:\Users\flynn\Desktop\esetsmartinstaller_enu.exe
2015-07-15 11:38 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 11:38 - 2015-07-03 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 11:38 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 11:38 - 2015-07-03 06:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:38 - 2015-07-03 06:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 11:38 - 2015-07-03 06:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:38 - 2015-07-03 06:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:38 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 11:38 - 2015-07-03 06:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:38 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 11:38 - 2015-07-03 05:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:38 - 2015-07-03 04:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:38 - 2015-06-26 04:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 11:38 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 11:38 - 2015-06-21 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 11:38 - 2015-06-21 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 11:38 - 2015-06-21 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:38 - 2015-06-21 05:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:38 - 2015-06-21 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 11:38 - 2015-06-21 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 11:38 - 2015-06-21 05:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:38 - 2015-06-21 05:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 11:38 - 2015-06-21 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:38 - 2015-06-21 05:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:38 - 2015-06-21 05:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 11:38 - 2015-06-21 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 11:38 - 2015-06-21 05:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:38 - 2015-06-21 05:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 11:38 - 2015-06-21 05:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 11:38 - 2015-06-21 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:38 - 2015-06-21 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:38 - 2015-06-21 04:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:38 - 2015-06-21 04:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 11:38 - 2015-06-21 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:38 - 2015-06-21 04:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 11:38 - 2015-06-21 04:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:38 - 2015-06-21 04:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 11:38 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 11:38 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 11:38 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 11:38 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 11:38 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 11:38 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 11:38 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 11:38 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 11:38 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 11:38 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 11:38 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 11:38 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 11:38 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 11:38 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 11:38 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 11:38 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 11:38 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 11:38 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 11:38 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 11:32 - 2015-06-27 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 11:32 - 2015-06-27 12:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:32 - 2015-06-27 11:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 11:32 - 2015-06-27 11:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 11:32 - 2015-06-25 18:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 11:32 - 2015-06-18 03:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 11:32 - 2015-06-18 03:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 11:32 - 2015-06-02 10:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 11:32 - 2015-06-02 09:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 11:21 - 2015-07-05 04:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 11:21 - 2015-07-05 03:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 11:21 - 2015-07-02 06:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 11:21 - 2015-07-02 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 11:21 - 2015-07-02 06:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 11:21 - 2015-07-02 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 11:21 - 2015-07-02 06:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 11:21 - 2015-07-02 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 11:21 - 2015-07-02 06:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 11:21 - 2015-07-02 06:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 11:21 - 2015-07-02 06:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 11:21 - 2015-07-02 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 11:21 - 2015-07-02 06:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 11:21 - 2015-07-02 06:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 11:21 - 2015-07-02 06:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 11:21 - 2015-07-02 06:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 11:21 - 2015-07-02 06:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 11:21 - 2015-07-02 06:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 11:21 - 2015-07-02 06:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 11:21 - 2015-07-02 06:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 11:21 - 2015-07-02 05:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:21 - 2015-07-02 05:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 11:21 - 2015-07-02 05:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 11:21 - 2015-06-16 07:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 11:21 - 2015-06-16 07:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 11:21 - 2015-06-16 07:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 11:21 - 2015-06-16 07:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 11:21 - 2015-06-16 07:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 11:21 - 2015-06-16 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 11:21 - 2015-06-16 07:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 11:21 - 2015-06-16 07:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 11:21 - 2015-06-16 07:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 11:21 - 2015-06-16 07:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 11:21 - 2015-06-16 07:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 11:21 - 2015-06-16 07:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 11:21 - 2015-06-12 03:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 11:21 - 2015-06-12 03:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-15 11:21 - 2015-06-12 03:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-15 11:20 - 2015-07-04 04:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 11:20 - 2015-07-04 04:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 11:20 - 2015-07-04 04:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 11:20 - 2015-07-04 04:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 11:20 - 2015-07-04 03:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 11:20 - 2015-07-04 03:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 11:20 - 2015-07-04 03:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 11:20 - 2015-07-04 03:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 11:20 - 2015-07-04 02:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 11:20 - 2015-07-04 02:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-13 08:56 - 2015-07-16 14:43 - 00016304 _____ C:\Users\flynn\Desktop\FRST.txt
2015-07-13 08:56 - 2015-07-13 08:57 - 00044899 _____ C:\Users\flynn\Desktop\Addition.txt
2015-07-13 08:56 - 2015-07-13 08:57 - 00029014 _____ C:\Users\flynn\Desktop\FRST (original).txt
2015-07-13 08:55 - 2015-07-16 14:43 - 00000000 ____D C:\FRST
2015-07-13 08:53 - 2015-07-13 08:53 - 02133504 _____ (Farbar) C:\Users\flynn\Desktop\FRST64.exe
2015-07-11 19:22 - 2015-07-11 19:22 - 00014119 _____ C:\Users\flynn\Desktop\hijackthis.log
2015-07-11 19:12 - 2015-07-11 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\flynn\Desktop\HijackThis(2).exe
2015-07-09 18:48 - 2015-06-17 16:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-09 18:47 - 2015-07-09 18:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-09 18:47 - 2015-06-17 19:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-09 18:47 - 2015-06-17 19:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-09 18:47 - 2015-06-17 19:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-09 18:47 - 2015-06-17 19:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-09 18:40 - 2015-05-19 13:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-09 18:40 - 2015-05-19 13:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-06 14:25 - 2015-07-09 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 22:14 - 2015-07-05 22:14 - 00000068 _____ C:\Users\flynn\Desktop\pats emails.txt
2015-07-05 14:40 - 2015-07-05 21:16 - 00000000 ____D C:\Users\flynn\Documents\The Witcher 3
2015-07-01 19:29 - 2015-07-01 19:29 - 00000000 ____D C:\Users\flynn\AppData\Local\Steam
2015-06-30 19:25 - 2015-06-30 19:34 - 00000000 ____D C:\Users\flynn\Desktop\BRENOS SHIAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 14:43 - 2014-05-04 13:44 - 00000000 ____D C:\Users\flynn\AppData\Local\Battle.net
2015-07-16 14:39 - 2014-05-04 10:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 14:26 - 2014-12-12 18:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 14:22 - 2009-07-14 14:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 14:22 - 2009-07-14 14:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-16 11:28 - 2009-07-14 15:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 11:25 - 2014-05-30 22:27 - 01749123 _____ C:\Windows\WindowsUpdate.log
2015-07-16 11:22 - 2015-04-16 22:11 - 00000000 ____D C:\ProgramData\purevpn
2015-07-16 11:22 - 2014-09-14 10:46 - 00000000 ____D C:\Users\flynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools
2015-07-16 11:22 - 2014-05-30 22:25 - 00110721 _____ C:\Windows\setupact.log
2015-07-16 11:22 - 2014-05-04 12:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-16 11:22 - 2014-05-04 10:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 11:22 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 07:34 - 2014-05-04 10:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 07:34 - 2014-05-04 10:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 06:52 - 2009-07-14 14:45 - 00298056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 19:57 - 2014-05-04 14:17 - 00000000 ____D C:\Users\flynn\AppData\Roaming\foobar2000
2015-07-15 18:21 - 2014-05-04 13:25 - 00000000 ____D C:\Users\flynn\AppData\Roaming\uTorrent
2015-07-15 12:26 - 2014-12-12 18:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 12:26 - 2014-05-04 14:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 12:26 - 2014-05-04 14:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 11:39 - 2014-05-04 10:19 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-15 11:04 - 2014-09-14 10:49 - 00000376 _____ C:\Windows\lgfwup.ini
2015-07-11 17:37 - 2014-05-20 22:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 16:59 - 2014-05-20 22:28 - 00000791 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 16:59 - 2014-05-20 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 16:37 - 2014-10-19 13:03 - 00018885 _____ C:\Users\flynn\Desktop\good tunes.txt
2015-07-09 19:18 - 2014-05-04 12:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-09 18:49 - 2014-09-14 10:50 - 00000000 ____D C:\Temp
2015-07-09 18:49 - 2014-05-04 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-09 18:48 - 2014-05-04 12:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-09 18:41 - 2014-05-04 12:48 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-09 18:35 - 2014-07-23 18:33 - 00179670 _____ C:\Windows\PFRO.log
2015-07-09 18:35 - 2014-05-10 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-29 21:38 - 2015-06-06 10:25 - 00000000 ____D C:\Users\flynn\AppData\Roaming\GoPro
2015-06-29 21:28 - 2015-06-06 10:24 - 00000000 ____D C:\Users\Public\CineForm
2015-06-27 05:12 - 2014-05-04 16:53 - 00000000 ____D C:\Users\flynn\AppData\Local\CrashDumps
2015-06-24 21:36 - 2014-09-22 22:25 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-24 21:36 - 2014-09-22 22:25 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-24 21:36 - 2014-05-04 13:16 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-24 21:36 - 2014-05-04 13:16 - 01320120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-18 08:41 - 2014-05-20 22:28 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-05-20 22:28 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-05-20 22:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 19:10 - 2015-02-28 12:39 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-17 19:10 - 2014-05-04 12:47 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-17 19:10 - 2014-05-04 12:46 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-17 16:48 - 2014-05-04 12:47 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 16:48 - 2014-05-04 12:47 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 16:48 - 2014-05-04 12:47 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

==================== Files in the root of some directories =======

2014-09-22 22:32 - 2014-09-22 22:32 - 0000036 _____ () C:\Users\flynn\AppData\Roaming\MTScdAgt.dat
2014-09-23 13:36 - 2014-09-23 13:36 - 0007618 _____ () C:\Users\flynn\AppData\Local\Resmon.ResmonCfg
2014-05-30 20:54 - 2014-05-30 20:54 - 0126141 _____ () C:\ProgramData\1401446094.bdinstall.bin
2014-05-04 10:27 - 2014-05-04 10:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-22 21:13 - 2010-01-14 17:00 - 0000235 _____ () C:\ProgramData\UDATHXD.ini

Some files in TEMP:
====================
C:\Users\flynn\AppData\Local\Temp\CTPBSeq.exe
C:\Users\flynn\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\flynn\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 12:22

==================== End of log ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 17 July 2015 - 11:34 AM

Hi there,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    C:\ProgramData\InstallMate\{9F0608C3-C6A2-459A-A771-8E8044E52A35}
    C:\ProgramData\InstallMate\{A71C674C-3F4C-45FE-A715-776E7CFF45BA}
    C:\ProgramData\InstallMate\{FEE49657-0252-4CE9-AE02-4A702507B4A1}
    G:\Downloads\Firefox Downloads\Removewat 2.2.7 Activator full__8354_i699352861_il9375.exe
    G:\Downloads\Firefox Downloads\removewat 2.2.7 windows 7 activation working.exe
    G:\Downloads\Firefox Downloads\RemoveWAT 2.2.7 Windows 7 activation working__8354_i698979179_il14062156.exe
    G:\Downloads\Firefox Downloads\RemoveWAT.2.2.8 [www.Expert2Program.net].zip(1).exe
    G:\Downloads\Firefox Downloads\removewat.2.2.8 [www.expert2program.net].zip.exe
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
No need to post the log.

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:
 

Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Edited by deeprybka, 17 July 2015 - 11:36 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 peaceandquiet

peaceandquiet
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 17 July 2015 - 09:51 PM

Okay thanks alot for your help deeprybka, its greatly appreciated! thanks again!



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 18 July 2015 - 02:58 AM

You are welcome.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:33 PM

Posted 18 July 2015 - 02:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users