Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Microsoft Phone Scammer (Possibly Trojan/Spyware/Worm Installed)


  • This topic is locked This topic is locked
20 replies to this topic

#1 GameMaster

GameMaster

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 07 August 2015 - 03:57 PM

Hello,
Please refer to my previous topic first for my issue. The logs are from the custom built PC. TL;DR: I'm not sure if a real Microsoft employee remote controlled my laptop and helped me put a Windows installer on my USB or if I called a scammer who gave me an installer with malware. So, I'm unsure whether my installer, custom PC (which the installer was used on to install Windows 8.1), or laptop is infected with anything. There are no signs of malware as far as I know, hence why I said it could possibly be those things in the title. I just want to be sure, though. I left the USB stick I used to install Windows in while I ran FRST, but doing a quick glance, it looks like it didn't scan it.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by Benjamin (administrator) on BENS_PC (07-08-2015 15:47:14)
Running from C:\Users\Benjamin\Desktop
Loaded Profiles: Benjamin (Available Profiles: Benjamin & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Chris Pietschmann (http://pietschsoft.com)) D:\Applications\Virtual Router\VirtualRouterService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [Steam] => D:\Applications\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2015-07-31]
ShortcutTarget: Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()
Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-06-04]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-22] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-22] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{19703A09-E39F-46C7-8C8F-1100EE270C6C}: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-23] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-08] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-08] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-08] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4000855795-3865398248-637190310-1001: @nsroblox.roblox.com/launcher -> C:\Users\Benjamin\AppData\Local\Roblox\Versions\version-3ea30293a6494961\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4000855795-3865398248-637190310-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Benjamin\AppData\Local\Roblox\Versions\version-3ea30293a6494961\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF user.js: detected! => C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default\user.js [2014-12-13]
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default\searchplugins\duckduckgo.xml [2014-11-04]
FF Extension: WOT - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-22]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-08]
 
Chrome: 
=======
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-01]
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-01]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-01]
CHR Extension: (Quizlet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2015-08-01]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-08-01]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-01]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-01]
CHR Extension: (Google Sheets) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-08-01]
CHR Extension: (Google Play Movies & TV) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2015-08-01]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-08-01]
CHR Extension: (Google Play) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-08-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-01]
CHR Extension: (Google Cast API) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafeflapfdfljijmlienjedomfjfmhpd [2015-08-01]
CHR Extension: (Google Mail Checker) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-08-01]
CHR Extension: (Hangouts) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Outlook.com) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-01]
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-07]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-07]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-07]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
Opera: 
=======
OPR Extension: (DuckDuckGo) - C:\Users\Benjamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2014-11-04]
OPR Extension: (weboftrust) - C:\Users\Benjamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2014-11-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Virtual Router; D:\Applications\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com)) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2014-07-01] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-06-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-06-27] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-06-27] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-07 15:47 - 2015-08-07 15:47 - 00023538 _____ C:\Users\Benjamin\Desktop\FRST.txt
2015-08-07 15:29 - 2015-08-07 15:30 - 00000571 _____ C:\Users\Benjamin\Desktop\BC_Info.txt
2015-08-07 15:13 - 2015-08-07 15:47 - 00000000 ____D C:\FRST
2015-08-07 15:11 - 2015-08-07 15:11 - 02170368 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST64.exe
2015-08-03 20:43 - 2015-08-03 20:44 - 16722432 _____ C:\Users\Benjamin\Downloads\mumble-1.2.10.msi
2015-08-02 17:52 - 2015-08-02 17:52 - 00001279 _____ C:\Users\Guest\Desktop\Minecraft - Shortcut.lnk
2015-08-02 17:51 - 2015-08-02 17:52 - 00000000 ____D C:\Users\Guest\Documents\Minecraft
2015-08-02 16:55 - 2015-08-02 16:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\NVIDIA
2015-08-02 16:48 - 2015-08-03 19:04 - 00000000 ____D C:\Users\Guest\AppData\Roaming\.minecraft
2015-08-02 16:48 - 2015-08-02 16:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\java
2015-08-02 16:43 - 2015-08-02 16:43 - 00000000 ____D C:\Users\Guest\AppData\Local\Chris_Pietschmann_(http__
2015-08-02 16:40 - 2015-08-03 20:39 - 00000000 ____D C:\Users\Guest
2015-08-02 16:40 - 2015-08-02 16:45 - 00002275 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2015-08-02 16:40 - 2015-08-02 16:40 - 00002346 _____ C:\Users\Guest\Desktop\Safe Money.lnk
2015-08-02 16:40 - 2015-08-02 16:40 - 00001442 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 16:40 - 2015-08-02 16:40 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\NVIDIA Corporation
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\NVIDIA
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-08-02 16:40 - 2015-03-10 18:48 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-02 16:40 - 2014-11-18 19:01 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-02 16:40 - 2014-11-18 19:01 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-02 16:40 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-02 16:40 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-02 16:40 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-01 18:45 - 2015-08-01 18:45 - 00000557 _____ C:\Users\Benjamin\Desktop\sfc scannow 8-1-15.txt
2015-08-01 17:36 - 2015-08-01 17:36 - 00000276 _____ C:\Users\Benjamin\Downloads\debug.log
2015-08-01 17:35 - 2015-08-01 17:36 - 04089160 _____ (Google) C:\Users\Benjamin\Downloads\chrome_cleanup_tool.exe
2015-08-01 16:45 - 2015-08-01 18:28 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-01 16:45 - 2015-08-01 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-01 16:45 - 2015-08-01 16:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-01 16:45 - 2015-08-01 16:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-01 16:45 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-01 16:45 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-01 16:45 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-01 16:42 - 2015-08-01 16:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Benjamin\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-01 13:32 - 2015-08-01 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-01 12:16 - 2015-08-07 15:12 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Skype
2015-08-01 12:16 - 2015-08-01 13:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-01 12:16 - 2015-08-01 13:29 - 00000000 ____D C:\ProgramData\Skype
2015-08-01 12:16 - 2015-08-01 12:16 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-01 12:16 - 2015-08-01 12:16 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Skype
2015-08-01 12:16 - 2015-08-01 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-01 12:13 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-01 12:13 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-01 12:13 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-31 21:17 - 2015-07-31 21:17 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Chris_Pietschmann_(http__
2015-07-31 21:14 - 2015-07-31 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
2015-07-31 21:13 - 2015-07-31 21:13 - 01373696 _____ C:\Users\Benjamin\Downloads\VirtualRouterInstaller.msi
2015-07-28 20:06 - 2015-07-28 20:06 - 00003793 _____ C:\Users\Benjamin\AppData\Local\recently-used.xbel
2015-07-28 13:05 - 2015-07-25 08:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-25 22:39 - 2015-07-26 18:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-24 14:33 - 2015-07-02 23:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-07-24 14:33 - 2015-07-02 23:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-07-23 21:02 - 2015-07-23 21:02 - 00000000 ____D C:\Users\Benjamin\AppData\Local\CEF
2015-07-22 09:04 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-22 09:04 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-22 09:03 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-22 09:03 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-22 09:03 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-22 09:03 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-22 09:03 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-22 09:03 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-22 09:03 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-22 09:03 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-22 09:01 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-22 09:01 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-22 09:01 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-22 08:51 - 2015-07-09 14:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-22 08:51 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-22 08:51 - 2015-07-09 11:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-22 08:51 - 2015-07-09 10:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-22 08:51 - 2015-07-09 10:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-22 08:51 - 2015-07-09 10:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-22 08:51 - 2015-07-09 10:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-22 08:51 - 2015-07-09 10:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-22 08:51 - 2015-07-09 10:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-22 08:51 - 2015-07-09 10:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-22 08:51 - 2015-07-09 10:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-22 08:51 - 2015-07-09 10:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-22 08:51 - 2015-07-09 10:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-22 08:51 - 2015-07-01 17:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-22 08:51 - 2015-07-01 16:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-22 08:51 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-22 08:51 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-22 08:51 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-22 08:51 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-22 08:51 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-22 08:51 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-22 08:51 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-22 08:51 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-22 08:51 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-22 08:51 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-22 08:51 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-22 08:51 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-22 08:51 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-22 08:51 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-22 08:51 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-22 08:51 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-22 08:51 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-22 08:51 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-22 08:51 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-22 08:51 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-22 08:51 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-22 08:51 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-22 08:51 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-22 08:51 - 2015-06-24 21:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-22 08:51 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-22 08:51 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-22 08:51 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-22 08:51 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-22 08:51 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-22 08:51 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-22 08:51 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-22 08:51 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-22 08:51 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-22 08:51 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-22 08:51 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-22 08:51 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-22 08:51 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-22 08:51 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-22 08:51 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-22 08:51 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-22 08:51 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-22 08:51 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-22 08:51 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-22 08:51 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-22 08:51 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-22 08:51 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-22 08:51 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-22 08:51 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-22 08:51 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-22 08:51 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-22 08:50 - 2015-07-14 09:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-22 08:50 - 2015-07-14 09:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-22 08:50 - 2015-07-14 09:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-22 08:50 - 2015-07-14 09:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-22 08:50 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-22 08:50 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-22 08:50 - 2015-06-15 17:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-22 08:50 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-22 08:50 - 2015-06-15 17:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-22 08:50 - 2015-06-15 17:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-22 08:50 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-22 08:50 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-22 08:50 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-22 08:50 - 2015-06-15 16:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-22 08:50 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-22 08:50 - 2015-06-15 16:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-22 08:50 - 2015-06-15 16:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-22 08:50 - 2015-06-15 16:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-22 08:50 - 2015-06-15 16:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-22 08:50 - 2015-06-15 16:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-22 08:50 - 2015-06-15 16:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-22 08:50 - 2015-06-15 16:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-22 08:50 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-22 08:50 - 2015-06-15 16:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-22 08:50 - 2015-06-15 16:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-22 08:50 - 2015-06-15 15:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-22 08:50 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-22 08:50 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-22 08:50 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-22 08:50 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-22 08:50 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-22 08:50 - 2015-06-15 15:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-22 08:50 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-22 08:50 - 2015-06-15 15:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-22 08:50 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-22 08:50 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-22 08:50 - 2015-06-15 15:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-22 08:50 - 2015-06-15 15:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-22 08:50 - 2015-06-15 15:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-22 08:50 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-22 08:50 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-22 08:50 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-22 08:50 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-22 08:50 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-22 08:50 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-22 08:50 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-22 08:50 - 2015-04-28 08:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-22 08:50 - 2015-04-28 08:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-22 08:50 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-22 08:50 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-10 08:39 - 2015-07-30 19:32 - 00000000 ___HD C:\$Windows.~BT
2015-07-08 20:48 - 2015-07-08 20:48 - 00002148 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-07-08 20:48 - 2015-07-08 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-07-08 20:48 - 2015-07-08 20:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-07-08 20:48 - 2015-06-27 22:14 - 00831664 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-07-08 20:48 - 2015-06-27 22:14 - 00226480 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-07-08 20:48 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-07-08 20:48 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-07-08 20:27 - 2015-07-08 20:32 - 172364912 _____ (Kaspersky Lab) C:\Users\Benjamin\Downloads\kis15.0.2.361abcen_8103.exe
2015-07-08 14:52 - 2015-07-08 14:52 - 00002139 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2015-07-08 14:52 - 2015-05-21 01:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-07-08 14:52 - 2015-05-21 01:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-07-08 14:46 - 2015-07-08 14:48 - 38754408 _____ (Samsung Electronics Co., Ltd.) C:\Users\Benjamin\Downloads\smart-switch-pc_4_0_15064_11.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-07 15:35 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-07 15:31 - 2014-07-01 23:30 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\HexChat
2015-08-07 15:27 - 2015-01-04 21:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 15:10 - 2014-12-18 20:13 - 00083442 _____ C:\WINDOWS\setupact.log
2015-08-07 15:10 - 2014-05-03 17:56 - 00000000 ___DO C:\Users\Benjamin\SkyDrive
2015-08-07 15:09 - 2015-04-06 18:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-07 15:09 - 2015-01-04 21:07 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 15:09 - 2014-07-01 22:39 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 15:09 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-07 15:09 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-07 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-07 14:51 - 2014-07-02 14:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-07 14:07 - 2015-05-06 18:33 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Bvckup2
2015-08-07 12:58 - 2014-07-01 22:10 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4000855795-3865398248-637190310-1001
2015-08-07 12:53 - 2014-07-01 22:02 - 01854225 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-07 12:45 - 2014-07-02 13:33 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-07 12:34 - 2015-04-03 10:49 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16A2CA1E-6E40-44E2-90EA-BD97AD847DD2}
2015-08-06 12:00 - 2015-04-28 18:35 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\TS3Client
2015-08-06 09:59 - 2014-10-26 14:09 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1414350579
2015-08-06 09:59 - 2014-10-26 14:09 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-06 09:59 - 2014-10-26 14:09 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-05 19:27 - 2014-05-03 17:54 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Packages
2015-08-05 19:27 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-04 22:26 - 2015-05-27 22:58 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\.minecraft
2015-08-04 20:55 - 2015-04-28 18:35 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2015-08-03 21:54 - 2015-04-29 18:24 - 00086016 _____ C:\Users\Benjamin\murmur.sqlite
2015-08-03 21:54 - 2014-07-01 22:02 - 00000000 ____D C:\Users\Benjamin
2015-08-03 20:46 - 2014-07-02 13:04 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Mumble
2015-08-03 20:45 - 2015-04-29 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2015-08-03 20:45 - 2015-04-29 18:16 - 00000000 ____D C:\Program Files (x86)\Mumble
2015-08-02 11:49 - 2013-09-29 22:55 - 01490746 _____ C:\WINDOWS\PFRO.log
2015-08-01 22:28 - 2014-10-26 09:52 - 00000580 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-08-01 17:36 - 2014-07-01 23:20 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Google
2015-08-01 13:32 - 2014-07-01 23:20 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-01 12:16 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-30 19:35 - 2014-11-23 14:15 - 00000000 ____D C:\WINDOWS\Panther
2015-07-30 18:56 - 2014-12-13 14:59 - 00000000 __SHD C:\Users\Benjamin\AppData\Local\EmieBrowserModeList
2015-07-30 18:56 - 2014-07-03 13:59 - 00000000 __SHD C:\Users\Benjamin\AppData\Local\EmieUserList
2015-07-30 18:56 - 2014-07-03 13:59 - 00000000 __SHD C:\Users\Benjamin\AppData\Local\EmieSiteList
2015-07-28 20:06 - 2014-09-12 18:38 - 00000000 ____D C:\Users\Benjamin\.gimp-2.8
2015-07-28 20:06 - 2014-07-25 20:38 - 00000000 ____D C:\Users\Benjamin\AppData\Local\gtk-2.0
2015-07-26 18:36 - 2014-07-02 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-25 14:18 - 2015-03-31 19:47 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 14:34 - 2014-07-01 22:48 - 00001393 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-24 14:33 - 2014-07-01 22:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-24 11:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-24 11:34 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-23 21:51 - 2014-07-02 14:43 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-22 17:04 - 2015-04-28 18:00 - 00000000 ____D C:\ProgramData\Oracle
2015-07-22 17:03 - 2015-04-30 20:07 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-07-22 17:03 - 2015-04-30 20:07 - 00000000 ____D C:\Program Files\Java
2015-07-22 16:59 - 2013-08-22 09:44 - 00365672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-22 10:01 - 2014-12-10 23:16 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-22 10:01 - 2014-07-10 11:17 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-22 10:01 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-22 10:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-22 09:22 - 2015-01-04 21:07 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-22 09:22 - 2015-01-04 21:07 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-22 09:16 - 2015-04-29 18:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-22 09:03 - 2014-07-02 12:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-22 09:01 - 2015-03-31 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-22 09:00 - 2015-04-29 18:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 14:06 - 2014-07-03 19:17 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-07-14 14:06 - 2014-07-01 22:48 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-07-14 14:05 - 2014-07-03 19:17 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-07-14 14:05 - 2014-07-01 22:48 - 01710056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-07-13 16:10 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:10 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 20:48 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-08 20:48 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-08 15:05 - 2014-07-25 20:08 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Samsung
2015-07-08 15:05 - 2014-07-25 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-07-08 14:53 - 2014-07-25 20:08 - 00000000 ____D C:\Users\Benjamin\Documents\samsung
2015-07-08 14:52 - 2014-07-25 20:09 - 00000000 ____D C:\Program Files\SAMSUNG
2015-07-08 14:52 - 2014-07-25 20:08 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-07-08 14:52 - 2014-07-01 22:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2015-06-19 22:25 - 2015-06-19 22:25 - 0000000 ____H () C:\Users\Benjamin\AppData\Local\BITA9D4.tmp
2014-11-20 23:15 - 2015-06-08 16:40 - 0003584 _____ () C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-28 20:06 - 2015-07-28 20:06 - 0003793 _____ () C:\Users\Benjamin\AppData\Local\recently-used.xbel
2014-12-07 11:32 - 2015-04-24 19:20 - 0007599 _____ () C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg
2015-06-19 22:22 - 2015-06-19 22:24 - 0000000 _____ () C:\Users\Benjamin\AppData\Local\{DAA8BDD6-F554-487C-ADA4-328A90C1E2F2}
2014-07-01 23:05 - 2014-07-01 23:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Benjamin\AppData\Local\Temp\avgnt.exe
C:\Users\Benjamin\AppData\Local\Temp\Execute2App.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Benjamin\AppData\Local\Temp\msvcp90.dll
C:\Users\Benjamin\AppData\Local\Temp\msvcr90.dll
C:\Users\Benjamin\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Benjamin\AppData\Local\Temp\nvStInst.exe
C:\Users\Benjamin\AppData\Local\Temp\un29264.exe
C:\Users\Benjamin\AppData\Local\Temp\unInstall2.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 16:54
 
==================== End of log ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:01 AM

Posted 11 August 2015 - 09:05 AM

Greetings GameMaster and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I don't see any obvious evidence of malware but there are some things we can clean up.

Please do this. Once we finish with these steps we will address your USB device.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
2015-06-19 22:25 - 2015-06-19 22:25 - 0000000 ____H () C:\Users\Benjamin\AppData\Local\BITA9D4.tmp
C:\Users\Benjamin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Benjamin\AppData\Local\Temp\avgnt.exe
C:\Users\Benjamin\AppData\Local\Temp\Execute2App.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Benjamin\AppData\Local\Temp\msvcp90.dll
C:\Users\Benjamin\AppData\Local\Temp\msvcr90.dll
C:\Users\Benjamin\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Benjamin\AppData\Local\Temp\nvStInst.exe
C:\Users\Benjamin\AppData\Local\Temp\un29264.exe
C:\Users\Benjamin\AppData\Local\Temp\unInstall2.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Please rerun FRST making sure to check Addition.txt and post both logs
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST.txt
  • Addition.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 11 August 2015 - 11:50 AM

Hello Gary,

 

Yes, it's fine to call my by my first name (it's Ben).

 

I made the fixlist text file and ran FRST and clicked "Fix" and it made fixlog.txt. However, when I re-run FRST, do you want me to first delete FRST.txt and Addition.txt? Also, do you want me to post what's in FRST.txt as well as what's in Addition.txt?

 

Thank you for volunteering to assist me.

 

EDIT: I should mention that I have been using this PC after I posted those logs (as I doubt it has malware, just wanted to be sure). I now realize that that could interfere with you helping me. So, I won't use it anymore (unless necessary to fix the problem) until this is sorted.

 

EDIT 2: I forgot to ask if you would want me to do anything over as I have made changes to my computer (I remember installing Skype, playing some games, installing ROBLOX, which is a game, for another user but there could have been more things. I know I created a new user account recently and installed Minecraft for it, not sure if it was after making the FRST.txt and Addition.txt logs). Sorry about that.


Edited by GameMaster, 11 August 2015 - 12:05 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:01 AM

Posted 11 August 2015 - 02:33 PM

Hi Ben,

Thank you for being cautious. You can use your computer, just try to not make any program changes or run any tools unless instructed to do so.

You can delete any existing FRST.txt and/or Addition.txt documents your currently have and then run FRST for fresh logs.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 11 August 2015 - 03:11 PM

Hi Gary,

 

I'm a bit confused. Do you want me to rerun FRST as instructed to do so here first so you can get fresh logs (because some things were changed on this PC which I mentioned in Edit 2) and then run it again following your instructions or should I just do what you said to do in your first post? Furthermore, it looks as if the Addition file is missing from my first post.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:01 AM

Posted 11 August 2015 - 03:19 PM

Sorry let me try to clear things up. Yes, the Addition.txt file is missing from the first Post. What I would like are brand new FRST.txt and Addition.txt reports so we can see the current state of your computer. You should only need to run it once but be sure the Addition.txt box is checked before you do the scan.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 11 August 2015 - 03:30 PM

Alright, thank you. I apologize for that.
 
I am going to include the fixlog.txt anyway as I have already done that portion of what you said to do and it seems you want it. FRST.txt is underneath that and I have attached Addition.txt making sure the box was checked in the program.
 
Fixlog.txt (Before Running the Other Logs Below)
 
Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Benjamin (2015-08-11 11:39:53) Run:1
Running from C:\Users\Benjamin\Desktop
Loaded Profiles: Benjamin (Available Profiles: Benjamin & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
2015-06-19 22:25 - 2015-06-19 22:25 - 0000000 ____H () C:\Users\Benjamin\AppData\Local\BITA9D4.tmp
C:\Users\Benjamin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Benjamin\AppData\Local\Temp\avgnt.exe
C:\Users\Benjamin\AppData\Local\Temp\Execute2App.exe
C:\Users\Benjamin\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Benjamin\AppData\Local\Temp\msvcp90.dll
C:\Users\Benjamin\AppData\Local\Temp\msvcr90.dll
C:\Users\Benjamin\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Benjamin\AppData\Local\Temp\nvStInst.exe
C:\Users\Benjamin\AppData\Local\Temp\un29264.exe
C:\Users\Benjamin\AppData\Local\Temp\unInstall2.exe
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
GPUZ => service removed successfully
klkbdflt2 => service could not remove
C:\Users\Benjamin\AppData\Local\BITA9D4.tmp => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\avgnt.exe => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\Execute2App.exe => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\msvcp90.dll => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\msvcr90.dll => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\npp.6.7.5.Installer.exe => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI.dll => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\nvStInst.exe => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\un29264.exe => moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\unInstall2.exe => moved successfully.
 
==== End of Fixlog 11:39:54 ====
 
 
 
 
FRST.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02
Ran by Benjamin (administrator) on BENS_PC (11-08-2015 15:25:25)
Running from C:\Users\Benjamin\Desktop
Loaded Profiles: Benjamin (Available Profiles: Benjamin & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Chris Pietschmann (http://pietschsoft.com)) D:\Applications\Virtual Router\VirtualRouterService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Benjamin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Chris Pietschmann (http://pietschsoft.com)) D:\Applications\Virtual Router\VirtualRouterClient.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2014-07-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [62464 2015-06-18] ()
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [Steam] => D:\Applications\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53661824 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\Run: [GoogleChromeAutoLaunch_2CB4D10DAD5AE20CADEFA2B4E24F69E5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2015-07-31]
ShortcutTarget: Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()
Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-06-04]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4000855795-3865398248-637190310-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-22] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-22] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{19703A09-E39F-46C7-8C8F-1100EE270C6C}: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-08] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-08] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-08] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4000855795-3865398248-637190310-1001: @nsroblox.roblox.com/launcher -> C:\Users\Benjamin\AppData\Local\Roblox\Versions\version-3ea30293a6494961\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4000855795-3865398248-637190310-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Benjamin\AppData\Local\Roblox\Versions\version-3ea30293a6494961\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF user.js: detected! => C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default\user.js [2014-12-13]
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default\searchplugins\duckduckgo.xml [2014-11-04]
FF Extension: WOT - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\7g4x6tj2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-22]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-08]
 
Chrome: 
=======
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-09]
CHR Extension: (Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-09]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-09]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-09]
CHR Extension: (Google Sheets) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-09]
CHR Extension: (Google Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-09]
CHR Extension: (Quizlet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bgofflgeghkhocbociocnckocbjmomjh [2015-08-09]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-08-09]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-09]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-09]
CHR Extension: (Kaspersky Protection) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-09]
CHR Extension: (Google Sheets) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-09]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-08-09]
CHR Extension: (Google Play Movies & TV) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2015-08-09]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-08-09]
CHR Extension: (Google Play) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-08-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-09]
CHR Extension: (Google Cast API) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mafeflapfdfljijmlienjedomfjfmhpd [2015-08-09]
CHR Extension: (Google Mail Checker) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-08-09]
CHR Extension: (Hangouts) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
CHR Extension: (Outlook.com) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-08-09]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
Opera: 
=======
OPR Extension: (DuckDuckGo) - C:\Users\Benjamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2014-11-04]
OPR Extension: (weboftrust) - C:\Users\Benjamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2014-11-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe [69448 2015-05-28] (Google Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 Virtual Router; D:\Applications\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com)) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2014-07-01] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-06-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-06-27] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-06-27] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-11 15:25 - 2015-08-11 15:25 - 00024768 _____ C:\Users\Benjamin\Desktop\FRST.txt
2015-08-11 11:39 - 2015-08-11 14:56 - 00000000 ____D C:\Users\Benjamin\Desktop\FRST-OlderVersion
2015-08-08 22:07 - 2015-08-09 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 20:21 - 2015-08-08 20:22 - 00000000 ____D C:\Users\Benjamin\Documents\Freemake
2015-08-08 20:21 - 2015-08-08 20:21 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-08 20:21 - 2015-08-08 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-08 20:21 - 2015-08-08 20:21 - 00000000 ____D C:\ProgramData\Freemake
2015-08-08 20:18 - 2015-08-08 20:18 - 01271792 _____ (Ellora Assets Corporation ) C:\Users\Benjamin\Downloads\FreemakeVideoConverterSetup.exe
2015-08-08 14:33 - 2015-08-08 14:33 - 00000000 ____D C:\Users\Guest\Documents\ROBLOX
2015-08-08 14:27 - 2015-08-08 14:27 - 00001364 _____ C:\Users\Guest\Desktop\ROBLOX Player.lnk
2015-08-08 14:25 - 2015-08-08 16:46 - 00000000 ____D C:\Users\Guest\AppData\Local\Roblox
2015-08-08 14:25 - 2015-08-08 14:28 - 00001376 _____ C:\Users\Guest\Desktop\ROBLOX Studio.lnk
2015-08-08 14:25 - 2015-08-08 14:28 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-08 14:22 - 2015-08-08 14:22 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2015-08-07 15:13 - 2015-08-11 15:25 - 00000000 ____D C:\FRST
2015-08-07 15:11 - 2015-08-11 14:56 - 02172928 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST64.exe
2015-08-03 20:43 - 2015-08-03 20:44 - 16722432 _____ C:\Users\Benjamin\Downloads\mumble-1.2.10.msi
2015-08-02 17:52 - 2015-08-02 17:52 - 00001279 _____ C:\Users\Guest\Desktop\Minecraft - Shortcut.lnk
2015-08-02 17:51 - 2015-08-02 17:52 - 00000000 ____D C:\Users\Guest\Documents\Minecraft
2015-08-02 16:55 - 2015-08-02 16:55 - 00000000 ____D C:\Users\Guest\AppData\Roaming\NVIDIA
2015-08-02 16:48 - 2015-08-03 19:04 - 00000000 ____D C:\Users\Guest\AppData\Roaming\.minecraft
2015-08-02 16:48 - 2015-08-02 16:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\java
2015-08-02 16:43 - 2015-08-02 16:43 - 00000000 ____D C:\Users\Guest\AppData\Local\Chris_Pietschmann_(http__
2015-08-02 16:40 - 2015-08-03 20:39 - 00000000 ____D C:\Users\Guest
2015-08-02 16:40 - 2015-08-02 16:45 - 00002275 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2015-08-02 16:40 - 2015-08-02 16:40 - 00002346 _____ C:\Users\Guest\Desktop\Safe Money.lnk
2015-08-02 16:40 - 2015-08-02 16:40 - 00001442 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-02 16:40 - 2015-08-02 16:40 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\NVIDIA Corporation
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\NVIDIA
2015-08-02 16:40 - 2015-08-02 16:40 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-08-02 16:40 - 2015-03-10 18:48 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-02 16:40 - 2014-11-18 19:01 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-02 16:40 - 2014-11-18 19:01 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-02 16:40 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-08-02 16:40 - 2014-02-21 23:37 - 00000369 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-08-02 16:40 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-01 18:45 - 2015-08-01 18:45 - 00000557 _____ C:\Users\Benjamin\Desktop\sfc scannow 8-1-15.txt
2015-08-01 17:36 - 2015-08-01 17:36 - 00000276 _____ C:\Users\Benjamin\Downloads\debug.log
2015-08-01 17:35 - 2015-08-01 17:36 - 04089160 _____ (Google) C:\Users\Benjamin\Downloads\chrome_cleanup_tool.exe
2015-08-01 16:45 - 2015-08-01 18:28 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-01 16:45 - 2015-08-01 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-01 16:45 - 2015-08-01 16:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-01 16:45 - 2015-08-01 16:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-01 16:45 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-01 16:45 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-01 16:45 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-01 16:42 - 2015-08-01 16:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Benjamin\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-01 13:32 - 2015-08-01 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-01 12:16 - 2015-08-11 15:22 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Skype
2015-08-01 12:16 - 2015-08-01 13:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-01 12:16 - 2015-08-01 13:29 - 00000000 ____D C:\ProgramData\Skype
2015-08-01 12:16 - 2015-08-01 12:16 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-01 12:16 - 2015-08-01 12:16 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Skype
2015-08-01 12:16 - 2015-08-01 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-01 12:13 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-01 12:13 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-01 12:13 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-31 21:17 - 2015-07-31 21:17 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Chris_Pietschmann_(http__
2015-07-31 21:14 - 2015-07-31 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
2015-07-31 21:13 - 2015-07-31 21:13 - 01373696 _____ C:\Users\Benjamin\Downloads\VirtualRouterInstaller.msi
2015-07-28 20:06 - 2015-07-28 20:06 - 00003793 _____ C:\Users\Benjamin\AppData\Local\recently-used.xbel
2015-07-28 13:05 - 2015-07-25 08:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-24 14:33 - 2015-07-02 23:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-07-24 14:33 - 2015-07-02 23:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-07-23 21:02 - 2015-07-23 21:02 - 00000000 ____D C:\Users\Benjamin\AppData\Local\CEF
2015-07-22 09:04 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-22 09:04 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-22 09:03 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-22 09:03 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-22 09:03 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-22 09:03 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-22 09:03 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-22 09:03 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-22 09:03 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-22 09:03 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-22 09:01 - 2015-04-30 20:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-07-22 09:01 - 2015-04-30 20:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-07-22 09:01 - 2015-04-30 20:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-07-22 08:51 - 2015-07-09 14:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-22 08:51 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-22 08:51 - 2015-07-09 11:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-22 08:51 - 2015-07-09 10:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-22 08:51 - 2015-07-09 10:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-22 08:51 - 2015-07-09 10:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-22 08:51 - 2015-07-09 10:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-22 08:51 - 2015-07-09 10:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-22 08:51 - 2015-07-09 10:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-22 08:51 - 2015-07-09 10:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-22 08:51 - 2015-07-09 10:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-22 08:51 - 2015-07-09 10:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-22 08:51 - 2015-07-09 10:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-22 08:51 - 2015-07-01 17:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-22 08:51 - 2015-07-01 16:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-22 08:51 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-22 08:51 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-22 08:51 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-22 08:51 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-22 08:51 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-22 08:51 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-22 08:51 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-22 08:51 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-22 08:51 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-22 08:51 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-22 08:51 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-22 08:51 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-22 08:51 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-22 08:51 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-22 08:51 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-22 08:51 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-22 08:51 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-22 08:51 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-22 08:51 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-22 08:51 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-22 08:51 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-22 08:51 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-22 08:51 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-22 08:51 - 2015-06-24 21:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-22 08:51 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-22 08:51 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-22 08:51 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-22 08:51 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-22 08:51 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-22 08:51 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-22 08:51 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-22 08:51 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-22 08:51 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-22 08:51 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-22 08:51 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-22 08:51 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-22 08:51 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-07-22 08:51 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-22 08:51 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-22 08:51 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-22 08:51 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-22 08:51 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-22 08:51 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-22 08:51 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-22 08:51 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-22 08:51 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-22 08:51 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-22 08:51 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-22 08:51 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-22 08:51 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-22 08:50 - 2015-07-14 09:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-22 08:50 - 2015-07-14 09:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-22 08:50 - 2015-07-14 09:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-22 08:50 - 2015-07-14 09:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-22 08:50 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-22 08:50 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-22 08:50 - 2015-06-15 17:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-22 08:50 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-22 08:50 - 2015-06-15 17:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-22 08:50 - 2015-06-15 17:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-22 08:50 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-22 08:50 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-22 08:50 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-22 08:50 - 2015-06-15 16:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-22 08:50 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-22 08:50 - 2015-06-15 16:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-22 08:50 - 2015-06-15 16:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-22 08:50 - 2015-06-15 16:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-22 08:50 - 2015-06-15 16:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-22 08:50 - 2015-06-15 16:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-22 08:50 - 2015-06-15 16:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-22 08:50 - 2015-06-15 16:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-22 08:50 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-22 08:50 - 2015-06-15 16:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-22 08:50 - 2015-06-15 16:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-22 08:50 - 2015-06-15 15:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-22 08:50 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-22 08:50 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-22 08:50 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-22 08:50 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-22 08:50 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-22 08:50 - 2015-06-15 15:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-22 08:50 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-22 08:50 - 2015-06-15 15:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-22 08:50 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-22 08:50 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-22 08:50 - 2015-06-15 15:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-22 08:50 - 2015-06-15 15:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-22 08:50 - 2015-06-15 15:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-22 08:50 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-22 08:50 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-22 08:50 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-22 08:50 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-22 08:50 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-22 08:50 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-22 08:50 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-22 08:50 - 2015-04-28 08:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-22 08:50 - 2015-04-28 08:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-22 08:50 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-22 08:50 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-11 15:22 - 2014-05-03 17:56 - 00000000 __RDO C:\Users\Benjamin\SkyDrive
2015-08-11 15:21 - 2014-12-18 20:13 - 00087038 _____ C:\WINDOWS\setupact.log
2015-08-11 15:20 - 2015-04-06 18:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-11 15:20 - 2015-01-04 21:07 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 15:20 - 2014-07-02 14:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-11 15:20 - 2014-07-01 22:39 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-11 15:20 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-11 15:12 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-11 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-11 14:51 - 2014-07-02 14:43 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-11 14:41 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-11 14:40 - 2014-07-01 22:10 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4000855795-3865398248-637190310-1001
2015-08-11 11:39 - 2014-07-01 22:02 - 01963163 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-11 11:29 - 2015-04-03 10:49 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16A2CA1E-6E40-44E2-90EA-BD97AD847DD2}
2015-08-11 11:28 - 2015-01-04 21:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 19:35 - 2014-07-01 23:30 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\HexChat
2015-08-10 18:31 - 2015-04-28 18:35 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\TS3Client
2015-08-10 17:49 - 2015-05-27 22:58 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\.minecraft
2015-08-09 20:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-09 18:16 - 2014-07-02 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 18:16 - 2013-09-29 22:55 - 01499820 _____ C:\WINDOWS\PFRO.log
2015-08-08 20:05 - 2015-05-06 18:33 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Bvckup2
2015-08-07 12:45 - 2014-07-02 13:33 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-06 09:59 - 2014-10-26 14:09 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1414350579
2015-08-06 09:59 - 2014-10-26 14:09 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-06 09:59 - 2014-10-26 14:09 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-05 19:27 - 2014-05-03 17:54 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Packages
2015-08-04 20:55 - 2015-04-28 18:35 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2015-08-03 21:54 - 2015-04-29 18:24 - 00086016 _____ C:\Users\Benjamin\murmur.sqlite
2015-08-03 21:54 - 2014-07-01 22:02 - 00000000 ____D C:\Users\Benjamin
2015-08-03 20:46 - 2014-07-02 13:04 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Mumble
2015-08-03 20:45 - 2015-04-29 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2015-08-03 20:45 - 2015-04-29 18:16 - 00000000 ____D C:\Program Files (x86)\Mumble
2015-08-01 22:28 - 2014-10-26 09:52 - 00000580 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-08-01 17:36 - 2014-07-01 23:20 - 00000000 ____D C:\Users\Benjamin\AppData\Local\Google
2015-08-01 13:32 - 2014-07-01 23:20 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-01 12:16 - 2013-08-22 10:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-30 19:35 - 2014-11-23 14:15 - 00000000 ____D C:\WINDOWS\Panther
2015-07-30 19:32 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-30 18:56 - 2014-12-13 14:59 - 00000000 __SHD C:\Users\Benjamin\AppData\Local\EmieBrowserModeList
2015-07-30 18:56 - 2014-07-03 13:59 - 00000000 __SHD C:\Users\Benjamin\AppData\Local\EmieUserList
2015-07-30 18:56 - 2014-07-03 13:59 - 00000000 __SHD C:\Users\Benjamin\AppData\Local\EmieSiteList
2015-07-28 20:06 - 2014-09-12 18:38 - 00000000 ____D C:\Users\Benjamin\.gimp-2.8
2015-07-28 20:06 - 2014-07-25 20:38 - 00000000 ____D C:\Users\Benjamin\AppData\Local\gtk-2.0
2015-07-25 14:18 - 2015-03-31 19:47 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 14:34 - 2014-07-01 22:48 - 00001393 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-24 14:33 - 2014-07-01 22:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-24 11:49 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-24 11:34 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-22 17:04 - 2015-04-28 18:00 - 00000000 ____D C:\ProgramData\Oracle
2015-07-22 17:03 - 2015-04-30 20:07 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-07-22 17:03 - 2015-04-30 20:07 - 00000000 ____D C:\Program Files\Java
2015-07-22 16:59 - 2013-08-22 09:44 - 00365672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-22 10:01 - 2014-12-10 23:16 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-22 10:01 - 2014-07-10 11:17 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-22 10:01 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-22 10:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-22 09:22 - 2015-01-04 21:07 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-22 09:22 - 2015-01-04 21:07 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-22 09:16 - 2015-04-29 18:00 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-22 09:03 - 2014-07-02 12:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-22 09:01 - 2015-03-31 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-22 09:00 - 2015-04-29 18:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 14:06 - 2014-07-03 19:17 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-07-14 14:06 - 2014-07-01 22:48 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-07-14 14:05 - 2014-07-03 19:17 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-07-14 14:05 - 2014-07-01 22:48 - 01710056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-07-13 16:10 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:10 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-11-20 23:15 - 2015-06-08 16:40 - 0003584 _____ () C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-28 20:06 - 2015-07-28 20:06 - 0003793 _____ () C:\Users\Benjamin\AppData\Local\recently-used.xbel
2014-12-07 11:32 - 2015-04-24 19:20 - 0007599 _____ () C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg
2015-06-19 22:22 - 2015-06-19 22:24 - 0000000 _____ () C:\Users\Benjamin\AppData\Local\{DAA8BDD6-F554-487C-ADA4-328A90C1E2F2}
2014-07-01 23:05 - 2014-07-01 23:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\FreemakeVideoConverterFull.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 16:54
 
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by Benjamin (2015-08-11 15:25:40)
Running from C:\Users\Benjamin\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4000855795-3865398248-637190310-500 - Administrator - Disabled)
Benjamin (S-1-5-21-4000855795-3865398248-637190310-1001 - Administrator - Enabled) => C:\Users\Benjamin
Guest (S-1-5-21-4000855795-3865398248-637190310-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4000855795-3865398248-637190310-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{4198fd8f-98bd-4240-9b3a-ab2643e532f6}) (Version: 1.3.708.0 - Futuremark)
3DMark (Version: 1.3.708.0 - Futuremark) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Blender (HKLM\...\Blender) (Version: 2.74 - Blender Foundation)
Bvckup 2 / Release 74.12 (HKLM\...\Bvckup2) (Version: - )
Chrome Remote Desktop Host (HKLM-x32\...\{FD6E648E-1378-467F-AD37-2B98B379B0DD}) (Version: 44.0.2403.25 - Google Inc.)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskMark 4.0.3a (HKLM\...\CrystalDiskMark4_is1) (Version: 4.0.3a - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DLC Quest (HKLM-x32\...\Steam App 230050) (Version: - Going Loud Studios)
EDGE (HKLM-x32\...\Steam App 38740) (Version: - Two Tribes)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version: - Edge Case Games Ltd.)
Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{4115C9AA-35E0-45D8-9363-47635B8750C7}) (Version: 4.29.438.0 - Futuremark)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
LibreOffice 4.3.7.2 (HKLM-x32\...\{8ED4A1FC-56CF-414C-A9AB-A37714AA9EA7}) (Version: 4.3.7.2 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Mumble 1.2.10 (HKLM-x32\...\{63243F5C-E941-4461-A4B0-2689A9A3BF13}) (Version: 1.2.10 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Portal 2 Authoring Tools - Beta (HKLM-x32\...\Steam App 629) (Version: - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version: - Prism Studios)
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
ROBLOX Player for Benjamin (HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Benjamin (HKU\S-1-5-21-4000855795-3865398248-637190310-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
RUSH (HKLM-x32\...\Steam App 38720) (Version: - Two Tribes)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15064.11 - Samsung Electronics Co., Ltd.) Hidden
Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Squishy the Suicidal Pig (HKLM-x32\...\Steam App 318430) (Version: - Tomi Maarela)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
Thinking with Time Machine (HKLM-x32\...\Steam App 286080) (Version: - Stridemann)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
Toki Tori (HKLM-x32\...\Steam App 38700) (Version: - Two Tribes)
Toki Tori 2+ (HKLM-x32\...\Steam App 201420) (Version: - Two Tribes)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4000855795-3865398248-637190310-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> D:\Applications\Blender Foundation\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-4000855795-3865398248-637190310-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Roblox\Versions\version-3ea30293a6494961\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-4000855795-3865398248-637190310-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Benjamin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

22-07-2015 09:00:08 Windows Update
28-07-2015 13:33:03 Windows Update
31-07-2015 21:13:54 Installed Virtual Router v1.0
03-08-2015 20:44:53 Installed Mumble 1.2.10

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {48BC938C-7AAD-447D-82D6-E31FFEF4E371} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4000855795-3865398248-637190310-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {4F6D1F97-DB85-4D32-A603-75709865385D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: {6FE66AF5-2177-458F-B972-87A501F28C88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: {9CF1D8B7-8E48-4DD4-AA86-4BB304B64862} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {BF148DB3-36FD-4EB8-A54A-D11BBC2C7CCF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BFB69307-18F5-45D3-9B48-3427299A525A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {CDC84489-FD2E-4486-906D-3AC87181722B} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {E9821D0B-1E3D-4D9B-922C-71A22CF8F30F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {EBC354AA-F8E9-488F-9DB3-65F288B0482E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {FA1FEA59-4229-4305-B533-22CB821A8360} - System32\Tasks\Opera scheduled Autoupdate 1414350579 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-30] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-01 22:38 - 2015-05-27 23:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-24 08:28 - 2015-03-24 08:28 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-03-24 08:28 - 2015-03-24 08:28 - 00775872 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-03-24 08:27 - 2015-03-24 08:27 - 00058368 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2015-03-24 08:27 - 2015-03-24 08:27 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2015-03-24 08:27 - 2015-03-24 08:27 - 00022016 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2015-03-24 08:27 - 2015-03-24 08:27 - 00020992 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2015-08-08 20:21 - 2015-06-18 12:22 - 00062464 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2013-08-22 02:19 - 2013-08-22 01:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2015-03-31 19:05 - 2015-07-14 14:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-11 11:28 - 2015-08-07 19:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-11 11:28 - 2015-08-07 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-11 11:28 - 2015-08-07 19:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
2014-07-01 22:55 - 2013-09-03 16:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Benjamin\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4000855795-3865398248-637190310-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0E0561FD-B82D-4F6B-9565-8B4966E89BEE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{29F7DEA4-D41D-4645-A07A-16E0523E1EED}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{650F5F1C-A057-426E-BE20-24A67CB2D995}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B058371A-7F87-41DF-A3C1-56C7857071CA}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [TCP Query User{59391FD6-C7E5-4EBD-8BCE-9A973CA08FAE}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{708F1723-7CBB-4E9F-989B-F8B960C02536}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [{24AEFBF3-1529-4658-B25E-B4CCDEB461EA}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{C8B51F20-6E1A-41F8-939B-0CE94475EE10}] => (Allow) D:\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{2A90A7AC-AAAD-4F9D-BF0C-2F3A0C64E359}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D01324ED-0579-4C2A-A882-BE6CECEE1056}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{237638EF-57A6-48FF-A00C-2F8CB6EE0A52}] => (Allow) D:\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{746872C5-6A87-4444-A799-82965EB80062}] => (Allow) D:\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{5DD9A6B9-EBDF-4873-B3A1-633FB8C87B2E}C:\program files\hexchat\hexchat.exe] => (Block) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{6178346C-56A3-40DB-978C-D0544CEDEAC4}C:\program files\hexchat\hexchat.exe] => (Block) C:\program files\hexchat\hexchat.exe
FirewallRules: [{789100DB-1388-4B2A-9049-D26EC23E8F02}] => (Allow) D:\Steam\SteamApps\common\DLC Quest\DLC.exe
FirewallRules: [{78EF6974-4540-4C3E-8394-F3A9B1E02CDD}] => (Allow) D:\Steam\SteamApps\common\DLC Quest\DLC.exe
FirewallRules: [{05173380-AE27-4614-81CA-99AE62FCB017}] => (Allow) D:\Steam\SteamApps\common\Portal 2\bin\SDKLauncher.exe
FirewallRules: [{6112D0F4-1B5D-43A5-A6EA-278D5DC4024D}] => (Allow) D:\Steam\SteamApps\common\Portal 2\bin\SDKLauncher.exe
FirewallRules: [{D8774CCA-8219-483E-983C-187725E2BEE9}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{6BE7CEB4-5967-4049-B2E6-BEEE1F387475}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{8CF68E3B-3E75-4A3B-A4B6-9CBF82F9A207}] => (Allow) D:\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{8A5925A2-5E74-4704-B367-B37EE8FC829F}] => (Allow) D:\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{76ECC82A-ED73-4CBA-AE4B-D6688F792DA8}] => (Allow) D:\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{C8D1D2D7-3ACE-45BA-B8D7-4703349E9C85}] => (Allow) D:\Steam\SteamApps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{E55D0035-F9DA-4E0D-B294-0328F12AFF7A}] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [{627B447A-D880-4286-B396-3943A67B5EE4}] => (Allow) D:\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{8386F662-FEEC-4DF2-A459-D5C479D5F1F3}] => (Allow) D:\Steam\SteamApps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{F7E07A6F-DDCE-47E6-B7D3-55A8408FFC51}] => (Allow) D:\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{5A4E876C-82FB-4BD7-9A9F-3F2A22EDD88F}] => (Allow) D:\Steam\SteamApps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{F4402FCD-EB7C-48BD-A84F-CC1EA871BE42}] => (Allow) D:\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{818EBF7B-A4DD-437C-B328-2746C58498BF}] => (Allow) D:\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{A56E0524-68D2-44AB-ACA6-CA40E6DF43CA}] => (Allow) C:\Users\Benjamin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5B069D40-F26D-4843-A013-CB795548DD9F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3BC02939-88D5-4DF8-BECD-B6ED790982D0}] => (Allow) LPort=2869
FirewallRules: [{B2252790-B1A9-4861-815E-48039DC12AE7}] => (Allow) LPort=1900
FirewallRules: [{1F80E751-A5EE-40B4-98AB-C2333CE17951}] => (Allow) D:\Steam\SteamApps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{C6E73EA8-AC4D-48E2-8037-65B6CA23016A}] => (Allow) D:\Steam\SteamApps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{99C1F6A1-A9DD-4B55-9DA5-61EF56FB5359}] => (Allow) D:\Steam\SteamApps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{99802064-5164-4150-8DC4-50EB028A5B41}] => (Allow) D:\Steam\SteamApps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{5E8A72EB-BD03-401E-B04D-0334E63A9951}] => (Allow) D:\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{878F3115-3807-4EB5-B011-CB24AC8BDBAC}] => (Allow) D:\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{FF625032-FF56-46FB-BAA4-82A396504CBE}] => (Allow) D:\Steam\SteamApps\common\EDGE\edge.exe
FirewallRules: [{3D90E846-1BF7-47D5-A70B-D84F23D0E6BF}] => (Allow) D:\Steam\SteamApps\common\EDGE\edge.exe
FirewallRules: [{08165BD6-62E7-4723-B074-A31721A95604}] => (Allow) D:\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [{0DDDA0A9-7C5A-4F01-8718-9592473B42C9}] => (Allow) D:\Steam\SteamApps\common\RUSH\rush.exe
FirewallRules: [{629F9B4E-EEF7-48B5-9C9C-15B7D64A5368}] => (Allow) D:\Steam\SteamApps\common\Toki Tori\tokitori.exe
FirewallRules: [{994F9577-ADC3-4A84-9A94-791511479C61}] => (Allow) D:\Steam\SteamApps\common\Toki Tori\tokitori.exe
FirewallRules: [{C1CE2506-988B-47DA-986A-0CA2D65242B6}] => (Allow) D:\Steam\SteamApps\common\Toki Tori 2\tokitori2.exe
FirewallRules: [{3F8B0134-0F61-4E70-816A-D292F967B9EB}] => (Allow) D:\Steam\SteamApps\common\Toki Tori 2\tokitori2.exe
FirewallRules: [{511371EE-ED6F-433D-ABEC-650804C4C4D6}] => (Allow) D:\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{A9B8A572-8A16-4D55-AD1F-F6E3C085D345}] => (Allow) D:\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{E13C1F32-AF6D-4B04-8F23-EFF7AF4B1E7F}] => (Allow) D:\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{0F3EA7A8-FE19-45CC-B9BA-62F89492BFF7}] => (Allow) D:\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{5158CD6A-9A9A-4D0D-A4BE-FD1D8D8F6300}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{093732A6-E65B-41AF-9FA7-90A8C8068DC3}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2819A7C1-1417-4C45-94C6-C4C80AA24660}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E30662E9-6668-4DC7-A892-610C88447080}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01EC95E6-3AA3-40C1-96B8-8DE0CCFBCCEB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{5A252321-C528-48A2-89C3-AF1A1CCADAFE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{5995D344-9FF9-4EF4-AE75-B6899F9419CD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{5A9830CA-2053-4E63-B3AC-63369B87728D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{4A34AF98-F65A-4E92-8754-61AA2DAC2139}] => (Allow) D:\Steam\SteamApps\common\Squishy\bin\squishy.exe
FirewallRules: [{384E9567-73BC-4D2C-A2AF-66E8AD887B49}] => (Allow) D:\Steam\SteamApps\common\Squishy\bin\squishy.exe
FirewallRules: [{1A478763-831A-4879-A371-3935AC4487E7}] => (Allow) D:\Applications\Steam\Steam.exe
FirewallRules: [{832DC9D3-128C-4615-AED6-5DF45D92DA5B}] => (Allow) D:\Applications\Steam\Steam.exe
FirewallRules: [{894DBA93-D081-4521-B038-834F034F24B8}] => (Allow) D:\Applications\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{21EAFB66-BDE9-48DA-8D55-D50687852E33}] => (Allow) D:\Applications\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{B0F9C78F-5B51-4D4A-97E9-5B8331D81EFD}] => (Allow) D:\Applications\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{89A59448-5FC2-4112-8817-944088356DBB}] => (Allow) D:\Applications\Steam\steamapps\common\DLC Quest\DLC.exe
FirewallRules: [{BC3B1FCF-85BD-42F3-ACBE-5BF364176F70}] => (Allow) D:\Applications\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{B5A12E02-E45B-40B1-B0D2-E4A97AF93976}] => (Allow) D:\Applications\Steam\steamapps\common\EDGE\edge.exe
FirewallRules: [{6B26B8FD-FFA7-4653-A129-623A7C5EEB69}] => (Allow) D:\Applications\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{6DEEEFD6-AB54-4EC5-8745-5F9E819F4792}] => (Allow) D:\Applications\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5D5F556C-2108-44B4-9E7A-5DF835DDAD50}] => (Allow) D:\Applications\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{03C8996D-8DCD-4516-B7D4-CC7C6F73F9EE}] => (Allow) D:\Applications\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{23C1374C-EF0D-4297-9FCD-28B7050953DE}] => (Allow) D:\Applications\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{62EC3278-5940-4B2A-A196-4F16CD3ED079}] => (Allow) D:\Applications\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{7995AE48-A67E-45A3-A4A1-1FA345F36476}] => (Allow) D:\Applications\Steam\steamapps\common\RUSH\rush.exe
FirewallRules: [{345481F6-EFE5-4672-B825-664C51882C72}] => (Allow) D:\Applications\Steam\steamapps\common\RUSH\rush.exe
FirewallRules: [{66CB5F76-2AB5-40FB-B533-981EEA866BA6}] => (Allow) D:\Applications\Steam\steamapps\common\Squishy\bin\squishy.exe
FirewallRules: [{C1F19E7F-B75E-4CCC-80EA-AA02B8FE9A10}] => (Allow) D:\Applications\Steam\steamapps\common\Squishy\bin\squishy.exe
FirewallRules: [{E58209ED-1EDC-4154-AED8-72B1B59B71E2}] => (Allow) D:\Applications\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{916BD9AF-C4FE-4160-A12F-4E50E190914E}] => (Allow) D:\Applications\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1C207994-7BD3-47A1-B03E-ABAE86533F9B}] => (Allow) D:\Applications\Steam\steamapps\common\Toki Tori\tokitori.exe
FirewallRules: [{FA8694CF-23E2-40C2-94D2-C9B697A53AAE}] => (Allow) D:\Applications\Steam\steamapps\common\Toki Tori\tokitori.exe
FirewallRules: [{1EA8F159-29A8-4852-9CEB-9E2F89EC0A2F}] => (Allow) D:\Applications\Steam\steamapps\common\Toki Tori 2\tokitori2.exe
FirewallRules: [{15B0E5E9-7572-4CB6-A908-A1C28F11736A}] => (Allow) D:\Applications\Steam\steamapps\common\Toki Tori 2\tokitori2.exe
FirewallRules: [{F58B4973-B17B-4E70-AA2A-E83632FCFBA9}] => (Allow) D:\Applications\Steam\steamapps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{FA136632-A9D8-482B-8D65-852A5321F10C}] => (Allow) D:\Applications\Steam\steamapps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{B984DC80-B66B-4502-9310-F44D32CC5F31}] => (Allow) D:\Applications\Steam\steamapps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{1567B289-1C16-448A-B092-C57959DF052C}] => (Allow) D:\Applications\Steam\steamapps\common\Thinking with Time Machine\TWTM.exe
FirewallRules: [{A20B5A06-E82D-4BDB-9C1E-98A3D8E90716}] => (Allow) D:\Applications\Steam\steamapps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{68D05FAD-C885-4136-8DDF-8600C8EDED4B}] => (Allow) D:\Applications\Steam\steamapps\common\Thinking with Time Machine\bin\SDKLauncher.exe
FirewallRules: [{CC296541-3D76-4BC8-A612-17EB68608161}] => (Allow) D:\Applications\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D3D6F8AB-2D02-45BC-B79E-9CDAC228C173}] => (Allow) D:\Applications\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5BF3E500-4775-49DB-BF3E-8D628D22038F}] => (Allow) D:\Applications\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{D224F699-57F5-4AF9-B974-E502DA1618A4}] => (Allow) D:\Applications\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{14293E1B-4066-42E4-8DDE-C1E5007D1B8E}] => (Allow) D:\Applications\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{FA20AB25-E5D7-4373-AB62-16F456A726B8}] => (Allow) D:\Applications\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{A13CE665-6FA0-4B1A-94BB-D93E5DDB88CD}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\44.0.2403.25\remoting_host.exe
FirewallRules: [{627C6AA8-D621-45B8-BE15-A3D17E11CBBA}] => (Allow) D:\Applications\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{3D50418D-E11A-444C-BFA3-0202BFE2B85E}] => (Allow) D:\Applications\Steam\steamapps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{0D306A38-2A93-4287-9B2B-EA7E0F2BE45D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6909AC32-C5A5-47C7-B152-7657C3BF8CF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0B1305E9-6C06-4A64-8E77-1C3A87B9610F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E033EC3E-4D6D-449E-A1ED-65AEF4BBCFF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0735CD75-17E1-4FC8-9A73-23BC69FA7D29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA7798F8-E1E5-455B-A014-6FFEEFBA578C}] => (Allow) D:\Applications\Steam\steamapps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{E41F0AB6-BC46-4870-9DF2-DE7AFB319397}] => (Allow) D:\Applications\Steam\steamapps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{4388DF64-16AB-47BD-A1ED-05790CD1D223}] => (Allow) D:\Applications\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{5950307E-AE14-44BF-8E0D-082375BA3711}] => (Allow) D:\Applications\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{ABFE97C0-D5A4-4CD4-897B-8983530F3FC8}] => (Allow) D:\Applications\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{754AF130-A53B-4D51-A874-F0213F2302EC}] => (Allow) D:\Applications\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{DBE3A7C9-8511-410C-B599-D02D527C3F57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2015 07:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.0.4035.328, time stamp: 0x5335ddf7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00c31c7c
Faulting process id: 0x19dc
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (08/05/2015 07:37:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (08/04/2015 07:26:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (08/04/2015 03:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: portal2.exe, version: 0.0.0.0, time stamp: 0x5432e000
Faulting module name: nvd3dum.dll, version: 9.18.13.5306, time stamp: 0x5566828b
Exception code: 0xc0000005
Fault offset: 0x006b37c5
Faulting process id: 0xcd8
Faulting application start time: 0xportal2.exe0
Faulting application path: portal2.exe1
Faulting module path: portal2.exe2
Report Id: portal2.exe3
Faulting package full name: portal2.exe4
Faulting package-relative application ID: portal2.exe5

Error: (07/30/2015 06:21:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.17415, time stamp: 0x54503c68
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000409
Fault offset: 0x000e54af
Faulting process id: 0xbe4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (07/27/2015 07:12:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/25/2015 11:05:23 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog

Details:
The content index service was stopped. (HRESULT : 0x80041812) (0x80041812)

Error: (07/25/2015 11:05:23 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (07/25/2015 11:05:23 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The data is invalid. 0x8007000d (0x8007000d)

Error: (07/24/2015 11:37:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (08/11/2015 03:20:31 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (08/11/2015 02:34:44 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (08/11/2015 11:57:09 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (08/11/2015 11:26:06 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (08/10/2015 04:48:20 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (08/09/2015 08:58:39 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (08/09/2015 08:33:20 PM) (Source: DCOM) (EventID: 10016) (User: Bens_PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Bens_PCGuestS-1-5-21-4000855795-3865398248-637190310-501LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/09/2015 08:33:10 PM) (Source: DCOM) (EventID: 10016) (User: Bens_PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Bens_PCGuestS-1-5-21-4000855795-3865398248-637190310-501LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/09/2015 08:33:10 PM) (Source: DCOM) (EventID: 10016) (User: Bens_PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Bens_PCGuestS-1-5-21-4000855795-3865398248-637190310-501LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/09/2015 08:33:10 PM) (Source: DCOM) (EventID: 10016) (User: Bens_PC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Bens_PCGuestS-1-5-21-4000855795-3865398248-637190310-501LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office:
=========================
Error: (08/08/2015 07:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.0.4035.3285335ddf7unknown0.0.0.000000000c000000500c31c7c19dc01d0d23e0daa8b99C:\Users\Benjamin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeunknown4db71519-3e31-11e5-832e-bc5ff4dfa1a0

Error: (08/05/2015 07:37:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (08/04/2015 07:26:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (08/04/2015 03:35:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: portal2.exe0.0.0.05432e000nvd3dum.dll9.18.13.53065566828bc0000005006b37c5cd801d0cef163af26daD:\Applications\Steam\steamapps\common\Portal 2\portal2.exeC:\WINDOWS\SYSTEM32\nvd3dum.dll51784051-3ae8-11e5-8324-bc5ff4dfa1a0

Error: (07/30/2015 06:21:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.3.9600.1741554503c68ntdll.dll6.3.9600.17736550f42c2c0000409000e54afbe401d0cb1e85eb1c83C:\WINDOWS\SysWOW64\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dllc3a8590a-3711-11e5-8318-bc5ff4dfa1a0

Error: (07/27/2015 07:12:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (07/25/2015 11:05:23 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: Context: Application, SystemIndex Catalog

Details:
The content index service was stopped. (HRESULT : 0x80041812) (0x80041812)

Error: (07/25/2015 11:05:23 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (07/25/2015 11:05:23 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Details:
The data is invalid. 0x8007000d (0x8007000d)
4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\decodinglayerpages.h (591)

Error: (07/24/2015 11:37:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)


==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8111.23 MB
Available physical RAM: 6222.04 MB
Total Virtual: 9391.23 MB
Available Virtual: 7082.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:39.06 GB) NTFS
Drive d: (Storage Drive) (Fixed) (Total:931.51 GB) (Free:816.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 25D4E338)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5405B35F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 11 August 2015 - 04:22 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:01 AM

Posted 11 August 2015 - 04:28 PM

Greetings Ben,

Clean as a whistle.

If you want to scan your USB you can do it this way. Just ignore the download/install portion of the Malwarebytes steps.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon Including External Drive

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Attach any external drives you want to scan if not already attached
  • Click the Scan button near the top
  • Select Custom Scan then click Scan Now >>
  • Place a check mark in any additonal drives you would like to scan
  • Click Start Scan
----------
Note:
  • If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
  • Using Windows Explorer navigate to C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows
  • Double click one of the four following files (if one does not work try the next one, and so on) - Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

ESET Online Scanner Including External Device

--------------------

I'd like us to scan your machine with ESET OnlineScan Including External Device This process may may take several hours, that is normal
  • Attach your external device
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Remove found threats
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • In the Current scan targets line click Change...
    • Place an additional check mark next to any attached external drives
    • Click OK, then Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 11 August 2015 - 04:55 PM

Is it okay if I leave "Anti-Stealth technology" enabled as well as check "Scan for potentially unsafe applications"? in the ESET online scanner?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:01 AM

Posted 11 August 2015 - 05:00 PM

Yes, that is perfectly fine.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 11 August 2015 - 07:06 PM

Hi Gary,

 

I just finished the procedures.

 

MBAM.txt

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 8/11/2015
Scan Time: 4:42 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.11.07
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Benjamin
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 377756
Time Elapsed: 4 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET Results
 
C:\Users\Benjamin\AppData\Local\Temp\FreemakeVideoConverterFull.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
C:\Users\Benjamin\Downloads\CrystalDiskMark4_0_3a-en.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Benjamin\Downloads\FreemakeVideoConverterSetup.exe a variant of Win32/OpenCandy.C potentially unsafe application deleted - quarantined
 
I knew Crystal Disk Mark had OpenCandy. I don't think OpenCandy is much of a problem though if I don't install the software it recommends. Is this correct?
 
EDIT: Also, would you still like me to provide the system information you requested?

Edited by GameMaster, 11 August 2015 - 07:08 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:01 AM

Posted 11 August 2015 - 07:40 PM

That looks good. OpenCandy is up to you. I don't need the System Information now.

How is everything? Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 11 August 2015 - 08:00 PM

Hello Gary,

 

Alright. I decided to restore the quarantined files. Anyhow, everything seems fine right now. There are no remaining issues with this PC. I do have a laptop though which the supposed support agent worked on (with remote control software). I don't see any signs of oddness on that and recently updated it to Windows 10. Would you recommend me to do anything with that PC?

 

Also, you found no malware on the PC we were working with, correct? Furthermore, why did you instruct me to clean up some files?

 

Thanks!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:01 AM

Posted 11 August 2015 - 08:11 PM

Based on our finding on this computer I don't have any reason to believe your other computer will be any different. If you would like that computer checked you will have to start another Topic.

Some of the entries were orphans. One entry was an oddly named executable (.exe). Finally, temporary files are typically expendable and since you were concerned about someone else having access the safest thing to do is to remove those temporary files.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:11:01 AM

Posted 11 August 2015 - 08:14 PM

Okay. Thank you very much for helping me. I appreciate it. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users