Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Somewhat weird version of the Name Not Available in Volume Mixer Virus [Update]


  • This topic is locked This topic is locked
15 replies to this topic

#1 Gillhajr01

Gillhajr01

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 07 August 2015 - 06:09 PM

Hello, I am a long time member of Similar websites like this and a New member of this Forum, and It caught my attention that starting today (maybe sometime else, who knows) i have had the Name not available tab in the volume mixer, However, it is not muted nor does it play any sort of sound. Also, it pops up for like 15 minutes and decides to leave again for a few hours and then magically comes back, i've used a lot of suggestions from the other posts but have no idea about what it is and how to fix it, as i'm worried it's going to lead onto worser things.

 

I've had someone assist me with this and they were very helpful, unfortuantly the nasty thing has not bein caught as it's still lurking around.

I managed to get a FBAR scan while the thing was on the volume mixer. And when it came, it crashed my Cs:go and really slowed my internet for about 10 seconds

 

Here they are.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by Joe (administrator) on JOE-PC (07-08-2015 23:38:24)
Running from C:\Users\Joe\Desktop\Dank Av for rekin virus skrubs
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) E:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation) C:\Users\Joe\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13516360 2014-11-20] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-06-18] (Razer Inc.)
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\Run: [zASRockInstantBoot] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3837459171-1846615129-2385062822-1000 -> {A76BED22-BC2B-4c1a-AAED-34261AE42EEC} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-06] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft

Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3837459171-1846615129-2385062822-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{E94FB6ED-997B-454C-B30E-11C0854AC4FC}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{E94FB6ED-997B-454C-B30E-11C0854AC4FC}: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\eo5nrqf8.default-1403556651668
FF Homepage: https://www.google.co.uk/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((shExpMatch(url, \"https://www.netflix.com*\"))

 (shExpMatch(url, \"http://www.netflix.com*\"))

 (host == \"netflix.com\")

 (host == \"www.netflix.com\")

 (host == \"cbp-us.nccp.netflix.com\")

 (host == \"secure.netflix.com\")

 (host == \"api-global.netflix.com\")) { return 'PROXY us13.sq.proxmate.me:8000; PROXY us08.sq.proxmate.me:8000; PROXY us02.sq.proxmate.me:8000; PROXY us07.sq.proxmate.me:8000; PROXY

us01.sq.proxmate.me:8000; PROXY us06.sq.proxmate.me:8000; PROXY us05.sq.proxmate.me:8000; PROXY us09.sq.proxmate.me:8000; PROXY us14.sq.proxmate.me:8000; PROXY us03.sq.proxmate.me:8000;

PROXY us10.sq.proxmate.me:8000; PROXY us12.sq.proxmate.me:8000; PROXY us11.sq.proxmate.me:8000' } else { return 'DIRECT'; }}"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-06] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3837459171-1846615129-2385062822-1000: @hola.org/vlc,version=1.7.455 -> C:\Users\Joe\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-3837459171-1846615129-2385062822-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity

Technologies ApS)
FF Plugin HKU\S-1-5-21-3837459171-1846615129-2385062822-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-01] ()
FF Extension: Adblock Plus - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\eo5nrqf8.default-1403556651668\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-23]

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]
CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-23]
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-23]
CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-23]
CHR Extension: (Google Sheets) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]
CHR Extension: (Google Wallet) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-23]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [940928 2015-02-24] ()
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S4 Hamachi2Svc; E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2544976 2014-07-21] (LogMeIn Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S4 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-12-10] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-27] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-27] (Malwarebytes Corporation)
S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S4 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-08-21] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzKLService; E:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2014-07-24] (Asmedia Technology)
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2015-06-27] (Asmedia Technology)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-06-20] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2014-11-20] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2015-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-27] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-27] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-02-14] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-11-20] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-06-12] ()
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 23:38 - 2015-08-07 23:38 - 00000000 ____D C:\FRST
2015-08-06 16:58 - 2015-08-06 16:59 - 00001801 _____ C:\DelFix.txt
2015-08-06 16:58 - 2015-08-06 16:58 - 00000000 ____D C:\Windows\ERUNT
2015-08-06 16:14 - 2015-08-06 16:14 - 00000000 ____D C:\ProgramData\Sophos
2015-08-06 16:14 - 2015-08-06 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-08-06 16:14 - 2015-08-06 16:14 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-08-06 11:59 - 2015-08-06 11:59 - 00000000 ____D C:\MGADiagToolOutput
2015-08-06 11:57 - 2015-08-06 11:57 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2015-08-06 11:36 - 2015-08-06 11:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-05 22:18 - 2015-08-06 08:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-05 14:46 - 2015-08-05 14:46 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-05 14:46 - 2015-08-05 14:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-05 14:46 - 2015-08-05 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-05 14:18 - 2015-07-28 21:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-05 14:18 - 2015-07-28 21:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-05 14:18 - 2015-07-28 21:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-05 14:18 - 2015-07-28 21:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-05 14:18 - 2015-07-28 21:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-05 14:18 - 2015-07-28 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-05 14:18 - 2015-07-28 21:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-05 14:18 - 2015-07-28 20:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-05 14:18 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-05 14:18 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-05 14:18 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-05 14:18 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-05 14:18 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-05 14:18 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-05 14:18 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-05 14:18 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-05 14:18 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-05 14:18 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-05 14:18 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-05 14:18 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-05 14:18 - 2015-07-02 21:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-05 14:18 - 2015-07-02 20:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-05 14:18 - 2015-07-02 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-05 14:18 - 2015-07-02 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-05 14:18 - 2015-06-29 14:30 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-05 14:18 - 2015-06-29 14:27 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-05 14:18 - 2015-06-17 14:28 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-05 14:18 - 2015-06-17 14:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-05 14:18 - 2015-06-17 14:27 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-05 14:18 - 2015-06-17 14:27 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-05 14:18 - 2015-06-17 14:27 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-05 14:18 - 2015-06-17 14:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-05 14:18 - 2015-06-17 14:26 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-05 14:18 - 2015-06-17 14:26 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-05 14:18 - 2015-06-17 14:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-05 14:18 - 2015-06-11 19:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-05 14:18 - 2015-06-11 18:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-05 14:18 - 2015-06-11 18:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-05 14:18 - 2015-06-11 18:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-05 14:18 - 2015-06-11 18:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-05 14:18 - 2015-06-11 18:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-05 14:18 - 2015-06-11 18:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-05 14:18 - 2015-06-11 18:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-05 14:18 - 2015-06-11 18:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-08-05 14:18 - 2015-06-11 18:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-08-05 14:18 - 2015-06-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-05 14:18 - 2015-06-09 19:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-05 14:18 - 2015-06-09 19:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-05 14:18 - 2015-06-03 21:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-08-05 14:18 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-05 14:18 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-08-05 14:17 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-05 14:17 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-05 14:17 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-05 14:17 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-05 14:17 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-05 14:17 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-05 14:17 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-05 14:17 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-05 14:17 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-05 14:17 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-05 14:17 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-05 14:17 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-05 14:17 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-05 14:17 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-05 14:17 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-05 14:17 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-05 14:17 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-05 14:17 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-05 14:17 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-05 14:17 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-05 14:17 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-05 14:17 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-05 14:17 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-05 14:17 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-05 14:17 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-05 14:17 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-05 14:17 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-05 14:17 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-05 14:17 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-05 14:17 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-05 14:17 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-05 14:17 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-05 14:17 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-08-05 14:17 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-05 14:17 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-05 14:17 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-08-05 14:17 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-08-05 14:14 - 2015-07-20 19:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-05 14:14 - 2015-07-20 19:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-05 14:14 - 2015-07-20 19:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-05 14:14 - 2015-07-20 19:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-05 14:14 - 2015-07-20 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-05 14:14 - 2015-07-20 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-05 14:14 - 2015-07-20 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-05 14:14 - 2015-07-20 18:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-05 14:14 - 2015-07-20 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-05 14:02 - 2015-08-07 23:38 - 00000000 ____D C:\Users\Joe\Desktop\Dank Av for rekin virus skrubs
2015-08-05 13:43 - 2015-08-05 13:43 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys
2015-08-04 17:58 - 2015-08-04 17:58 - 00000951 _____ C:\Users\Joe\Desktop\BlueScreenView.cfg
2015-08-03 23:24 - 2015-01-29 11:11 - 00061024 _____ (NirSoft) C:\Users\Joe\Desktop\BlueScreenView.exe
2015-08-03 23:13 - 2015-08-06 16:45 - 753830278 _____ C:\Windows\MEMORY.DMP
2015-08-01 18:04 - 2015-08-01 18:04 - 00001205 _____ C:\Users\Joe\Desktop\Uplay.lnk
2015-08-01 18:04 - 2015-08-01 18:04 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-08-01 16:36 - 2015-08-01 16:36 - 00369152 _____ (Microsoft) C:\Users\Joe\Desktop\UGX Map Manager 1.4.3.exe
2015-07-31 13:42 - 2015-07-31 13:43 - 00000202 _____ C:\Users\Joe\Desktop\PLEASE NEVER DELETE THIS.txt
2015-07-30 16:42 - 2015-08-04 17:33 - 00036794 _____ C:\Windows\DirectX.log
2015-07-30 15:58 - 2015-07-23 01:46 - 00572232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-30 15:57 - 2015-07-23 05:06 - 42730128 _____ C:\Windows\system32\nvcompiler.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 30487880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 22950544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 16151688 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 14503880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 13268712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 11836680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 11055248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-30 15:57 - 2015-07-23 05:06 - 02933576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 02600592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 01101856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 01061008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 01053000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00983368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00976528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00940104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00503592 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-30 15:57 - 2015-07-23 05:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-27 09:21 - 2015-07-27 09:21 - 00089104 _____ (Razer Inc) C:\Windows\system32\RazerCoinstaller.dll
2015-07-22 10:43 - 2015-08-06 08:19 - 00002498 _____ C:\Windows\PFRO.log
2015-07-21 14:35 - 2015-07-03 05:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-21 14:35 - 2015-07-03 05:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-20 14:04 - 2015-08-07 18:58 - 00016759 _____ C:\Windows\setupact.log
2015-07-20 14:04 - 2015-07-20 14:04 - 00000000 _____ C:\Windows\setuperr.log
2015-07-20 13:23 - 2015-07-20 13:23 - 00034304 ___SH C:\Users\Joe\AppData\Roaming\Thumbs.db
2015-07-20 13:06 - 2015-07-20 13:06 - 00000000 ____D C:\Users\Joe\AppData\Local\Downloaded Installations
2015-07-13 09:34 - 2015-07-13 09:34 - 01730328 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-07-13 09:34 - 2015-07-13 09:34 - 00199896 _____ (Razer Inc) C:\Windows\system32\Drivers\rzudd.sys
2015-07-11 11:26 - 2015-08-07 23:26 - 00000911 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99}.job
2015-07-11 11:26 - 2015-08-07 23:26 - 00000725 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99}.job
2015-07-11 11:26 - 2015-07-11 11:26 - 00003978 _____ C:\Windows\System32\Tasks\EPSON XP-412 413 415 Series Update {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99}
2015-07-11 11:26 - 2015-07-11 11:26 - 00003792 _____ C:\Windows\System32\Tasks\EPSON XP-412 413 415 Series Invitation {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 23:37 - 2015-06-20 14:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 23:35 - 2015-03-07 12:35 - 00000911 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {0E08FE94-39D6-4C25-87BD-6A17D20573C8}.job
2015-08-07 23:35 - 2015-03-07 12:35 - 00000725 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {0E08FE94-39D6-4C25-87BD-6A17D20573C8}.job
2015-08-07 23:35 - 2014-10-14 07:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 23:34 - 2014-06-07 20:27 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Skype
2015-08-07 23:31 - 2014-06-07 14:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 22:58 - 2009-07-14 05:45 - 00012928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 22:58 - 2009-07-14 05:45 - 00012928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 19:50 - 2015-04-06 15:47 - 00000000 ____D C:\Users\Joe\AppData\Roaming\TS3Client
2015-08-07 19:03 - 2015-04-06 15:47 - 00000000 ____D C:\Users\Joe\AppData\Local\TeamSpeak 3 Client
2015-08-07 19:03 - 2009-07-14 06:13 - 00901746 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-07 19:01 - 2014-06-07 12:35 - 01725921 _____ C:\Windows\WindowsUpdate.log
2015-08-07 18:58 - 2015-06-20 14:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 18:58 - 2014-07-12 14:13 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 18:58 - 2014-06-07 13:06 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-08-07 18:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 17:53 - 2014-06-14 18:06 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2015-08-06 16:56 - 2014-08-07 11:42 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-06 16:56 - 2014-07-24 13:17 - 00000000 ____D C:\ProgramData\Oracle
2015-08-06 16:54 - 2014-08-07 11:42 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-06 16:45 - 2014-06-19 16:44 - 00000000 ____D C:\Windows\Minidump
2015-08-06 16:08 - 2014-07-24 13:37 - 00000000 ____D C:\Users\Joe\AppData\Roaming\IObit
2015-08-06 16:08 - 2014-07-24 13:37 - 00000000 ____D C:\ProgramData\IObit
2015-08-06 15:15 - 2014-06-07 13:06 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-08-06 11:36 - 2014-10-14 07:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-06 11:04 - 2014-07-06 13:30 - 00000000 ____D C:\Users\Joe\AppData\Roaming\uTorrent
2015-08-06 08:19 - 2014-06-07 14:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-05 22:38 - 2015-05-21 20:54 - 00001028 _____ C:\Users\Joe\Desktop\fsdfsd.txt
2015-08-05 19:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-08-05 14:46 - 2014-06-07 20:27 - 00000000 ____D C:\ProgramData\Skype
2015-08-05 14:29 - 2014-06-07 21:31 - 00000000 ____D C:\Windows\Panther
2015-08-05 14:28 - 2014-12-16 09:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-05 14:28 - 2014-06-13 16:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-05 14:28 - 2009-07-14 05:45 - 00291768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-05 14:22 - 2014-08-29 08:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-05 13:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-05 12:56 - 2014-06-07 12:35 - 00000000 ____D C:\Users\Joe
2015-08-02 23:08 - 2014-08-23 19:40 - 00003773 _____ C:\Users\Joe\Desktop\tf2 scam 2.txt
2015-08-01 18:11 - 2014-06-14 23:35 - 00000000 ____D C:\Users\Joe\AppData\Local\Ubisoft Game Launcher
2015-08-01 18:04 - 2014-06-14 23:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-07-31 22:00 - 2014-06-07 14:09 - 00000000 ___RD C:\Users\Joe\Desktop\Mum's Things
2015-07-31 13:44 - 2014-08-28 12:29 - 00000000 ____D C:\Users\Joe\Desktop\420 MLG
2015-07-30 16:41 - 2014-06-07 14:38 - 00000000 ____D C:\Users\Joe\Documents\my games
2015-07-30 15:59 - 2015-02-14 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-30 15:59 - 2014-06-07 13:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-25 13:03 - 2014-06-07 22:20 - 00000046 _____ C:\Users\Joe\Desktop\Moooovie.txt
2015-07-24 05:21 - 2015-04-09 12:20 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-24 05:21 - 2015-04-09 12:20 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-24 05:21 - 2015-04-09 12:20 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-24 05:21 - 2015-04-09 12:20 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-23 17:11 - 2014-07-24 22:03 - 00002932 _____ C:\Users\Joe\Desktop\Tf2 Scam.txt
2015-07-23 05:06 - 2015-06-22 19:18 - 15892200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-23 05:06 - 2015-06-22 19:18 - 15129192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-23 05:06 - 2015-04-14 14:15 - 03008880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-23 05:06 - 2015-02-14 21:02 - 03407144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-23 05:06 - 2014-07-12 14:12 - 17615408 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-23 05:06 - 2014-07-12 14:12 - 12876336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-23 05:06 - 2014-07-12 14:12 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-23 02:31 - 2014-11-10 16:34 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-23 02:31 - 2014-07-12 14:12 - 06873744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-23 02:31 - 2014-07-12 14:12 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-23 02:31 - 2014-07-12 14:12 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-23 02:31 - 2014-07-12 14:12 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-23 02:31 - 2014-07-12 14:12 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-21 14:36 - 2014-06-07 13:23 - 00000000 ____D C:\Users\Joe\AppData\Local\NVIDIA Corporation
2015-07-20 15:16 - 2014-07-12 14:12 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-07-19 23:35 - 2014-08-30 09:23 - 00001157 _____ C:\Users\Public\Desktop\herdProtect.lnk
2015-07-19 23:35 - 2014-06-07 13:11 - 00001092 _____ C:\Users\Public\Desktop\ASRock SmartConnect.lnk
2015-07-19 20:33 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-19 20:30 - 2014-06-07 13:06 - 00064744 _____ C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-19 20:26 - 2015-06-18 19:35 - 00000000 ____D C:\ProgramData\Comodo
2015-07-17 22:57 - 2014-06-07 14:14 - 00000000 ____D C:\ProgramData\Origin
2015-07-16 18:29 - 2015-04-14 14:20 - 00000080 _____ C:\Users\Joe\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-16 18:28 - 2015-04-14 14:19 - 00000000 ____D C:\Program Files\Rockstar Games
2015-07-16 18:28 - 2015-04-14 14:19 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-07-16 10:32 - 2015-06-20 14:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 10:32 - 2015-06-20 14:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-14 20:31 - 2015-06-24 17:31 - 18009776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-14 20:31 - 2014-06-07 14:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 20:31 - 2014-06-07 14:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 20:31 - 2014-06-07 14:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 19:59 - 2014-07-22 11:20 - 00000000 ____D C:\Users\Joe\AppData\Local\Adobe
2015-07-11 11:26 - 2015-03-07 12:34 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLEE.DLL
2015-07-11 11:26 - 2015-03-07 12:34 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-07-11 11:26 - 2015-03-07 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-07-11 11:26 - 2014-06-08 10:09 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2015-07-08 21:57 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-07-20 13:23 - 2015-07-20 13:23 - 0034304 ___SH () C:\Users\Joe\AppData\Roaming\Thumbs.db
2014-10-21 19:59 - 2014-10-21 19:59 - 0026710 _____ () C:\Users\Joe\AppData\Roaming\UserTile.png
2014-08-21 16:48 - 2014-08-21 16:48 - 0000091 _____ () C:\Users\Joe\AppData\Local\fusioncache.dat
2015-05-18 17:12 - 2015-06-18 18:54 - 0007591 _____ () C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
2015-03-29 17:57 - 2015-03-29 17:57 - 0000003 _____ () C:\Users\Joe\AppData\Local\updater.log
2015-03-29 17:57 - 2015-03-29 17:57 - 0000425 _____ () C:\Users\Joe\AppData\Local\UserProducts.xml
2014-06-07 13:11 - 2014-06-07 13:11 - 0000003 _____ () C:\Users\Joe\AppData\Local\user_data.ini

Some files in TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-04 01:40

==================== End of log ============================

ADDITIONAL

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by Joe (2015-08-07 23:38:47)
Running from C:\Users\Joe\Desktop\Dank Av for rekin virus skrubs
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3837459171-1846615129-2385062822-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3837459171-1846615129-2385062822-1002 - Limited - Enabled)
Guest (S-1-5-21-3837459171-1846615129-2385062822-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3837459171-1846615129-2385062822-1004 - Limited - Enabled)
Joe (S-1-5-21-3837459171-1846615129-2385062822-1000 - Administrator - Enabled) => C:\Users\Joe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.257 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
BeamNG.drive (HKLM-x32\...\Steam App 284160) (Version:  - BeamNG)
BeamNG.drive (HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\BeamNG.drive) (Version: 0.3.4.0 - beamng.com)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{E6EB4571-5ADB-4557-8F95-0E0EF5D0F833}) (Version: 3.30.7824.86 - Sony Computer Entertainment Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cryostasis (Remove Only) (HKLM-x32\...\{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1) (Version: 1.01 - 1C Company)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-412 413 415 Series Printer Uninstall (HKLM\...\EPSON XP-412 413 415 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EVGA PrecisionX 16 (HKLM-x32\...\{DE94ADEE-7417-4180-822F-297F9EB9FA57}) (Version: 5.2.9 - EVGA Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
iExplorer 3.4.0.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.25 - IObit)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.222 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.222 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Men of War: Vietnam (HKLM-x32\...\Steam App 63940) (Version:  - 1C Company)
Mercenaries 2: World in Flames™ (HKLM-x32\...\{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}) (Version: 2.0.1.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-GB)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5694 - Mozilla)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
NAZI_ZOMBIE_ELFENLIED ZM RELEASE (HKLM-x32\...\{D286E209-F5E2-419A-90CD-90C29CC09224}) (Version: 1.2 - APEX)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.0.89.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26599 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
ROTR Beta 1.85 (HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\ROTR Beta 1.85) (Version:  - )
ROTR Map Pack V2.0 (HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\ROTR Map Pack V2.0) (Version:  - )
S.T.A.L.K.E.R.: Lost Alpha version 1.3003 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3003 - dezowave)
Sharepod 4.0.1.2 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
ShockWave 1.1 (HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\ShockWave 1.1) (Version:  - )
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Trials Evolution Gold Edition (HKLM-x32\...\Steam App 220160) (Version:  - Redlynx Ltd)
Unity Web Player (HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Wroom (HKLM-x32\...\{10ACE46A-A5FE-4A3B-A2B6-57CF50386962}) (Version: 1.17 - Jonas Johansson & David Rothelius)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3837459171-1846615129-2385062822-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

06-08-2015 16:59:02 End of disinfection

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32F329B5-2792-487E-9767-D246AC6739E7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin

\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {3C676F70-7C95-4065-AE1F-42F1CA4E0317} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems

Incorporated)
Task: {5E55DE85-CA74-4590-8217-51DBD679D933} - System32\Tasks\Hybrid2 => C:\Trial\IR7\IR7.vbs [2015-03-27] ()
Task: {6B68029A-FAC2-4574-A360-58527FE7FA19} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2015-07-06] (Piriform Ltd)
Task: {8625CB7B-6E17-45C0-91B6-EF458DF903E4} - System32\Tasks\Hybrid4 => taskkill
Task: {8EFC9F4D-F07C-482E-8494-296B451B7B4D} - System32\Tasks\EPSON XP-412 413 415 Series Update {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99} => C:\Windows\system32\spool\DRIVERS

\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {8F59D12C-2D84-49BC-9A5D-89F1B91262EC} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {0E08FE94-39D6-4C25-87BD-6A17D20573C8} => C:\Windows\system32\spool\DRIVERS

\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {9090D408-9A00-4024-9EB1-AFCD19F3F7BE} - System32\Tasks\{395D5DA6-80DB-43BB-AF1E-BE7C3995B5D1} => Firefox.exe http://ui.skype.com/ui/0/6.21.0.104/en/abandoninstall?page=tsProgressBar
Task: {94F33489-3DF9-47A5-B280-558B17A3A92C} - System32\Tasks\EPSON XP-412 413 415 Series Update {0E08FE94-39D6-4C25-87BD-6A17D20573C8} => C:\Windows\system32\spool\DRIVERS

\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {B41EA365-CD6B-4DE8-9380-15D14E082FC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {BD76DCC4-27CA-4DDE-B087-34AB134BDCE5} - System32\Tasks\EPSON XP-412 413 415 Series Invitation {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99} => C:\Windows\system32\spool\DRIVERS

\x64\3\E_ITSLEE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C92A4506-932E-4F92-9227-AA922FEAB8DB} - System32\Tasks\{361CBB2B-BE6E-40DF-8768-9615D75D13C9} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {DC683105-7245-4446-8A85-0527E1BFDAC8} - System32\Tasks\EVGAPrecision => E:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
Task: {E16D4056-E4D0-4A97-9B51-779E526DB44D} - System32\Tasks\herdProtectScan => C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe [2014-08-12] (Reason Software Company Inc.)
Task: {E38F7D20-D8F5-4746-B0A1-06EE8CA1C1DB} - System32\Tasks\IR7 => cmd.exe /c cscript.exe /b C:\Windows\System32\slmgr.vbs /rearm &amp;&amp; net stop sppsvc &amp;&amp; net start sppsvc
Task: {E3F06706-D016-4D5D-979A-95DA19FEC66F} - System32\Tasks\Hybrid3 => taskkill
Task: {E7C08368-F8EF-4654-BCE5-6DDD9B136E72} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {ECFB9B80-A6C4-41DD-875B-BC66B5C17355} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin

\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {FC07DE93-BF10-4958-A848-82ECB384AEE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {0E08FE94-39D6-4C25-87BD-6A17D20573C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {0E08FE94-39D6-4C25-87BD-6A17D20573C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE:/EXE:{0E08FE94-39D6-4C25-

87BD-6A17D20573C8} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically

kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {FE39138C-DBA1-41F2-B9E5-FF4EFAA8EA99}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE:/EXE:{FE39138C-DBA1-41F2

-B9E5-FF4EFAA8EA99} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically

kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-20 01:03 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-06-20 01:03 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-07-12 14:12 - 2015-07-23 02:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-07 14:46 - 2014-08-21 16:27 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-09 12:20 - 2015-07-24 05:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-03-12 18:10 - 2015-07-03 17:12 - 00778240 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2014-12-03 23:11 - 2015-07-03 17:12 - 04962816 _____ () D:\Program Files (x86)\Steam\v8.dll
2014-12-03 23:11 - 2015-07-03 22:58 - 01556992 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2014-12-03 23:11 - 2015-07-03 22:58 - 01187840 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 15:10 - 2015-08-07 01:30 - 02413248 _____ () D:\Program Files (x86)\Steam\video.dll
2014-08-28 23:10 - 2014-12-01 22:31 - 02396672 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 23:10 - 2014-12-01 22:31 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 23:10 - 2014-12-01 22:31 - 00479744 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 23:10 - 2014-12-01 22:31 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 23:10 - 2014-12-01 22:31 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2009-02-18 05:15 - 2015-08-07 01:30 - 00704192 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-06 22:32 - 2015-07-27 02:13 - 00171008 _____ () D:\Program Files (x86)\Steam\bin\openvr_api.dll
2009-02-18 05:15 - 2015-07-03 22:58 - 39553928 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2014-06-07 13:06 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_ID4BLEE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6435330.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435330.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\asstor64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avchv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\terminpt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Users\Joe\Desktop\10734128_1578628735699015_3953990741245622532_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Joe\Desktop\11716034_801135196670040_943994531_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Joe\Desktop\traffic_offences.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Joe\Desktop\UGX Map Manager 1.4.3.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MyEpson Portal Service => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation®.lnk => C:\Windows\pss\Content Manager Assistant for

PlayStation®.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "E:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EADM => "E:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BDB2DA72-F6D3-4B51-A7BE-D78097BBC70A}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2FB65148-3E3D-4C46-8AB6-F25A594675A1}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{3825A95D-FA45-4BE4-A62F-49B5C446C7A2}D:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\call of duty world at war\codwaw.exe
FirewallRules: [UDP Query User{D25DB51B-B2C0-4C69-94D4-3EB0F1D712A9}D:\program files (x86)\steam\steamapps\common\call of duty world at war\codwaw.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\call of duty world at war\codwaw.exe
FirewallRules: [TCP Query User{4A56FEA5-C0DB-4A7E-8CA9-33EEAECFE172}D:\program files (x86)\steam\steamapps\gillhajr01\garrysmod\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps

\gillhajr01\garrysmod\hl2.exe
FirewallRules: [UDP Query User{FE77112A-476B-4BAF-B5AC-F62C9893A61E}D:\program files (x86)\steam\steamapps\gillhajr01\garrysmod\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps

\gillhajr01\garrysmod\hl2.exe
FirewallRules: [TCP Query User{52DE8169-F7D2-4C4E-81BF-BC6FAB2F2BD9}D:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps

\common\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{9A4C0C6A-07AC-4CA9-A75A-0191C17B99A7}D:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps

\common\team fortress 2\hl2.exe
FirewallRules: [{990E3A7B-5442-4EAF-829E-1E55E4E339BE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent\Launcher.exe
FirewallRules: [{0FEC90E6-EC01-4AED-A18C-71635618B77D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent\Launcher.exe
FirewallRules: [TCP Query User{B9D6D3AA-5D77-45B9-A1CE-66165F35E5C6}E:\program files (x86)\scary\slendytubbies\slendytubbies v2 beta 64bit\slendytubbies v2 beta 64bit.exe] => (Allow) E:\program files

(x86)\scary\slendytubbies\slendytubbies v2 beta 64bit\slendytubbies v2 beta 64bit.exe
FirewallRules: [UDP Query User{76ECC6C5-A2BF-407F-9906-9E0A03271F0E}E:\program files (x86)\scary\slendytubbies\slendytubbies v2 beta 64bit\slendytubbies v2 beta 64bit.exe] => (Allow) E:\program files

(x86)\scary\slendytubbies\slendytubbies v2 beta 64bit\slendytubbies v2 beta 64bit.exe
FirewallRules: [{6D339973-DFA7-4184-ACD3-9D4015B4A0FA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\MX vs ATV Reflex\MXReflex.exe
FirewallRules: [{5C7DB3AC-1139-4993-90FC-8A8F1D49DB1F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\MX vs ATV Reflex\MXReflex.exe
FirewallRules: [{E5E0AC69-F888-4DE0-BDD5-B506CB5AD722}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\MX vs ATV Reflex\MXSettings.exe
FirewallRules: [{0B3AB453-52D9-4014-AB79-DF7B3204F647}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\MX vs ATV Reflex\MXSettings.exe
FirewallRules: [{3C8E726E-E134-4BAB-BD27-D0666807615C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{F6FAA948-A8E7-428D-A835-5DD9BC9BA42C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4C841190-2991-4AF8-BC3F-64BC2D8A5840}] => (Allow) E:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{49805620-1CE0-408F-9570-F8B2A60343E4}] => (Allow) E:\Program Files (x86)\Origin Games\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe
FirewallRules: [{455267BB-E860-4ED0-8922-6B385CAE6CC6}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B649FA5F-8214-4541-AE46-6ECCA335064A}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{E2E687B6-ED02-42E2-A309-C60F84E1AEFF}D:\program files (x86)\steam\steamapps\common\call of duty world at war\codwawmp.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\call of duty world at war\codwawmp.exe
FirewallRules: [UDP Query User{47D33F1A-E270-4382-BA5B-0EF444E8C174}D:\program files (x86)\steam\steamapps\common\call of duty world at war\codwawmp.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\call of duty world at war\codwawmp.exe
FirewallRules: [{17C22E54-DD45-4CAC-84E7-2078C488F805}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{BDC21C82-21DB-46FC-86BA-082DB7768237}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\aceofspades\aos.exe
FirewallRules: [{5ABD6BD2-0491-4983-8F76-FE2EDE000355}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{F0925543-9879-4970-9E81-F0D988A01DBB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{E36352D1-8590-4C24-9034-E63CED333EBA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7C1D5370-0192-4588-A5F8-9E9CC4C5F8F4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EA5BF2AA-AB03-4218-9A79-765BBDCF79AE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F65320FB-C369-44CE-BC94-54AEDB5FC1B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{6583ABCE-0F13-47EB-B19C-903D0161ED9A}D:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps

\common\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{175220E0-A274-4411-A58A-C44B4B35A9CE}D:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps

\common\counter-strike source\hl2.exe
FirewallRules: [{8AA33A55-2EBE-41DC-BBC9-476D53D51988}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{881497B0-E919-4520-8081-73D3C3DF67EE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{12166473-3E2B-4B55-B1A3-3042305BF434}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20F1101A-2063-46EE-AC7F-B3D91357B32C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3683F00B-31EC-4447-899E-A5EFA0310B69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0BFC9BE-4967-49EC-8D5F-BE0468AED2BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4723A826-DA66-4EE3-9ABD-00E3A26D60F6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{0DC159D7-25AF-4699-930A-C66BF6A8980E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{793BF419-B3FA-46EE-92CE-BCF81B7472B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{932C6F50-341D-4924-B136-DEFD46CBBC86}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{E8613D74-D739-466B-805A-71998418EE65}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{0A503C07-03B1-4924-A560-EA13A9FDE511}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\terraria\Terraria.exe
FirewallRules: [{D8450E37-0FC3-41B6-86CF-FEB099DA1A75}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent\Amnesia.exe
FirewallRules: [{E8081895-0D08-42E8-8421-24602B684BF9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\amnesia the dark descent\Amnesia.exe
FirewallRules: [{D4D25F3B-ADF6-48DD-9ACD-7CE7341A9A3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{18D0BD28-E315-430D-AE1A-5BDE2B255F62}] => (Allow) LPort=2869
FirewallRules: [{999D04BC-F1D2-43F1-B631-47AEA09AB9C1}] => (Allow) LPort=1900
FirewallRules: [{AC66984A-87A9-468E-8C62-CE4A55E71E13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAA7FF96-947F-4CB7-8616-C02A25F5BEA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{91859857-27FE-4EE8-8587-CA8935DF9B1E}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe
FirewallRules: [UDP Query User{E0D8F78C-61CA-4915-B09E-42E11712BF8B}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe
FirewallRules: [{7D08CB5E-1308-4195-9115-9660BCB97492}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FC514B8C-067D-49E7-B148-BE4C644E793D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0578C52C-0A01-49F4-817A-4A3F9D08A46B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{BC81C5F6-8222-4AE9-81B4-716A09E18598}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{A8DF5A36-B6BB-4652-913C-55BA16220240}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps

\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{EF0DD080-8D37-4C1A-B5E0-AF961177A9CD}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps

\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{095686B0-A1BE-4CAE-9993-BFF6F0670067}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{68ABF441-2AD3-4DC7-8A02-78783AE3AFED}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{231EF34C-95D4-4B44-895C-0615A99EA2AF}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{98AAA026-3343-4747-A452-8C784699BA63}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F4BB775C-6F48-4FBA-9D14-65B6BD773043}C:\users\joe\desktop\minecrap\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\joe\desktop\minecrap\runtime\jre-

x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{877396D3-23BE-424C-B015-B414A7147BE6}C:\users\joe\desktop\minecrap\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\joe\desktop\minecrap\runtime\jre-

x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A3278E3D-F287-4201-900D-C551F127CC34}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{BEF549AA-05BC-44AE-B103-352D231D4894}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\the binding of isaac\Isaac.exe
FirewallRules: [{596BFA4D-6950-4DF8-9C6A-A348481590CD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{5B445E59-13DF-4652-BEAA-2AB6BCA55DCA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{602BCA89-7109-443D-8DCE-2078A27D91BF}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{F7DE17DC-7AA5-425C-AAFB-56F79C627382}D:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\program files (x86)\steam

\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{689949C5-0ED0-48CB-B343-D6E799F5625E}] => (Allow) E:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{16ABF072-014D-4990-9D9A-8A296685ACB0}] => (Allow) E:\Program Files (x86)\Origin Games\Command and Conquer Generals Zero Hour\Generals.exe
FirewallRules: [{5B8AE7A4-1EFA-4130-A8ED-449F31586920}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{50D0E744-79F3-40E6-B95D-5FFFCAA5BFE2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{CEB9ACA2-5246-4EE9-B5DC-433145EC391B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B6492879-93AA-4653-831B-10BECABB4D0E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{489507AE-C8E0-4C59-AD75-A4DE2AE160B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{987D906A-0C2D-477F-BDB5-69CE7E579A03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4C905DB4-ED09-4D4E-AFDC-231A63CEF0E4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{649593B1-54D5-4F9C-A102-C272544BF481}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{496F0CDE-1DBD-4654-9F9B-40942907B9EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{96A1F0CF-F66D-4A44-8631-5B63FFA15ED0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Men of War - Vietnam\Vietnam.exe
FirewallRules: [{2906DED6-525B-43BE-BB36-3C9C0FB13E8C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Men of War - Vietnam\Vietnam.exe
FirewallRules: [{79FF6EA8-0A58-4403-87A4-022DACF89E69}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Men of War - Vietnam\Vietnam Editor.exe
FirewallRules: [{CB88D150-7C1D-4D84-A2EF-976E6EF11904}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Men of War - Vietnam\Vietnam Editor.exe
FirewallRules: [{10C14163-A78F-4202-AAA6-E10829C1F5CF}] => (Allow) C:\Users\Joe\Desktop\UGX Map Manager 1.4.3.exe
FirewallRules: [{CA834E8A-E39F-41A6-AFA3-E2FF5DFA7B87}] => (Allow) C:\Users\Joe\Desktop\UGX Map Manager 1.4.3.exe
FirewallRules: [{C2C07092-6716-43C0-96CA-43E11EFF24CB}] => (Allow) C:\Users\Joe\Desktop\UGX Map Manager 1.4.3.exe
FirewallRules: [{EC4CDBCA-E8AE-4CA3-BF13-4ABF064609F0}] => (Allow) C:\Users\Joe\Desktop\UGX Map Manager 1.4.3.exe
FirewallRules: [{95ACCF2B-73B8-4134-8551-5E4363985F22}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{CE1419BE-7391-4FC7-9C32-135321A62F07}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{6EDBDAC2-A228-498C-BC3F-03691502A429}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4C6610E9-D628-4589-9DAA-49BF60187828}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Faulty Device Manager Devices =============

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: asmthub3
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2015 06:59:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 10:29:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 07:43:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 05:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.0.5694, time stamp: 0x55c14cb9
Faulting module name: mozglue.dll, version: 40.0.0.5694, time stamp: 0x55c13900
Exception code: 0x80000003
Fault offset: 0x0000e21f
Faulting process id: 0x17b8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/06/2015 05:52:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.0.5694, time stamp: 0x55c14cb9
Faulting module name: mozglue.dll, version: 40.0.0.5694, time stamp: 0x55c13900
Exception code: 0x80000003
Fault offset: 0x0000e21f
Faulting process id: 0xf0c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/06/2015 05:06:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 04:46:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 04:05:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 10:57:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 08:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/07/2015 10:34:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/07/2015 10:34:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/06/2015 04:45:11 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000101 (0x0000000000000019, 0x0000000000000000, 0xfffff880037e6180, 0x0000000000000004)C:\Windows\MEMORY.DMP

Error: (08/06/2015 04:45:11 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description:

Error: (08/06/2015 04:45:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:43:34 on ‎06/‎08/‎2015 was unexpected.

Error: (08/06/2015 04:07:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/06/2015 04:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/06/2015 04:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/06/2015 04:07:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the

service.

Error: (08/06/2015 04:07:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (08/07/2015 06:59:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 10:29:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2015 07:43:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 05:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.0.569455c14cb9mozglue.dll40.0.0.569455c13900800000030000e21f17b801d0d0684522bd11C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files

(x86)\Mozilla Firefox\mozglue.dll9b8a6c5e-3c5b-11e5-8cb6-bc5ff459c8d1

Error: (08/06/2015 05:52:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.0.569455c14cb9mozglue.dll40.0.0.569455c13900800000030000e21ff0c01d0d0671869e5a4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files

(x86)\Mozilla Firefox\mozglue.dll93c94b3d-3c5b-11e5-8cb6-bc5ff459c8d1

Error: (08/06/2015 05:06:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 04:46:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 04:05:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 10:57:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 08:21:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 42%
Total physical RAM: 8086.02 MB
Available physical RAM: 4637.71 MB
Total Virtual: 16170.24 MB
Available Virtual: 11826.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.25 GB) (Free:140.95 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:270.45 GB) (Free:15.6 GB) NTFS
Drive e: () (Fixed) (Total:195.21 GB) (Free:109.4 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:111.79 GB) (Free:43.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 75208A99)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1BDDD34B)
Partition 1: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E68231B6)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of log ============================
 



BC AdBot (Login to Remove)

 


#2 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 07 August 2015 - 07:07 PM

Sooo uhh is this substantial information or do i need to run more checks mate :3



#3 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 09 August 2015 - 04:55 AM

Yet another update; I've concluded that the 'thing' apprears when starting Cointer strike Global offensive, and still happens regardless of complete uninstalls and reinstalls



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 09 August 2015 - 08:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\Run: [zASRockInstantBoot] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3837459171-1846615129-2385062822-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin HKU\S-1-5-21-3837459171-1846615129-2385062822-1000: @hola.org/vlc,version=1.7.455 -> C:\Users\Joe\AppData\Local\Hola\firefox\app\vlc No File
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\MEMORY.DMP

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists you may consider to install the latest driver.

http://realtek-high-definition-audio-codec.findmysoft.com/

Make sure you have a good restore point before proceeing.

C:\Windows\MEMORY.DMP

#5 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 09 August 2015 - 10:24 AM

Hey, thankyou for this.

 

Before i do it, Should I wait for No name Available 'virus' to pop up as I did for the FRST logs



#6 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 09 August 2015 - 12:35 PM

Welp, I did it anyway man haha, Was successfull and the logs are here

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by Joe (2015-08-09 18:30:22) Run:1
Running from C:\Users\Joe\Desktop\Dank Av for rekin virus skrubs
Loaded Profiles: Joe (Available Profiles: Joe)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\...\Run: [zASRockInstantBoot] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3837459171-1846615129-2385062822-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin HKU\S-1-5-21-3837459171-1846615129-2385062822-1000: @hola.org/vlc,version=1.7.455 -> C:\Users\Joe\AppData\Local\Hola\firefox\app\vlc No File
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\MEMORY.DMP

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => value removed successfully
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKU\S-1-5-21-3837459171-1846615129-2385062822-1000\Software\MozillaPlugins\@hola.org/vlc,version=1.7.455" => key removed successfully
FF Plugin HKU\S-1-5-21-3837459171-1846615129-2385062822-1000: @hola.org/vlc,version=1.7.455 -> C:\Users\Joe\AppData\Local\Hola\firefox\app\vlc No File not found.
cpudrv64 => service removed successfully
VGPU => service removed successfully
C:\Windows\MEMORY.DMP => moved successfully.
EmptyTemp: => 552.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:30:45 ====



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 09 August 2015 - 01:10 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 10 August 2015 - 02:42 PM

Heyy it seems to have gone, Thankyou ever so much man..

 

 

However, my Malwarebytes crashes whenever i do any sort of Threat scan.. it crashes on random points only when scanning system32.

Any ideas?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 11 August 2015 - 07:16 AM

Is Comodo still installed and running ?

What other Security Software do you have running?

#10 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 11 August 2015 - 08:22 AM

No actually, I uninstalled Comodo about 2 months ago due to it being quite annoying for the little it actually did.

 

And i'm using Bitdefender anitivirus paired with Malwarebytes pro. I do frequent checks with Adwcleaner and MBanti-rootkit though :)



#11 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 11 August 2015 - 08:24 AM

Wait... how did you know I used Comodo?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 12 August 2015 - 07:29 AM

No actually, I uninstalled Comodo about 2 months ago due to it being quite annoying for the little it actually did.
Wait... how did you know I used Comodo?


This is folder is listed in this section of your log
==================== One Month Modified files and folders ========
C:\ProgramData\Comodo

Also you should remove the following AlternateDataStreams set by Comodo.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CloseProcesses:

AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_ID4BLEE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6435330.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435330.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\OpenAL32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\asstor64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avchv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\terminpt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Users\Joe\Desktop\10734128_1578628735699015_3953990741245622532_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Joe\Desktop\11716034_801135196670040_943994531_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Joe\Desktop\traffic_offences.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Joe\Desktop\UGX Map Manager 1.4.3.exe:BDU

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Are you now running a genuine version of Windows?

#13 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 12 August 2015 - 08:43 AM

Okay i'll do this, Give me a minute...  And unfortunatly not untill my Exams are over, I needed to use an non-geniune windows thanks to being very short of money.

 

but appart from that yeah, i appreciate the off-topic additional help you've given me man. But you can close this thread if needed untill I use my key and do a fresh genuine reinstall :)

 

 

Regards ~ Joe



#14 Gillhajr01

Gillhajr01
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 12 August 2015 - 08:48 AM

Here's the log

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:35 AM

Posted 12 August 2015 - 09:35 AM

It's best we close this topic.

Do not what to try any other fixes until you are running a genuine program.
Might cause some additional problems.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users