Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects and dialog box popups on google chrome


  • This topic is locked This topic is locked
23 replies to this topic

#1 firefoot87

firefoot87

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 August 2015 - 01:13 PM

Hello. Generally speaking, I handle my own problems. This one is out of my league apparently. I've been a guest-browser of this website for a long time. Thank you in advance for any help provided. 
 
At some point, i failed to follow the cardinal rule when downloading and installing software: I clicked too fast. As a result I've obtained some form of adware that regularly redirects me to fake dialog boxes with phone numbers about virus removal and fake blue screen dialog boxes. The browser I use is google chrome. I have attached the documents requested as well as a combo-fix log. I read that I'm not supposed to run combo-fix without supervision after having already run it. Might as well include it since I have the log already. Again, thank you in advance for any consideration towards resolution. 
 
EDIT1: I've also included a screenshot of one of the popups I get. This is probably the most common one. I hope this helps.
 
EDIT2: I forgot that I ran AdwCleaner as well. I have included that log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02
Ran by Beau (administrator) on CORTANA (12-08-2015 14:02:09)
Running from C:\Users\Beau\Downloads
Loaded Profiles: Beau (Available Profiles: Beau)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files\pia_manager\pia_manager.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) D:\Program Files 2\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Valve Corporation) D:\Program Files 2\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Curse, Inc) C:\Users\Beau\AppData\Roaming\Curse Client\Bin\Curse.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(http://www.ruby-lang.org/) C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2015-04-15] (FNet Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\...\Run: [Steam] => D:\Program Files 2\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-06-30]
ShortcutTarget: Curse.lnk -> C:\Users\Beau\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-05-16]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A6D4E23B-9DA4-44AE-8FC1-10D6B2E3E487}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{AFB48A3D-6DA9-4364-BD95-3009DFCFB931}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D5CF2E3D-585E-4BD1-A103-5C9E17A59176}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-15]
CHR Extension: (Google Docs) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-15]
CHR Extension: (Google Sheets) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-15]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-13] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-06-17] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-17] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 Cautious Help; C:\Users\Beau\AppData\Roaming\Cautious Help\Cautious Help.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Splendid Poem; "C:\Program Files (x86)\Splendid Poem\Splendid Poem.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [390632 2011-03-04] (ASMedia Technology Inc) [File not signed]
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2015-04-15] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-08-12] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-12 14:02 - 2015-08-12 14:02 - 00018064 _____ C:\Users\Beau\Downloads\FRST.txt
2015-08-12 14:02 - 2015-08-12 14:02 - 00000000 ____D C:\FRST
2015-08-12 14:01 - 2015-08-12 14:01 - 02172928 _____ (Farbar) C:\Users\Beau\Downloads\FRST64.exe
2015-08-12 13:54 - 2015-08-12 13:54 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-08-12 13:43 - 2015-08-12 13:43 - 00029058 _____ C:\ComboFix.txt
2015-08-12 13:35 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-12 13:35 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-12 13:35 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-12 13:35 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-12 13:35 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-12 13:35 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-12 13:35 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-12 13:35 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-12 13:32 - 2015-08-12 13:43 - 00000000 ____D C:\Qoobox
2015-08-12 13:32 - 2015-08-12 13:42 - 00000000 ____D C:\Windows\erdnt
2015-08-12 13:32 - 2015-08-12 13:32 - 05634368 ____R (Swearware) C:\Users\Beau\Downloads\ComboFix.exe
2015-08-12 13:31 - 2015-08-12 13:31 - 02248704 _____ C:\Users\Beau\Downloads\AdwCleaner.exe
2015-08-12 12:49 - 2015-08-12 12:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-12 12:49 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-08-12 12:41 - 2015-08-12 13:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-12 12:41 - 2015-08-12 12:49 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-12 12:41 - 2015-08-12 12:41 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-12 12:41 - 2015-08-12 12:41 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-12 12:41 - 2015-08-12 12:41 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-08-12 12:41 - 2015-08-12 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-12 12:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-08-12 12:40 - 2015-08-12 12:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Beau\Downloads\spybot-2.4.exe
2015-08-12 01:20 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 01:20 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 01:16 - 2015-08-12 01:16 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-11 16:22 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 16:22 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 16:22 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 16:22 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 16:22 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 16:22 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 16:22 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 16:22 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 16:22 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 16:22 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 16:22 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 16:22 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 16:22 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 16:22 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 16:22 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 16:22 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 16:22 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 16:22 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 16:22 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 16:22 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 16:22 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 16:22 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 16:22 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 16:22 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 16:22 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 16:22 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 16:22 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 16:22 - 2015-07-16 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 16:22 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 16:22 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 16:22 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 16:22 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 16:22 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 16:22 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 16:22 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 16:22 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 16:22 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 16:22 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 16:22 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 16:22 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 16:22 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 16:22 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 16:22 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 16:22 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 16:22 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 16:22 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 16:22 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 16:22 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 16:22 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 16:22 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 16:22 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 16:22 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 16:22 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 16:22 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 16:22 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 16:22 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 16:22 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 16:22 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 16:22 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 16:22 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 16:22 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 16:22 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 16:22 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 16:22 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 16:22 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 16:22 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 16:22 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 16:22 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 16:22 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 16:22 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 16:22 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 16:22 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 16:22 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 16:22 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 16:22 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 16:22 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 16:22 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 16:22 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 16:22 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 16:22 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 16:22 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 16:22 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 16:22 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 16:22 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 16:22 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 16:22 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 16:22 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 16:22 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 16:22 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 16:22 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 16:22 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 16:22 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 16:22 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 16:22 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 16:22 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 16:22 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 16:22 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 16:22 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 16:22 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 16:22 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 16:22 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 16:22 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 16:22 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 16:22 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 16:22 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 16:22 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 16:22 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 16:22 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 16:22 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 16:22 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 16:22 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 16:22 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 16:22 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 16:22 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 16:22 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 16:22 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 16:22 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 16:22 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 16:22 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 16:22 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 16:22 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 16:22 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 16:22 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 16:22 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 16:22 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 16:22 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 16:22 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 16:22 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 16:22 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 16:22 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 16:22 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 16:22 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 16:22 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 16:22 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 16:22 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 16:22 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 16:22 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 16:22 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 16:22 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 16:22 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 16:22 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 16:22 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 16:22 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 16:22 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 16:22 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 16:22 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 16:22 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 16:22 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 16:22 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 16:21 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 16:21 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 16:21 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 16:21 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 16:21 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 16:21 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 16:21 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 16:21 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 16:21 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 16:21 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 16:21 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 16:21 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 16:21 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 16:21 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-06 21:19 - 2015-08-06 21:19 - 00000000 ____D C:\Users\Beau\Documents\Curse
2015-08-05 02:52 - 2015-08-09 19:16 - 00000000 ____D C:\Users\Beau\AppData\Roaming\TS3Client
2015-08-05 02:52 - 2015-08-05 02:52 - 00000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-08-05 02:52 - 2015-08-05 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-08-05 02:52 - 2015-08-05 02:52 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-08-05 02:51 - 2015-08-05 02:51 - 31071896 _____ (TeamSpeak Systems GmbH) C:\Users\Beau\Downloads\TeamSpeak3-Client-win64-3.0.17.exe
2015-08-05 00:13 - 2015-08-05 00:13 - 00001115 _____ C:\Users\Beau\Desktop\EVE Online 2.lnk
2015-08-04 23:58 - 2015-08-04 23:58 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension
2015-08-04 23:58 - 2015-08-04 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link Shell Extension
2015-08-04 23:58 - 2015-08-04 23:58 - 00000000 ____D C:\Program Files\LinkShellExtension
2015-08-04 23:57 - 2015-08-04 23:57 - 06614936 _____ (Microsoft Corporation) C:\Users\Beau\Downloads\vcredist_IA64.EXE
2015-08-04 23:57 - 2015-08-04 23:57 - 04027352 _____ C:\Users\Beau\Downloads\HardLinkShellExt_X64.exe
2015-08-04 23:57 - 2015-08-04 23:57 - 03957728 _____ C:\Users\Beau\Downloads\HardLinkShellExt_Itanium.exe
2015-08-04 23:57 - 2015-08-04 23:57 - 03175832 _____ (Microsoft Corporation) C:\Users\Beau\Downloads\vcredist_x64.EXE
2015-08-04 23:26 - 2015-08-04 23:27 - 00001056 _____ C:\Users\Beau\Desktop\ISBoxer Suite.lnk
2015-08-04 23:25 - 2015-08-04 23:27 - 00000000 ____D C:\Program Files (x86)\InnerSpace
2015-08-04 23:25 - 2015-08-04 23:25 - 00001031 _____ C:\Users\Beau\Desktop\Inner Space.lnk
2015-08-04 23:25 - 2015-08-04 23:25 - 00000000 ____D C:\Users\Beau\Desktop\isBoxerClient
2015-08-04 23:24 - 2012-11-24 22:14 - 00554737 _____ C:\Users\Beau\Desktop\isboxer_server_v2.exe
2015-08-04 23:21 - 2015-08-04 23:24 - 03582227 _____ C:\Users\Beau\Desktop\ISBoxer.7z
2015-08-04 23:21 - 2015-08-04 23:21 - 00000000 ____D C:\Users\Beau\Desktop\ISBOXER
2015-08-04 23:21 - 2012-12-16 17:16 - 00128476 _____ C:\Users\Beau\Desktop\Emulator.7z
2015-08-04 23:20 - 2015-08-04 23:20 - 03710869 _____ C:\Users\Beau\Downloads\ISBOXER.rar
2015-08-04 23:00 - 2015-08-04 23:00 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Titanium
2015-08-04 22:59 - 2015-08-04 23:01 - 00000000 ____D C:\Program Files\pia_manager
2015-08-04 22:59 - 2015-08-04 22:59 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-08-04 22:59 - 2015-08-04 22:59 - 00003154 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-08-04 22:59 - 2015-08-04 22:59 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-08-04 22:52 - 2015-08-04 22:58 - 25723531 _____ C:\Users\Beau\Downloads\installer_win.exe
2015-08-04 22:32 - 2015-08-04 22:32 - 00303101 _____ C:\Users\Beau\Downloads\GTA 5 - Grand Theft Auto V-RELOADED-[rarbg.com].torrent
2015-08-04 22:16 - 2015-08-04 22:16 - 00009843 _____ C:\Users\Beau\Downloads\72630f7829173c1278610673f1ffd96bc0fad780.torrent
2015-08-04 22:12 - 2015-08-04 22:38 - 00000000 ____D C:\Program Files (x86)\CactusVPN
2015-08-04 22:12 - 2015-08-04 22:12 - 00001019 _____ C:\Users\Beau\Desktop\CactusVPN.lnk
2015-08-04 22:12 - 2015-08-04 22:12 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CactusVPN
2015-08-04 22:12 - 2015-08-04 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CactusVPN
2015-08-04 22:11 - 2015-08-04 22:12 - 02726017 _____ C:\Users\Beau\Downloads\CactusVPN-v4.4.0-en-install.exe
2015-08-04 07:27 - 2015-08-04 07:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-04 07:27 - 2015-08-04 07:27 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-08-03 10:43 - 2015-08-03 10:43 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-03 10:43 - 2015-08-03 10:43 - 00001031 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-08-03 10:42 - 2015-08-03 11:41 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-03 10:42 - 2015-08-03 10:42 - 08096648 _____ (TeamViewer GmbH) C:\Users\Beau\Downloads\TeamViewer_Setup_en.exe
2015-08-01 17:38 - 2015-07-24 00:21 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-08-01 17:38 - 2015-07-24 00:21 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-08-01 17:38 - 2015-07-24 00:21 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-08-01 17:38 - 2015-07-24 00:21 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-08-01 17:38 - 2015-07-03 00:28 - 00069992 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-08-01 17:38 - 2015-07-03 00:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-08-01 17:38 - 2015-07-03 00:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-31 21:54 - 2015-07-31 21:54 - 00000000 ____D C:\Users\Beau\Documents\EVE
2015-07-31 21:54 - 2015-07-31 21:54 - 00000000 ____D C:\Users\Beau\AppData\Local\CCP
2015-07-31 21:36 - 2015-07-31 21:36 - 00000575 _____ C:\Users\Public\Desktop\EVE Online 1.lnk
2015-07-31 21:36 - 2015-07-31 21:36 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-07-31 21:36 - 2015-07-31 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVE
2015-07-31 21:34 - 2015-07-31 21:34 - 103497728 _____ C:\Users\Beau\Downloads\EVE_Online_Installer_917625.msi
2015-07-30 21:00 - 2015-07-30 21:00 - 00000589 _____ C:\Users\Beau\Desktop\Recettear - An Item Shop's Tale.lnk
2015-07-30 21:00 - 2015-07-30 21:00 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recettear - An Item Shop's Tale
2015-07-30 20:58 - 2015-07-30 20:58 - 00000000 ____D C:\Users\Beau\Downloads\Recettear.An.Item.Shops.Tale.v1.105.full-THETA.part1
2015-07-30 20:55 - 2015-07-30 20:56 - 194499553 _____ C:\Users\Beau\Downloads\Recettear.An.Item.Shops.Tale.v1.105.full-THETA.part2.rar
2015-07-30 20:54 - 2015-07-30 20:55 - 204472320 _____ C:\Users\Beau\Downloads\Recettear.An.Item.Shops.Tale.v1.105.full-THETA.part1.rar
2015-07-29 11:42 - 2015-08-12 13:54 - 00007842 _____ C:\Windows\PFRO.log
2015-07-29 11:42 - 2015-08-12 13:54 - 00005225 _____ C:\Windows\setupact.log
2015-07-29 11:42 - 2015-07-29 11:42 - 00000000 _____ C:\Windows\setuperr.log
2015-07-28 00:32 - 2015-07-28 00:32 - 03169259 _____ C:\Users\Beau\Downloads\sublime.zip
2015-07-28 00:32 - 2015-07-28 00:32 - 00000000 ____D C:\Users\Beau\Desktop\sublime
2015-07-24 23:06 - 2015-07-24 23:06 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Python-Eggs
2015-07-24 23:05 - 2015-07-24 23:10 - 00000000 ____D C:\Users\Beau\Downloads\MCEdit
2015-07-24 22:19 - 2015-07-24 22:32 - 31588602 _____ (Igor Pavlov) C:\Users\Beau\Downloads\mcedit2-win64-2.0.0alpha-591.exe
2015-07-24 22:08 - 2015-07-24 22:09 - 05674010 _____ C:\Users\Beau\Downloads\Mobius.rar
2015-07-24 21:33 - 2015-07-24 21:33 - 00013930 _____ C:\Users\Beau\Downloads\Arcadia.schematic
2015-07-24 20:57 - 2015-07-24 20:56 - 06483456 _____ (Tim Kosse) C:\Users\Beau\Downloads\FileZilla_3.12.0.2_win64-setup.exe
2015-07-24 20:34 - 2015-07-24 20:34 - 00018812 _____ C:\Users\Beau\Downloads\guild.schematic
2015-07-23 15:28 - 2015-07-23 15:38 - 1453092691 _____ C:\Users\Beau\Downloads\ACOK_2.0.rar
2015-07-22 21:13 - 2015-07-22 21:13 - 00000000 ____D C:\Users\Beau\Documents\MKGame
2015-07-22 09:15 - 2015-07-22 09:15 - 00000000 ____D C:\Users\Beau\AppData\Local\CEF
2015-07-21 10:36 - 2015-07-21 10:36 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Shooter
2015-07-21 09:05 - 2015-07-21 09:05 - 00000218 _____ C:\Users\Beau\Desktop\Dirty Bomb.url
2015-07-20 18:13 - 2015-07-20 18:21 - 30062487 _____ C:\Users\Beau\Downloads\theme-hospital.zip
2015-07-20 18:12 - 2015-07-20 18:40 - 101116557 _____ C:\Users\Beau\Downloads\theme-park.zip
2015-07-19 21:17 - 2015-07-31 18:58 - 00000000 ____D C:\ftb
2015-07-18 20:29 - 2015-07-18 20:29 - 00000218 _____ C:\Users\Beau\Desktop\ARK Survival Evolved.url
2015-07-17 23:40 - 2015-07-17 23:40 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-07-17 23:38 - 2015-07-17 23:40 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Origin
2015-07-17 23:38 - 2015-07-17 23:40 - 00000000 ____D C:\Users\Beau\AppData\Local\Origin
2015-07-17 23:37 - 2015-07-17 23:38 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-17 23:37 - 2015-07-17 23:37 - 17112384 _____ (Electronic Arts, Inc.) C:\Users\Beau\Downloads\OriginThinSetup.exe
2015-07-17 23:37 - 2015-07-17 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-07-17 23:37 - 2015-07-17 23:37 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-07-17 21:35 - 2015-07-17 23:40 - 00000000 ____D C:\ProgramData\Origin
2015-07-17 20:20 - 2015-07-17 20:20 - 00194048 _____ (Microsoft Corporation) C:\Users\Beau\Downloads\TrustedInstaller.exe
2015-07-17 20:17 - 2015-07-17 20:17 - 00026959 _____ C:\Users\Beau\Desktop\dds.txt
2015-07-17 20:17 - 2015-07-17 20:17 - 00020322 _____ C:\Users\Beau\Desktop\attach.txt
2015-07-17 20:16 - 2015-07-17 20:16 - 00688992 ____R (Swearware) C:\Users\Beau\Downloads\dds.scr
2015-07-17 20:02 - 2015-07-17 20:02 - 02816040 _____ C:\Users\Beau\Downloads\SecurityTaskManager_Setup.exe
2015-07-17 19:54 - 2015-07-17 19:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Beau\Downloads\HijackThis.exe
2015-07-17 19:41 - 2015-07-17 19:41 - 00062902 _____ C:\Users\Beau\Downloads\Dragon+Age%3A+Inquisition+Deluxe+Edition-SKIDROWCRACK.torrent
2015-07-14 16:08 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 16:08 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 16:08 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 16:08 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 16:08 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 16:08 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 16:08 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 16:08 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 16:08 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 16:08 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 16:08 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 16:08 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 16:08 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 16:08 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 16:07 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 16:07 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 16:07 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 16:07 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 16:07 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 16:07 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 16:07 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 16:07 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 16:07 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 16:07 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 16:07 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 16:07 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 16:07 - 2015-06-11 13:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 16:07 - 2015-06-11 13:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-14 16:07 - 2015-06-11 13:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-12 13:59 - 2015-04-15 10:28 - 01433220 _____ C:\Windows\WindowsUpdate.log
2015-08-12 13:56 - 2015-05-23 21:22 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Skype
2015-08-12 13:54 - 2015-04-15 11:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-12 13:54 - 2015-04-15 11:28 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-08-12 13:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-12 13:53 - 2015-07-12 19:22 - 00000000 ____D C:\AdwCleaner
2015-08-12 13:43 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-08-12 13:42 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-08-12 12:13 - 2009-07-14 00:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-12 12:13 - 2009-07-14 00:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 12:05 - 2015-07-10 18:24 - 00000024 _____ C:\Users\Beau\AppData\Roaming\appdataFr25.bin
2015-08-12 11:44 - 2009-07-14 00:45 - 00306912 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 11:42 - 2015-06-26 01:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 11:42 - 2015-06-26 01:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 01:20 - 2015-04-22 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 01:20 - 2015-04-20 21:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 01:19 - 2015-04-22 09:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 01:19 - 2015-04-22 09:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 01:15 - 2015-06-26 00:44 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 01:12 - 2015-06-26 00:44 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 23:49 - 2015-04-15 18:04 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Mumble
2015-08-10 20:32 - 2015-06-30 20:38 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Curse Client
2015-08-10 19:20 - 2015-05-07 23:28 - 00000000 ____D C:\Users\Beau\AppData\Roaming\uTorrent
2015-08-04 23:00 - 2015-04-29 09:59 - 00000000 ____D C:\Users\Beau\AppData\Roaming\Apple Computer
2015-08-04 23:00 - 2015-04-29 09:59 - 00000000 ____D C:\Users\Beau\AppData\Local\Apple Computer
2015-08-04 22:14 - 2015-04-15 11:31 - 00070736 _____ C:\Users\Beau\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 07:27 - 2015-05-06 00:16 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-04 07:27 - 2015-05-06 00:16 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-08-03 12:00 - 2015-04-18 17:10 - 00000000 ____D C:\Users\Beau\AppData\Local\CrashDumps
2015-08-01 17:38 - 2015-05-18 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-01 17:38 - 2015-04-15 11:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-01 17:38 - 2015-04-15 11:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-01 17:38 - 2015-04-15 11:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-01 17:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-31 18:57 - 2015-04-15 21:49 - 00000000 ____D C:\Users\Beau\AppData\Local\ftblauncher
2015-07-31 18:57 - 2015-04-15 11:32 - 00000000 ____D C:\Users\Beau\AppData\Local\Google
2015-07-31 18:33 - 2015-04-15 21:49 - 00000000 ____D C:\Users\Beau\AppData\Roaming\ftblauncher
2015-07-31 18:33 - 2015-04-15 21:45 - 07552083 _____ () C:\Users\Beau\Desktop\FTB_Launcher.exe
2015-07-29 19:39 - 2015-04-15 22:27 - 00000000 ____D C:\Users\Beau\Documents\Mount&Blade Warband
2015-07-28 18:28 - 2015-04-15 14:13 - 00000000 ____D C:\Windows\Panther
2015-07-28 18:24 - 2015-07-10 09:39 - 00000000 ____D C:\$Windows.~BT
2015-07-28 02:47 - 2015-07-02 22:06 - 00000000 ____D C:\Users\Beau\AppData\Roaming\FileZilla
2015-07-28 02:41 - 2015-07-02 23:33 - 00000000 ____D C:\Users\Beau\Documents\A UoP Folder
2015-07-27 22:08 - 2015-06-16 21:09 - 00000000 ____D C:\Users\Beau\AppData\Roaming\.minecraft
2015-07-27 00:47 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-27 00:42 - 2015-06-29 03:18 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-24 23:10 - 2015-07-02 22:02 - 00000600 _____ C:\Users\Beau\AppData\Local\PUTTY.RND
2015-07-24 20:58 - 2015-06-16 21:08 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-07-24 19:10 - 2015-04-15 22:30 - 00000000 ____D C:\Users\Beau\Documents\Mount&Blade Warband Savegames
2015-07-21 10:28 - 2015-05-18 23:20 - 00000000 ____D C:\Users\Beau\Documents\My Games
2015-07-20 19:38 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\Setup
2015-07-20 18:08 - 2015-06-25 21:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-17 16:43 - 2015-05-06 00:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-17 16:42 - 2015-05-06 00:16 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 22:21 - 2015-06-29 03:18 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 16:56 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 15:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-14 15:53 - 2015-05-23 21:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-14 15:53 - 2015-05-23 21:22 - 00000000 ____D C:\ProgramData\Skype
2015-07-14 00:21 - 2015-05-07 00:46 - 00000000 ____D C:\Users\Beau\Documents\Visual Studio 2012

==================== Files in the root of some directories =======

2015-07-10 18:24 - 2015-08-12 12:05 - 0000024 _____ () C:\Users\Beau\AppData\Roaming\appdataFr25.bin
2015-07-02 22:02 - 2015-07-24 23:10 - 0000600 _____ () C:\Users\Beau\AppData\Local\PUTTY.RND
2015-06-25 21:15 - 2015-06-25 21:15 - 0000000 _____ () C:\Users\Beau\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\Beau\AppData\Local\Temp\Quarantine.exe
C:\Users\Beau\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 17:45

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by Beau (2015-08-12 14:02:49)
Running from C:\Users\Beau\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2242160774-993639722-2474802955-500 - Administrator - Disabled)
Beau (S-1-5-21-2242160774-993639722-2474802955-1000 - Administrator - Enabled) => C:\Users\Beau
Guest (S-1-5-21-2242160774-993639722-2474802955-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2242160774-993639722-2474802955-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2242160774-993639722-2474802955-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
ASRock eXtreme Tuner v0.1.257 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.31 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: 1.31 - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Beamdog)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CactusVPN (HKLM-x32\...\CactusVPN) (Version: 4.4.0 - CactusVPN.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{A1A724F3-F1A6-479C-AE98-208946717E2B}) (Version: 42.0.2311.39 - Google Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
EVE Online (HKLM-x32\...\{CC9CB947-73DB-47CD-A106-64CD8F871B90}) (Version: 3.0.0 - CCP Games Ltd.)
FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version: - Edge Case Games Ltd.)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
Kenshi (HKLM-x32\...\Steam App 233860) (Version: - Lo-Fi Games)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LEGO® Worlds (HKLM-x32\...\Steam App 332310) (Version: - TT Games)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{c93c1c16-fd12-4b07-8926-2a4af46b6597}) (Version: 11.0.50727.26 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.6.1.5336 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version: - Vitali Kirpu)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PuTTY release 0.64 (HKLM-x32\...\PuTTY_is1) (Version: 0.64 - Simon Tatham)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version: - Beam Team Games)
Stronghold Legends (HKLM-x32\...\Steam App 40980) (Version: - FireFly Studios)
System Requirements Lab Detection (HKLM-x32\...\{AE6260A1-81C5-45F0-BA26-E903ADDA7B3C}) (Version: 6.1.4.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.31 - ASRock Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-08-2015 22:12:55 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
04-08-2015 22:59:55 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
05-08-2015 03:00:07 Windows Update
08-08-2015 10:59:55 Windows Update
11-08-2015 16:14:34 Windows Update
12-08-2015 01:12:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-08-04 23:30 - 00000920 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
127.0.0.1 auth1.lavishsoft.com
127.0.0.1 auth2.lavishsoft.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0410DBE6-E995-4AF3-B54C-2DA622C88303} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {11B422E9-F41D-4896-9A2A-24E019C96B9E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {3F133755-0162-429C-A451-12FB6901BD64} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {410BC320-8165-441F-8049-4A99656DAB58} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {43585705-4F58-4331-968D-AF735731DC70} - System32\Tasks\{F1E0F210-FA71-4A2D-8762-123C748095C3} => pcalua.exe -a C:\Users\Beau\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Beau\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:3388
Task: {62E184FC-9505-440C-B54A-50C8EEEB5D13} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-08-04] ()
Task: {69A8AF3C-6AD4-4B62-9A61-94E4ABDE43C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9A8C54AA-9E87-40E1-90F7-1E64E6CB760F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {BA5BB2A1-A2E8-4AD6-BA1F-663ACCF01933} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CA5F13E8-FD78-48C5-AFB0-2BC03ABE22AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-04-15 11:52 - 2015-05-11 23:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2004-09-30 14:15 - 2004-09-30 14:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-06-02 11:18 - 2015-06-02 11:18 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2015-03-24 09:28 - 2015-03-24 09:28 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2015-03-24 09:28 - 2015-03-24 09:28 - 00775872 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2015-03-24 09:27 - 2015-03-24 09:27 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2015-03-24 09:27 - 2015-03-24 09:27 - 00012800 _____ () C:\Program Files\Rainmeter\Plugins\PerfMon.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-04-15 11:53 - 2015-07-24 00:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-15 21:54 - 2015-07-03 12:12 - 00778240 _____ () D:\Program Files 2\Steam\SDL2.dll
2015-04-15 21:54 - 2015-07-03 12:12 - 04962816 _____ () D:\Program Files 2\Steam\v8.dll
2015-04-15 21:54 - 2015-07-03 12:12 - 01556992 _____ () D:\Program Files 2\Steam\icui18n.dll
2015-04-15 21:54 - 2015-07-03 12:12 - 01187840 _____ () D:\Program Files 2\Steam\icuuc.dll
2015-04-15 21:54 - 2015-07-23 19:24 - 02410176 _____ () D:\Program Files 2\Steam\video.dll
2015-04-15 21:54 - 2014-12-01 17:31 - 02396672 _____ () D:\Program Files 2\Steam\libavcodec-56.dll
2015-04-15 21:54 - 2014-12-01 17:31 - 00442880 _____ () D:\Program Files 2\Steam\libavutil-54.dll
2015-04-15 21:54 - 2014-12-01 17:31 - 00479744 _____ () D:\Program Files 2\Steam\libavformat-56.dll
2015-04-15 21:54 - 2014-12-01 17:31 - 00332800 _____ () D:\Program Files 2\Steam\libavresample-2.dll
2015-04-15 21:54 - 2014-12-01 17:31 - 00485888 _____ () D:\Program Files 2\Steam\libswscale-3.dll
2015-04-15 21:54 - 2015-07-23 19:23 - 00703168 _____ () D:\Program Files 2\Steam\bin\chromehtml.DLL
2004-09-30 13:09 - 2004-09-30 13:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
2015-08-12 12:41 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-12 12:41 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-12 12:41 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-12 12:41 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-12 12:41 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-15 21:54 - 2015-07-03 12:12 - 39553928 _____ () D:\Program Files 2\Steam\bin\libcef.dll
2015-06-24 17:36 - 2015-06-24 17:36 - 00393608 _____ () C:\Users\Beau\AppData\Roaming\Curse Client\Bin\opus.dll
2015-06-24 17:36 - 2015-06-24 17:36 - 00443272 _____ () C:\Users\Beau\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2015-06-09 10:43 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 10:43 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-07-15 15:48 - 2015-07-13 10:14 - 16307888 _____ () C:\Users\Beau\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll
2015-08-12 13:55 - 2015-08-12 13:55 - 00012800 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00009728 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00014848 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00094208 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\src\rgloader\rgloader193.mswin.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00009216 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00094208 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00126976 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00087552 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00016384 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00127316 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\bin\libffi-6.dll
2015-08-12 13:55 - 2015-08-12 13:55 - 00008704 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00013312 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-12 13:55 - 2015-08-12 13:55 - 00095744 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00026624 _____ () C:\Users\Beau\AppData\Local\Temp\ocrCE84.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00012800 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00009728 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00014848 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00094208 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\src\rgloader\rgloader193.mswin.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00094208 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00118784 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00069120 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00083968 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\bin\zlib1.dll
2015-08-12 13:56 - 2015-08-12 13:56 - 00026624 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00275968 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00015360 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00008192 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00009216 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00023552 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00008704 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00008704 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00008704 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00008704 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00036352 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00126976 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00087552 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00016384 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00127316 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\bin\libffi-6.dll
2015-08-12 13:56 - 2015-08-12 13:56 - 00013312 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00095744 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-12 13:56 - 2015-08-12 13:56 - 00026624 _____ () C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-08-04 22:59 - 2015-08-04 22:59 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-08-04 22:59 - 2015-08-04 22:59 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-04-15 11:47 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2242160774-993639722-2474802955-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beau\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Cautious Help => 2
MSCONFIG\startupreg: MK LOL => "C:\Program Files (x86)\MKJogo\MK IM\Bin\MKIM.exe" -auto

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ADAC0C7D-95D7-4311-A9E7-143E81727AF3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4880E4FE-1D17-4CB4-8988-7B2E1E52DB35}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5EF4C0D1-9E08-4B7C-A3C4-1E7808CA1125}] => (Allow) D:\Program Files 2\Steam\Steam.exe
FirewallRules: [{ED91F011-9069-43B1-8B83-A22B1B615F76}] => (Allow) D:\Program Files 2\Steam\Steam.exe
FirewallRules: [{B63B79A9-5F4B-42B6-9A73-45E156EF8C13}] => (Allow) D:\Program Files 2\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA9134CA-F001-4A8C-8920-687690F00EF7}] => (Allow) D:\Program Files 2\Steam\bin\steamwebhelper.exe
FirewallRules: [{A47ED636-C0F8-4601-8E3F-42B46D1FCBE7}] => (Allow) D:\Program Files 2\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{CB32A3E0-1DFE-46C4-BF3B-1EC76E5D6435}] => (Allow) D:\Program Files 2\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{D2E61503-2C23-49E6-80CB-2D441DA15C86}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
FirewallRules: [{0F77EF29-2B98-4FC9-9144-5CF6D8DEFD83}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C69C27B7-FEC4-432A-96B8-18E44B67A0C5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{D0069228-61E2-4AD4-AC89-6C20F78AD6C0}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{A49A6315-1D46-4E5C-A07D-34D9FBA16186}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{C09FF6EF-C502-4442-B449-D83141C0BD10}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Kenshi\kenshi_STEAM.exe
FirewallRules: [{15BB050E-7313-4CB8-B868-8EF503E16BD8}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Kenshi\kenshi_STEAM.exe
FirewallRules: [{CB540B93-D316-4F0C-B539-3C805B9279DA}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{321E7349-E533-46EA-B929-6F49379C373E}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{CB215C06-71A7-4052-823C-C12266A9FAF2}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{B2CF6954-7419-4B92-8B05-890830ED39FD}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{EA829E7C-1721-4397-B87B-AF1E3A842FDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BE6FE35-D4BA-4DB5-B312-E5DA206A6947}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5C2E4EBF-3114-4A68-9A18-911175C76DE1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAF6FEE8-2647-4B8B-96E5-D0E597B7B6A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{16D9DB36-7589-4C48-87D8-5C56DF9C9336}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{95A28DC6-6C42-46DF-AA13-846B04AF2C37}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{B5A1C052-D763-4F1E-92C4-2B6177608EF7}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{40D91D3E-B9A4-4E90-B08D-E7F1D16AF166}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{85E009DB-A55A-4667-B6D2-3FF2636DEF0E}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{C7EEEF87-21C3-48C0-AC9B-1239ECBE10D1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{5EE2267A-70C4-42E8-823C-780C25B1AD39}] => (Allow) C:\Users\Beau\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{98936D0C-2651-4F72-94A9-FF2D6A95DFB9}] => (Allow) C:\Users\Beau\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83B3CC16-279A-48FB-9673-72EF37A320F8}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{71AEF0BE-1EE9-472B-87CE-049A0867AF53}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{CF3C8D5B-28CD-4D00-B580-628BA9AFA6C1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6F938AE9-CE15-4C54-8D83-39BA464B5225}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{4E81C0DD-795E-4F84-8B79-266337B1FE81}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{BE0F8C1B-3E39-438B-BD10-EF6C31A3682D}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{F3D7E94F-F5B6-4D26-9BAA-DCC61E29D873}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [TCP Query User{6314BBC4-BA9B-4C6F-B7BA-9541EB968188}C:\users\beau\lol skin counter\lolskinview.exe] => (Allow) C:\users\beau\lol skin counter\lolskinview.exe
FirewallRules: [UDP Query User{CA3DC1C7-3A2A-44F7-8AC1-4F9581F8BDA3}C:\users\beau\lol skin counter\lolskinview.exe] => (Allow) C:\users\beau\lol skin counter\lolskinview.exe
FirewallRules: [{121D6780-29E2-4DDD-B8FE-B249F8BDB713}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{686439DE-9A42-48B2-80B7-74E2BA571992}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{E638565B-09BF-43E1-964D-09ACCCAF7224}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Kenshi\kenshi_x64.exe
FirewallRules: [{C58BBE55-C442-49C3-83DB-6AF47490C622}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Kenshi\kenshi_x64.exe
FirewallRules: [{0A759D63-A18E-461E-AD80-A8E1EF027627}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A132CD58-E78B-4A86-A9A3-05283092FDCB}] => (Allow) D:\Program Files 2\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{8BDF58E5-3A80-47FA-91B3-B05218637824}] => (Allow) D:\Program Files 2\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{5E263217-0FB4-46A9-8B58-F0B7FE754AE4}D:\program files 2\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files 2\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{3CF4006E-1705-45D5-B154-AC13F3BFA855}D:\program files 2\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\program files 2\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{0BC938E4-A9D3-4066-BF10-602891EA4913}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [{5CF3175D-C46D-40CA-A47E-BA0EF442ADF0}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Stronghold Legends\StrongholdLegends.exe
FirewallRules: [TCP Query User{D4E64201-F0F4-41D2-9DBE-B4404AE508AF}C:\users\beau\appdata\local\spoon\sandbox\life is feudal_colon_ your own\0.5.0.1\local\stubexe\0x73f794005a0a2f00\cm_yo_server.exe] => (Allow) C:\users\beau\appdata\local\spoon\sandbox\life is feudal_colon_ your own\0.5.0.1\local\stubexe\0x73f794005a0a2f00\cm_yo_server.exe
FirewallRules: [UDP Query User{57D5390E-E1FD-4EAF-8F85-CB7F1F7D1618}C:\users\beau\appdata\local\spoon\sandbox\life is feudal_colon_ your own\0.5.0.1\local\stubexe\0x73f794005a0a2f00\cm_yo_server.exe] => (Allow) C:\users\beau\appdata\local\spoon\sandbox\life is feudal_colon_ your own\0.5.0.1\local\stubexe\0x73f794005a0a2f00\cm_yo_server.exe
FirewallRules: [TCP Query User{45B3832F-4621-4F1D-A8D6-18724A80199D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5F8EAA65-A5AF-44AC-A21C-4855DB15C01B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{FFC2F46F-DB57-49DF-82C2-9454819A11FC}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{61D69143-718C-4E29-8F04-F84D4FF3813C}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{2CF62EF3-0144-40A8-B075-F17CF36DF797}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{339F95C0-0F24-49F0-A6FE-59A46AC1A19C}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{05DEB358-E57C-440A-BFA4-D629ACA8EC48}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{9F873B49-2D4F-4D11-9D1B-5221D0296705}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{942FD0C2-3D7E-43E3-BF9D-D27705C4C915}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{EF0EE040-5544-46D5-9799-3CE5923DE349}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{2D0183F7-1853-4FD5-9D6A-9709EF5E5FAD}D:\program files 2\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\program files 2\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{0EFBCD41-773B-40F8-9D8C-8EC3069A4A23}D:\program files 2\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\program files 2\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{494A03A1-7604-48CD-9967-39C1799A77F0}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{F70534F7-DD35-47BD-A403-B1BF76994D50}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Space\spacegame\Binaries\Win64\spacegame-Win64-Shipping.exe
FirewallRules: [{1AB8288E-70D4-4013-AE89-55B297B15CE7}] => (Allow) D:\Program Files 2\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{5B35AD6B-33CF-4220-97F9-87944F50A677}] => (Allow) D:\Program Files 2\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [TCP Query User{A37E0390-4A40-4442-8168-9AFFF195FD8D}D:\program files 2\ccp\eve\bin\exefile.exe] => (Allow) D:\program files 2\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{A4EBABD1-DC5C-4CD2-AEFD-2F3F591ADAAF}D:\program files 2\ccp\eve\bin\exefile.exe] => (Allow) D:\program files 2\ccp\eve\bin\exefile.exe
FirewallRules: [{7AAFE751-4184-473B-8B4C-AB132DD49642}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{384A0159-CC15-4D37-9CB5-11B8060BEA0C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{58FBCF01-0E91-4BE4-9573-2CA8651485FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F94A2B21-5F64-4522-8E9C-088E3AD70184}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4283E9C3-95C7-4A09-942C-4A10D1B57482}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A5263CB7-1B28-43D8-9683-68E162A6F7A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C2A66D0-2178-47BE-87EB-74722D04C2A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0B98B685-BD37-4C26-BBD6-54663D4D8C2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2F4F9AE3-B4AB-41DD-83EE-EC3E3E0D02E4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5EA1229C-D9BC-4A33-9A2A-4DE6C7B5069E}C:\users\beau\appdata\local\temp\7zodac2.tmp\isboxer_server_v2.exe] => (Allow) C:\users\beau\appdata\local\temp\7zodac2.tmp\isboxer_server_v2.exe
FirewallRules: [UDP Query User{3E8ABF53-0C92-48D4-A8F2-A539DC989D20}C:\users\beau\appdata\local\temp\7zodac2.tmp\isboxer_server_v2.exe] => (Allow) C:\users\beau\appdata\local\temp\7zodac2.tmp\isboxer_server_v2.exe
FirewallRules: [{8488E611-70EE-485B-A001-02802A4D756A}] => (Block) C:\users\beau\appdata\local\temp\7zodac2.tmp\isboxer_server_v2.exe
FirewallRules: [{379C22AB-07DC-4A47-80CB-0F0DFEE7D402}] => (Block) C:\users\beau\appdata\local\temp\7zodac2.tmp\isboxer_server_v2.exe
FirewallRules: [TCP Query User{3F016773-2745-4792-A815-CE5979CC3454}C:\users\beau\appdata\local\temp\7zoad0f.tmp\isboxer_server_v2.exe] => (Allow) C:\users\beau\appdata\local\temp\7zoad0f.tmp\isboxer_server_v2.exe
FirewallRules: [UDP Query User{9EC91E48-08D8-487B-BFD3-A46BE7FF7CB1}C:\users\beau\appdata\local\temp\7zoad0f.tmp\isboxer_server_v2.exe] => (Allow) C:\users\beau\appdata\local\temp\7zoad0f.tmp\isboxer_server_v2.exe
FirewallRules: [{057779C3-769B-4794-8447-35CA2BEA6782}] => (Block) C:\users\beau\appdata\local\temp\7zoad0f.tmp\isboxer_server_v2.exe
FirewallRules: [{58EF7C77-D3EB-47B9-9E95-11123EA1659C}] => (Block) C:\users\beau\appdata\local\temp\7zoad0f.tmp\isboxer_server_v2.exe
FirewallRules: [TCP Query User{69C54049-47AB-4009-B96E-6F9000A2EE04}C:\users\beau\desktop\isboxer_server_v2.exe] => (Allow) C:\users\beau\desktop\isboxer_server_v2.exe
FirewallRules: [UDP Query User{D930809F-DEBA-4568-BB1C-E612220747EF}C:\users\beau\desktop\isboxer_server_v2.exe] => (Allow) C:\users\beau\desktop\isboxer_server_v2.exe
FirewallRules: [{7D1314AF-1811-40E9-A972-84232C385083}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{5C5F1C2C-5C2B-484E-935C-9EF38C04481B}] => (Allow) D:\Program Files 2\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2015 01:57:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013, time stamp: 0x50aa9310
Faulting module name: ISDI2.dll, version: 11.7.0.1013, time stamp: 0x50aa92da
Exception code: 0xc0000417
Fault offset: 0x000462d0
Faulting process id: 0x59c
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3

Error: (08/12/2015 01:54:48 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (08/12/2015 01:53:41 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (08/12/2015 12:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013, time stamp: 0x50aa9310
Faulting module name: ISDI2.dll, version: 11.7.0.1013, time stamp: 0x50aa92da
Exception code: 0xc0000417
Fault offset: 0x000462d0
Faulting process id: 0xbc0
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3

Error: (08/12/2015 11:58:03 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (08/12/2015 11:54:36 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (08/12/2015 11:47:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013, time stamp: 0x50aa9310
Faulting module name: ISDI2.dll, version: 11.7.0.1013, time stamp: 0x50aa92da
Exception code: 0xc0000417
Fault offset: 0x000462d0
Faulting process id: 0x1714
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3

Error: (08/12/2015 11:44:51 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2

Error: (08/10/2015 07:20:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Cortana.local already in use; will try Cortana-2.local instead

Error: (08/10/2015 07:20:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Cortana.local. Addr 192.168.0.10


System errors:
=============
Error: (08/12/2015 01:57:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2015 01:57:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/12/2015 01:55:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%-2147024894

Error: (08/12/2015 01:55:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Splendid Poem service failed to start due to the following error:
%%2

Error: (08/12/2015 01:53:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/12/2015 01:53:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2015 01:53:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/12/2015 01:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/12/2015 01:53:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/12/2015 01:53:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 33%
Total physical RAM: 16337.89 MB
Available physical RAM: 10899.76 MB
Total Virtual: 32673.99 MB
Available Virtual: 26818.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:799.72 GB) NTFS
Drive d: (Storage) (Fixed) (Total:1863.01 GB) (Free:945.46 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (VS2012_PRO_ENU) (CDROM) (Total:1.44 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8D3FF166)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================
ComboFix 15-08-08.01 - Beau 08/12/2015 13:37:08.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16338.13431 [GMT -4:00]
Running from: c:\users\Beau\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-07-12 to 2015-08-12 )))))))))))))))))))))))))))))))
.
.
2015-08-12 17:41 . 2015-08-12 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-12 16:49 . 2015-08-12 16:49 -------- d-----w- c:\program files\Common Files\AV
2015-08-12 16:41 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-08-12 16:41 . 2015-08-12 17:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-08-12 16:41 . 2015-08-12 16:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-08-12 15:58 . 2015-08-12 15:58 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2015-08-12 05:20 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:20 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:16 . 2015-08-12 05:16 -------- d-----w- c:\windows\PCHEALTH
2015-08-11 20:21 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-05 06:52 . 2015-08-09 23:16 -------- d-----w- c:\users\Beau\AppData\Roaming\TS3Client
2015-08-05 06:52 . 2015-08-05 06:52 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-08-05 03:58 . 2015-08-05 03:58 -------- d-----w- c:\program files\LinkShellExtension
2015-08-05 03:25 . 2015-08-05 03:27 -------- d-----w- c:\program files (x86)\InnerSpace
2015-08-05 03:00 . 2015-08-05 03:00 -------- d-----w- c:\users\Beau\AppData\Roaming\Titanium
2015-08-05 02:59 . 2015-08-05 02:59 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2015-08-05 02:59 . 2015-08-05 03:01 -------- d-----w- c:\program files\pia_manager
2015-08-05 02:12 . 2015-08-05 02:38 -------- d-----w- c:\program files (x86)\CactusVPN
2015-08-04 11:27 . 2015-08-04 11:27 -------- d-----w- c:\program files\McAfee Security Scan
2015-08-03 14:42 . 2015-08-03 15:41 -------- d-----w- c:\program files (x86)\TeamViewer
2015-08-01 21:38 . 2015-07-24 04:21 1423304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-01 21:38 . 2015-07-24 04:21 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-01 21:38 . 2015-07-24 04:21 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-01 21:38 . 2015-07-24 04:21 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-01 21:38 . 2015-07-03 04:28 47976 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-01 21:38 . 2015-07-03 04:28 69992 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-01 21:38 . 2015-07-03 04:28 65896 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-01 01:54 . 2015-08-01 01:54 -------- d-----w- c:\users\Beau\AppData\Local\CCP
2015-07-25 03:06 . 2015-07-25 03:06 -------- d-----w- c:\users\Beau\AppData\Roaming\Python-Eggs
2015-07-24 21:05 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EF35EAE-F8FB-4614-AE31-8E3B805E5572}\mpengine.dll
2015-07-22 17:04 . 2015-07-22 17:04 17318592 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-07-22 13:15 . 2015-07-22 13:15 -------- d-----w- c:\users\Beau\AppData\Local\CEF
2015-07-22 00:57 . 2015-07-22 00:57 1917080 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-22 00:57 . 2015-07-22 00:57 1375896 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-21 14:36 . 2015-07-21 14:36 -------- d-----w- c:\users\Beau\AppData\Roaming\Shooter
2015-07-20 01:23 . 2015-07-20 01:23 -------- d-----w- c:\users\Beau\AppData\Local\ElevatedDiagnostics
2015-07-20 01:17 . 2015-07-31 22:58 -------- d-----w- C:\ftb
2015-07-18 03:40 . 2015-07-18 03:40 -------- d-----w- c:\program files (x86)\Origin Games
2015-07-18 03:38 . 2015-07-18 03:40 -------- d-----w- c:\users\Beau\AppData\Roaming\Origin
2015-07-18 03:38 . 2015-07-18 03:40 -------- d-----w- c:\users\Beau\AppData\Local\Origin
2015-07-18 03:37 . 2015-07-18 03:37 -------- d-----w- c:\programdata\Electronic Arts
2015-07-18 03:37 . 2015-07-18 03:38 -------- d-----w- c:\program files (x86)\Origin
2015-07-18 01:35 . 2015-07-18 03:40 -------- d-----w- c:\programdata\Origin
2015-07-14 22:20 . 2015-07-14 22:20 756376 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-07-14 20:07 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 16:05 . 2015-07-10 22:24 24 ----a-w- c:\users\Beau\AppData\Roaming\appdataFr25.bin
2015-08-12 15:58 . 2015-04-15 15:28 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2015-08-12 05:12 . 2015-06-26 04:44 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-20 22:08 . 2015-06-26 01:24 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-15 17:54 . 2015-08-11 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-06-28 08:32 . 2015-06-28 08:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-28 08:32 . 2015-06-28 08:32 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-28 08:32 . 2015-06-28 08:32 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-28 08:32 . 2015-06-28 08:32 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-28 08:32 . 2015-06-28 08:32 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-28 08:32 . 2015-06-28 08:32 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-28 08:32 . 2015-06-28 08:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-28 08:32 . 2015-06-28 08:32 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-28 08:32 . 2015-06-28 08:32 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-28 08:32 . 2015-06-28 08:32 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-28 08:32 . 2015-06-28 08:32 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-28 08:32 . 2015-06-28 08:32 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-28 08:32 . 2015-06-28 08:32 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-28 08:32 . 2015-06-28 08:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-28 08:32 . 2015-06-28 08:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-28 08:32 . 2015-06-28 08:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-28 08:32 . 2015-06-28 08:32 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-28 08:32 . 2015-06-28 08:32 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-28 08:32 . 2015-06-28 08:32 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-28 08:32 . 2015-06-28 08:32 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-28 08:32 . 2015-06-28 08:32 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-28 08:32 . 2015-06-28 08:32 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-28 08:32 . 2015-06-28 08:32 235520 ----a-w- c:\windows\system32\url.dll
2015-06-28 08:32 . 2015-06-28 08:32 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-28 08:32 . 2015-06-28 08:32 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-28 08:32 . 2015-06-28 08:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-28 08:32 . 2015-06-28 08:32 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-28 08:32 . 2015-06-28 08:32 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-28 08:32 . 2015-06-28 08:32 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-28 08:32 . 2015-06-28 08:32 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-28 08:32 . 2015-06-28 08:32 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-28 08:32 . 2015-06-28 08:32 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-28 08:32 . 2015-06-28 08:32 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-28 08:32 . 2015-06-28 08:32 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-28 08:32 . 2015-06-28 08:32 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-28 08:32 . 2015-06-28 08:32 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-28 08:32 . 2015-06-28 08:32 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-28 08:32 . 2015-06-28 08:32 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-28 08:25 . 2015-06-28 08:25 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-28 08:25 . 2015-06-28 08:25 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-28 08:25 . 2015-06-28 08:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-28 08:25 . 2015-06-28 08:25 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-28 08:25 . 2015-06-28 08:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-28 08:25 . 2015-06-28 08:25 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-28 08:25 . 2015-06-28 08:25 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-28 08:25 . 2015-06-28 08:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-28 08:25 . 2015-06-28 08:25 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-28 08:25 . 2015-06-28 08:25 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-28 08:25 . 2015-06-28 08:25 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-28 08:25 . 2015-06-28 08:25 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-28 08:25 . 2015-06-28 08:25 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-06-28 08:25 . 2015-06-28 08:25 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-28 08:25 . 2015-06-28 08:25 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-28 08:25 . 2015-06-28 08:25 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-28 08:25 . 2015-06-28 08:25 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-28 08:25 . 2015-06-28 08:25 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-28 08:25 . 2015-06-28 08:25 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-27 07:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-06-27 07:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-06-26 04:50 . 2015-05-07 04:46 2503072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2015-06-23 17:30 . 2015-04-15 15:11 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 22:57 . 2015-06-18 04:10 238376 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2015-06-17 05:01 . 2015-06-17 05:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-05-26 10:37 . 2015-05-26 10:37 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2015-05-26 10:37 . 2015-05-26 10:37 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2015-05-26 10:37 . 2015-05-26 10:37 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2015-05-26 10:37 . 2015-05-26 10:37 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2015-05-25 18:19 . 2015-06-28 01:26 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-28 01:26 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-28 01:26 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:18 . 2015-06-28 01:26 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-28 01:26 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-28 01:26 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-28 01:26 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-28 01:26 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-28 01:26 19456 ----a-w- c:\windows\system32\diskperf.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2015-05-17 13:36 579784 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2015-05-17 13:36 579784 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2015-05-17 13:36 579784 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files 2\Steam\steam.exe" [2015-07-23 2895552]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2015-04-15 5021448]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\Beau\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2015-6-25 7119752]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2015-3-24 36544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 330456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Splendid Poem;Splendid Poem;c:\program files (x86)\Splendid Poem\Splendid Poem.exe;c:\program files (x86)\Splendid Poem\Splendid Poem.exe [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 Cautious Help;Cautious Help;c:\users\Beau\AppData\Roaming\Cautious Help\Cautious Help.exe;c:\users\Beau\AppData\Roaming\Cautious Help\Cautious Help.exe [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-09 14:42 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2015-05-17 13:36 744136 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2015-05-17 13:36 744136 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2015-05-17 13:36 744136 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-07-24 2634896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-07 169768]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-07-24 1710568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7104287B-01F2-4C51-B2EF-A4732FE488B0} - c:\program files (x86)\NewSaVVer\BMzgWGF89Mz9J2.dll
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
BHO-{7104287B-01F2-4C51-B2EF-A4732FE488B0} - c:\program files (x86)\NewSaVVer\BMzgWGF89Mz9J2.x64.dll
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{29da3a37-6a61-4767-bb98-86d0515cd0b1} - c:\programdata\Package Cache\{29da3a37-6a61-4767-bb98-86d0515cd0b1}\VS11-KB3002339.exe
AddRemove-{312d9252-c71c-4c84-b171-f4ad46e22098} - c:\programdata\Package Cache\{312d9252-c71c-4c84-b171-f4ad46e22098}\VS2012.4.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{56ef8912-352f-4fab-9c73-6f1c92a7127f} - c:\programdata\Package Cache\{56ef8912-352f-4fab-9c73-6f1c92a7127f}\patch_KB2781514.exe
AddRemove-{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} - c:\program files (x86)\NewSaVVer\BMzgWGF89Mz9J2.exe
AddRemove-{c93c1c16-fd12-4b07-8926-2a4af46b6597} - c:\programdata\Package Cache\{c93c1c16-fd12-4b07-8926-2a4af46b6597}\vs_professional.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-12 13:43:24
ComboFix-quarantined-files.txt 2015-08-12 17:43
.
Pre-Run: 856,885,600,256 bytes free
Post-Run: 858,589,171,712 bytes free
.
- - End Of File - - D95E447FF33E0AE82B8440F8BE7BD458
A36C5E4F47E84449FF07ED3517B43A31

Attached Files


Edited by Oh My!, 12 August 2015 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:33 AM

Posted 12 August 2015 - 05:22 PM

Greetings firefoot87 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
S4 Cautious Help; C:\Users\Beau\AppData\Roaming\Cautious Help\Cautious Help.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Splendid Poem; "C:\Program Files (x86)\Splendid Poem\Splendid Poem.exe" [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-08-12 12:05 - 2015-07-10 18:24 - 00000024 _____ C:\Users\Beau\AppData\Roaming\appdataFr25.bin
2015-06-25 21:15 - 2015-06-25 21:15 - 0000000 _____ () C:\Users\Beau\AppData\Local\Temp.dat
Hosts:
cmd: ipconfig /flushdns
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Copy and paste the following into the main box

createsrpoint;
autoclean;
emptyalltemp;

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • zoek report
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 firefoot87

firefoot87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 August 2015 - 07:14 PM

Hello Gary! My name is Beau. Thanksarrow-10x10.png so much for the info. I have included the information you have requested. Looking forward to the next set of stepsarrow-10x10.png. Thanks!

Fix result of Farbar Recovery Scan Tool (x64) Version:12-08-2015
Ran by Beau (2015-08-12 19:45:38) Run:1
Running from C:\Users\Beau\Desktop
Loaded Profiles: Beau (Available Profiles: Beau)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
S4 Cautious Help; C:\Users\Beau\AppData\Roaming\Cautious Help\Cautious Help.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Splendid Poem; "C:\Program Files (x86)\Splendid Poem\Splendid Poem.exe" [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-08-12 12:05 - 2015-07-10 18:24 - 00000024 _____ C:\Users\Beau\AppData\Roaming\appdataFr25.bin
2015-06-25 21:15 - 2015-06-25 21:15 - 0000000 _____ () C:\Users\Beau\AppData\Local\Temp.dat
Hosts:
cmd: ipconfig /flushdns
*****************

C:\Users\Beau\AppData\Local\Temp\ocr68EF.tmp => moved successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2242160774-993639722-2474802955-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
Cautious Help => service removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
Splendid Poem => service removed successfully
EagleX64 => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
xhunter1 => service removed successfully
C:\Users\Beau\AppData\Roaming\appdataFr25.bin => moved successfully.
C:\Users\Beau\AppData\Local\Temp.dat => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog 19:45:38 ====

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Beau on Wed 08/12/2015 at 19:52:06.51.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Beau\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/12/2015 7:53:09 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Nexon deleted successfully
C:\PROGRA~2\OpenVPN Technologies deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\PROGRA~2\Ponyhoof deleted successfully
C:\Users\Beau\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Nexon not found
C:\PROGRA~2\OpenVPN Technologies not found
C:\PROGRA~2\Origin Games not found
C:\PROGRA~2\Ponyhoof not found
C:\PROGRA~2\Box for Chrome OS Beta deleted
C:\Users\Beau\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\Syswow64\REN1B86.tmp deleted
"C:\Users\Beau\AppData\Roaming\.technic" deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124



==== Chromium Startpages ======================

C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Preferences
jdpnpccoofpliimaahmaaome":"649F036D725EEABF9E242F28CB8AB50FD9DF3D1CC627970DFFFA64C26B8A6DE7","nmbfljkmcghmakofbhhgemjhboabdkcn":"5E196F1CA5649566770554212F7DC64CA9B75EA7B6C2517E9B60165F12D41618","nmmhkkegccagdldgiimedpiccmgmieda":"A87D5B60FFA52DD62C2630EFB958020CABBEE18C5649CA48913860562CECC649","ogminpmldncgcmokldnmmapddoccmhfl":"9516A47869C27DCBCE9CFB677770FC0D49BEF4B4F5A539B0D559AC2CD0E0B55C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"D6BAD5F0A483BD976ED9887B19F13002C65CEFF5027AC4801AA3332DD1566991","piokgjofipobhhcckaefibmkilneokhg":"5510C1526EB6E938253CBA7295D5C0CE0DBE6D4B4DC0E023D338BEEAE5752C81","pjkljhegncpnkpknbcohdijeoejaedia":"103CAA57CA16476B146D69DA0D64C1E1AC331AA5F9420769494BBE7865C6CB8D"}},"google":{"services":{"last_username":"08141670B00BE0348DB3C24145367FB28D332DFB68874DF4A9E5E021B638F955","username":"06B79D3C4752290444F1CC7A9AA9500DF3196B34DD5A3430F581F4DCB4155BD3"}},"homepage":"789C1E19EBC507ABF7BAB208F9315AFA6B17287740DA6189481C0267B619F411","homepage_is_newtabpage":"502A4EC68B07657AAF7363B0945EB507023DA3A7EDB09137385DE1F92A8389B9","pinned_tabs":"2280368D35531DB81CB6F84333A0573B6CC5771D02194D386D8547ED64CEFE59","prefs":{"preference_reset_time":"5CA8A1DD0E187ED2595CDEFC53E41F0F328E89636541E01AE725D7C9E533E79C"},"profile":{"reset_prompt_memento":"740A1604C500B01278CC275CEDED4A764038D8FE40A7E7D33200900DC2DA4529"},"safebrowsing":{"incidents_sent":"30C4D36FD5627A621DD3B67BA5C2D84A9B248CF31AD8FE737CB4AA4F244A8ADE"},"search_provider_overrides":"28B87C2EF0F887377FE6A775AD8C6039D828EA84C1D07E781B2A4053CEC06305","session":{"restore_on_startup":"8304FD4C25F05CC56E5A95832B860B9267D4EE8AC1AA6FD5DD0CE46668B82A8B","startup_urls":"02C94DFE56ACA1A3EFA7BE436545DBF985C822595C0F946D143EBA9C3485BF60"},"software_reporter":{"prompt_reason":"2338FB6BF8641A11E68963167D5AED0B93DFF2F428F5AF26DF7F6D9374605B38","prompt_seed":"0A02E372C59CE802C8F906D33F4514FABC0D878C80814ADC9C558F6C64367251","prompt_version":"40816D9B7927B9D17F5BDC2598BC22A6793084649A7FA136DFE98DCF3D099042"},"sync":{"remaining_rollback_tries":"FBE9D692E5C93F670741351BFF74F6BE56008A386380C405DD413D1B6C42CBE6"}},"super_mac":"BC28C34416C65B5010DF804F592544BEA1D24CCCD5ABC717226D6C243E8FCC14"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com/"]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Beau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Beau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Beau\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2141 folders=661 1049675960 bytes)

==== Empty Temp Folders ======================

C:\Users\Beau\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Beau\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 08/12/2015 at 20:04:58.53 ======================

Attached Files


Edited by Oh My!, 12 August 2015 - 07:30 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:33 AM

Posted 12 August 2015 - 07:33 PM

Hi Beau.

If you could copy and paste the information in your reply it will help me review things.

Can you provide an update on your computer performance?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 firefoot87

firefoot87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 August 2015 - 07:41 PM

I can do that from now on. I've had no change so far. still tons of popups. CoolExt is one that seems to be interfering at the moment. 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:33 AM

Posted 12 August 2015 - 07:48 PM

Thanks,

Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt
  • Combofix log
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 firefoot87

firefoot87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 13 August 2015 - 07:16 PM

Here you are.

MTB:

MiniToolBox by Farbar Version: 25-07-2015 01
Ran by Beau (administrator) on 13-08-2015 at 19:08:23
Running from "C:\Users\Beau\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Cortana
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hitronhub.home

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-A6-D4-E2-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hitronhub.home
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : D0-50-99-67-72-A6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2604:2d80:8824:c3b4:e155:db05:3baa:3b43(Preferred)
Temporary IPv6 Address. . . . . . : 2604:2d80:8824:c3b4:54e4:5f11:55a:f6ec(Preferred)
Link-local IPv6 Address . . . . . : fe80::e155:db05:3baa:3b43%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 13, 2015 5:56:09 PM
Lease Expires . . . . . . . . . . : Thursday, August 20, 2015 5:56:08 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 364666868
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-C0-2E-CC-EC-1A-59-B7-53-75
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hitronhub.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hitronhub.home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A6D4E23B-9DA4-44AE-8FC1-10D6B2E3E487}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: hitronhub.home
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4002:c07::8b
74.125.196.102
74.125.196.139
74.125.196.113
74.125.196.138
74.125.196.101
74.125.196.100


Pinging google.com [74.125.196.100] with 32 bytes of data:
Reply from 74.125.196.100: bytes=32 time=16ms TTL=47
Reply from 74.125.196.100: bytes=32 time=14ms TTL=47

Ping statistics for 74.125.196.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 16ms, Average = 15ms
Server: hitronhub.home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 2001:4998:44:204::a7
2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
98.139.183.24
98.138.253.109
206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=96ms TTL=45
Reply from 206.190.36.45: bytes=32 time=97ms TTL=45

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 97ms, Average = 96ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...00 ff a6 d4 e2 3b ......TAP-Win32 Adapter V9
13...d0 50 99 67 72 a6 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.17 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.17 266
192.168.0.17 255.255.255.255 On-link 192.168.0.17 266
192.168.0.255 255.255.255.255 On-link 192.168.0.17 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.17 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.17 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 18 2604:2d80:8824:c3b4::/64 On-link
13 266 2604:2d80:8824:c3b4:54e4:5f11:55a:f6ec/128
On-link
13 266 2604:2d80:8824:c3b4:e155:db05:3baa:3b43/128
On-link
13 266 fe80::/64 On-link
13 266 fe80::e155:db05:3baa:3b43/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****



ComboFix:

ComboFix 15-08-13.01 - Beau 08/13/2015 19:20:48.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16338.12145 [GMT -4:00]
Running from: c:\users\Beau\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-07-13 to 2015-08-13 )))))))))))))))))))))))))))))))
.
.
2015-08-13 23:25 . 2015-08-13 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-13 21:56 . 2015-08-13 21:56 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2015-08-13 00:03 . 2015-08-13 23:25 -------- d-----w- c:\users\Beau\AppData\Local\Temp
2015-08-13 00:03 . 2015-08-12 23:52 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-12 23:50 . 2015-08-13 00:02 -------- d-----w- C:\zoek_backup
2015-08-12 23:48 . 2015-08-12 23:48 24 ----a-w- c:\users\Beau\AppData\Roaming\appdataFr25.bin
2015-08-12 18:02 . 2015-08-12 23:45 -------- d-----w- C:\FRST
2015-08-12 16:49 . 2015-08-12 16:49 -------- d-----w- c:\program files\Common Files\AV
2015-08-12 16:41 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-08-12 16:41 . 2015-08-12 17:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-08-12 16:41 . 2015-08-12 16:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2015-08-12 05:20 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:20 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:16 . 2015-08-12 05:16 -------- d-----w- c:\windows\PCHEALTH
2015-08-11 20:21 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-05 06:52 . 2015-08-09 23:16 -------- d-----w- c:\users\Beau\AppData\Roaming\TS3Client
2015-08-05 06:52 . 2015-08-05 06:52 -------- d-----w- c:\program files\TeamSpeak 3 Client
2015-08-05 03:58 . 2015-08-05 03:58 -------- d-----w- c:\program files\LinkShellExtension
2015-08-05 03:25 . 2015-08-05 03:27 -------- d-----w- c:\program files (x86)\InnerSpace
2015-08-05 03:00 . 2015-08-05 03:00 -------- d-----w- c:\users\Beau\AppData\Roaming\Titanium
2015-08-05 02:59 . 2015-08-05 02:59 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2015-08-05 02:59 . 2015-08-05 03:01 -------- d-----w- c:\program files\pia_manager
2015-08-05 02:12 . 2015-08-05 02:38 -------- d-----w- c:\program files (x86)\CactusVPN
2015-08-04 11:27 . 2015-08-04 11:27 -------- d-----w- c:\program files\McAfee Security Scan
2015-08-03 14:42 . 2015-08-03 15:41 -------- d-----w- c:\program files (x86)\TeamViewer
2015-08-01 21:38 . 2015-07-24 04:21 1423304 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-08-01 21:38 . 2015-07-24 04:21 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-08-01 21:38 . 2015-07-24 04:21 1756608 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-08-01 21:38 . 2015-07-24 04:21 1710568 ----a-w- c:\windows\system32\nvspcap64.dll
2015-08-01 21:38 . 2015-07-03 04:28 47976 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2015-08-01 21:38 . 2015-07-03 04:28 69992 ----a-w- c:\windows\system32\nvaudcap64v.dll
2015-08-01 21:38 . 2015-07-03 04:28 65896 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2015-08-01 01:54 . 2015-08-01 01:54 -------- d-----w- c:\users\Beau\AppData\Local\CCP
2015-07-25 03:06 . 2015-07-25 03:06 -------- d-----w- c:\users\Beau\AppData\Roaming\Python-Eggs
2015-07-24 21:05 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EF35EAE-F8FB-4614-AE31-8E3B805E5572}\mpengine.dll
2015-07-22 17:04 . 2015-07-22 17:04 17318592 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-07-22 13:15 . 2015-07-22 13:15 -------- d-----w- c:\users\Beau\AppData\Local\CEF
2015-07-22 00:57 . 2015-07-22 00:57 1917080 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-22 00:57 . 2015-07-22 00:57 1375896 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2015-07-21 14:36 . 2015-07-21 14:36 -------- d-----w- c:\users\Beau\AppData\Roaming\Shooter
2015-07-20 01:23 . 2015-07-20 01:23 -------- d-----w- c:\users\Beau\AppData\Local\ElevatedDiagnostics
2015-07-20 01:17 . 2015-07-31 22:58 -------- d-----w- C:\ftb
2015-07-18 03:38 . 2015-07-18 03:40 -------- d-----w- c:\users\Beau\AppData\Roaming\Origin
2015-07-18 03:38 . 2015-07-18 03:40 -------- d-----w- c:\users\Beau\AppData\Local\Origin
2015-07-18 03:37 . 2015-07-18 03:37 -------- d-----w- c:\programdata\Electronic Arts
2015-07-18 03:37 . 2015-07-18 03:38 -------- d-----w- c:\program files (x86)\Origin
2015-07-18 01:35 . 2015-07-18 03:40 -------- d-----w- c:\programdata\Origin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-13 21:56 . 2015-04-15 15:28 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2015-08-12 05:12 . 2015-06-26 04:44 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-20 22:08 . 2015-06-26 01:24 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-15 17:54 . 2015-08-11 20:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-04 18:07 . 2015-07-14 20:08 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-14 20:08 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-28 08:32 . 2015-06-28 08:32 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-06-28 08:32 . 2015-06-28 08:32 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-28 08:32 . 2015-06-28 08:32 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-28 08:32 . 2015-06-28 08:32 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-06-28 08:32 . 2015-06-28 08:32 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-28 08:32 . 2015-06-28 08:32 81408 ----a-w- c:\windows\system32\icardie.dll
2015-06-28 08:32 . 2015-06-28 08:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-06-28 08:32 . 2015-06-28 08:32 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-06-28 08:32 . 2015-06-28 08:32 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-06-28 08:32 . 2015-06-28 08:32 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-06-28 08:32 . 2015-06-28 08:32 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-06-28 08:32 . 2015-06-28 08:32 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-06-28 08:32 . 2015-06-28 08:32 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-06-28 08:32 . 2015-06-28 08:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-06-28 08:32 . 2015-06-28 08:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-06-28 08:32 . 2015-06-28 08:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-28 08:32 . 2015-06-28 08:32 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-06-28 08:32 . 2015-06-28 08:32 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-06-28 08:32 . 2015-06-28 08:32 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-28 08:32 . 2015-06-28 08:32 247808 ----a-w- c:\windows\system32\msls31.dll
2015-06-28 08:32 . 2015-06-28 08:32 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-06-28 08:32 . 2015-06-28 08:32 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-06-28 08:32 . 2015-06-28 08:32 235520 ----a-w- c:\windows\system32\url.dll
2015-06-28 08:32 . 2015-06-28 08:32 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-06-28 08:32 . 2015-06-28 08:32 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-06-28 08:32 . 2015-06-28 08:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-06-28 08:32 . 2015-06-28 08:32 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-06-28 08:32 . 2015-06-28 08:32 147968 ----a-w- c:\windows\system32\occache.dll
2015-06-28 08:32 . 2015-06-28 08:32 143872 ----a-w- c:\windows\system32\wextract.exe
2015-06-28 08:32 . 2015-06-28 08:32 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-06-28 08:32 . 2015-06-28 08:32 13824 ----a-w- c:\windows\system32\mshta.exe
2015-06-28 08:32 . 2015-06-28 08:32 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-06-28 08:32 . 2015-06-28 08:32 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-06-28 08:32 . 2015-06-28 08:32 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-06-28 08:32 . 2015-06-28 08:32 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-28 08:32 . 2015-06-28 08:32 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-06-28 08:32 . 2015-06-28 08:32 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-28 08:32 . 2015-06-28 08:32 101376 ----a-w- c:\windows\system32\inseng.dll
2015-06-28 08:25 . 2015-06-28 08:25 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-06-28 08:25 . 2015-06-28 08:25 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-06-28 08:25 . 2015-06-28 08:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-06-28 08:25 . 2015-06-28 08:25 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-06-28 08:25 . 2015-06-28 08:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-06-28 08:25 . 2015-06-28 08:25 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-06-28 08:25 . 2015-06-28 08:25 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-06-28 08:25 . 2015-06-28 08:25 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-06-28 08:25 . 2015-06-28 08:25 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-06-28 08:25 . 2015-06-28 08:25 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-06-28 08:25 . 2015-06-28 08:25 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-06-28 08:25 . 2015-06-28 08:25 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-06-28 08:25 . 2015-06-28 08:25 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-06-28 08:25 . 2015-06-28 08:25 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-06-28 08:25 . 2015-06-28 08:25 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-06-28 08:25 . 2015-06-28 08:25 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-06-28 08:25 . 2015-06-28 08:25 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-06-28 08:25 . 2015-06-28 08:25 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-06-28 08:25 . 2015-06-28 08:25 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-28 08:25 . 2015-06-28 08:25 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-27 07:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-06-27 07:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-06-26 04:50 . 2015-05-07 04:46 2503072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2015-06-23 17:30 . 2015-04-15 15:11 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 22:57 . 2015-06-18 04:10 238376 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2015-06-17 17:47 . 2015-07-14 20:08 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-14 20:08 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-17 05:01 . 2015-06-17 05:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-15 21:50 . 2015-07-14 20:07 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-14 20:07 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-14 20:07 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-14 20:07 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-14 20:07 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-14 20:07 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-14 20:07 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-14 20:07 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-14 20:07 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-14 20:07 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2015-05-17 13:36 579784 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2015-05-17 13:36 579784 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2015-05-17 13:36 579784 ----a-w- c:\program files\LinkShellExtension\32\HardlinkShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files 2\Steam\steam.exe" [2015-07-23 2895552]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-29 53282944]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2015-04-15 5021448]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\Beau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\Beau\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2015-6-25 7119752]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2015-3-24 36544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-09 14:42 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2015-05-17 13:36 744136 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2015-05-17 13:36 744136 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2015-05-17 13:36 744136 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-07-24 2634896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-07 169768]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-07-24 1710568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{29da3a37-6a61-4767-bb98-86d0515cd0b1} - c:\programdata\Package Cache\{29da3a37-6a61-4767-bb98-86d0515cd0b1}\VS11-KB3002339.exe
AddRemove-{312d9252-c71c-4c84-b171-f4ad46e22098} - c:\programdata\Package Cache\{312d9252-c71c-4c84-b171-f4ad46e22098}\VS2012.4.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{56ef8912-352f-4fab-9c73-6f1c92a7127f} - c:\programdata\Package Cache\{56ef8912-352f-4fab-9c73-6f1c92a7127f}\patch_KB2781514.exe
AddRemove-{c93c1c16-fd12-4b07-8926-2a4af46b6597} - c:\programdata\Package Cache\{c93c1c16-fd12-4b07-8926-2a4af46b6597}\vs_professional.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-13 19:27:43
ComboFix-quarantined-files.txt 2015-08-13 23:27
ComboFix2.txt 2015-08-12 17:43
.
Pre-Run: 858,099,290,112 bytes free
Post-Run: 857,825,595,392 bytes free
.
- - End Of File - - 4C15D5E55D87F02C6DEAE77EB786166C
A36C5E4F47E84449FF07ED3517B43A31



Roguekiller



RogueKiller V10.10.0.0 [Aug 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Beau [Administrator]
Started from : C:\Users\Beau\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/13/2015 20:07:09

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA632 ATA Device +++++
--- User ---
[MBR] 4d73076686fcae61c85660a14ca1ebfd
[BSP] b40270f93398d2a3c23d39479c556174 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ATA ST2000DL001-9VT1 SCSI Disk Device +++++
--- User ---
[MBR] 2279678441bfc6808025b313b6f9889c
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK



It should be noted that, at this time, there are still no changes in the popup battle. Thanks.

Edited by Oh My!, 13 August 2015 - 07:55 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:33 AM

Posted 13 August 2015 - 08:17 PM

Thank you for the information. Please simply copy and paste information in your reply unless instructed to attach a file.

Are you currently experiencing the same issue with either Firefox or Internet Explorer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 firefoot87

firefoot87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 13 August 2015 - 09:29 PM

No I'm not.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:33 AM

Posted 13 August 2015 - 09:44 PM

Thanks, please do this.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Test Chrome
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 firefoot87

firefoot87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 13 August 2015 - 10:19 PM

No issues during incognito browsing.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:33 AM

Posted 13 August 2015 - 10:26 PM

Very good. Please do this.

I will be logging off soon but will check back in first thing in the morning.

===================================================

Manually Troubleshooting Google Chrome Plug-ins and Extensions

--------------------
  • Launch Chrome normally
  • In the address bar type chrome://plugins and press Enter
  • Click Disable on all plugins
  • Enable one plugin at a time, restart Chrome and check the performance
  • In the address bar type chrome://extensions and press Enter
  • Uncheck any checked items
  • Enable one extensiton at a time, restart Chrome and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 firefoot87

firefoot87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 August 2015 - 07:29 AM

CoolExt extension found in the list. While this is the source of the problem, I know that if I remove it, an hour to a day from now it will be replaced by some similar extension of equal diffculty.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:33 AM

Posted 14 August 2015 - 08:31 AM

Thanks for the information. Please do this.

===================================================

Checking Chrome Sync Status

--------------------
  • Launch Chrome web browser
  • Type chrome://settings in the address bar and hit Enter
  • Under Sign in click Advanced sync settings...
  • Is Sync everything selected on the drop down list and are all 9 items underneath checked? If not, please describe
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • What are the Sync settings?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 firefoot87

firefoot87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 August 2015 - 08:37 AM

All 9 are checked. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users