Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 (64) Rootkit


  • This topic is locked This topic is locked
16 replies to this topic

#1 hehathledger

hehathledger

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 28 September 2015 - 12:18 PM

Hi there,
Im at my ends trying to figure this out on my own. Here is a list of some of the behavior and things I've tried to do to solve it myself. I've had rootkit infection before so I am familiar with some of the tell-tale signs. So just some basic info first...I've completely removed Adobe Flash off my system -- forawhile I figured I was the victim of some XSS and flash exploits because its so vulnerable. Now that Flash is off my system I know it's not that...I've also ran TFC (quite frequently) which does give me some peace of mind...but not for long. Even if it is getting rid of some temp files that this malware creates It comes back (go figure)
I cannot access my command prompt from control panel > advanced settings (this is a red flag for me) system just gives me a black screen and hangs. I cant run GMER anymore i get this error:
"C:\WINDOWS\system32\config\system: The process cannot access the file because it is being used by another process."
I can click "OK" after and scan anyways, but this never used to happen and i think the rootkits have gotten even better since 2012. Back then (the last time i was infected) i was able to use RKILL and MBAM to clean up the problem on my own. Alas, Im here now because I don't know what else to do and this type of Kernel land infection is too advanced for me to handle alone. I've considered just replacing my hard drive but I have ~ 1 TB of data and trying to transfer it without risking re-infection...Meh.
 
 
Here is a screenshot of the error I get when I try and run GMER, it seems to find something almost instantly anyways..

proof_zpseu4vcpeu.jpg
 
I have a very fast system, purchased in 2014 and when I got it browsing on the net was lightning quick. Another red flag for me is that everything is super slow and sluggish. I also get random audio "blips"
another "sign" as I see it is, whenever I restart it takes SUPER long -- so usually I just use shutdown option and restart manually -- Furtthermore, when I boot up the login screen is sometimes replaced with the "default" windows 8 login screen and not my custom one. There were a few times when I was trying to get into safemode and right when I'd be about to get something going id get booted out to see this default screen and have to re-log in again. SUPER SUSPICIOUS. I'm like 99.9% sure my system is rooted. I've tried a variety of programs to no avail. All reports are "clean"
PLEASE HELP.
 
Some more "suspicious" activity...disk Read/wripte IOPS going through the roof and im not even doing anything....
suspicious_zpsrpyfsj5l.jpg

Ahh ok this one is a bit better, notice how disk activity is nearly 0%....it will randomly spike up to like 100% with crazy amounts of activity...aswell as reading/writting going on in MASTER FILE TABLE/ MBR and what looks like to me like anonymous/encrypted shares or drives...this is SCARY somebody help me.
suspicious2_zpsgpbinh7y.jpg

Edited by Queen-Evie, 28 September 2015 - 08:38 PM.
merged other 3 posts into the original post


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:34 PM

Posted 29 September 2015 - 12:19 PM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 29 September 2015 - 08:19 PM

Hi there, thanks for the quick reply Machiavelli
Heres the logs from Farbar

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by tony (administrator) on ACERX64 (29-09-2015 21:17:16)
Running from C:\Users\tony\Downloads
Loaded Profiles: tony & basic & t00r (Available Profiles: tony & basic & t00r)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Microsoft Corporation) C:\WINDOWS\System32\snmptrap.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Farbar) C:\Users\tony\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Run: [uTorrent] => C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe [1998432 2015-06-20] (BitTorrent Inc.)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [QuickLaunchEnabled] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Policies\Explorer: [QuickLaunchEnabled] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Policies\Explorer: [ForceStartMenuLogOff] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{02D9D7E3-542F-412A-BFFB-406112EFCDE3}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{3E2F24F5-7D53-481B-9194-E9D6CEB8A1F0}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{91D18385-05AB-400A-848D-B0CA2B9BA9CC}: [DhcpNameServer] 64.71.255.204 64.71.255.198

Internet Explorer:
==================
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-500228877-2413465653-1359094120-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-500228877-2413465653-1359094120-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> DefaultScope {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {4EF32268-337B-4959-90E8-7D1CADB8BDE7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {A2B8EA94-4097-4C18-8222-2DEA254E7205} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1003 -> DefaultScope {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1003 -> {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default
FF DefaultSearchEngine: Startpage HTTPS
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "ssl_port", 6698
FF NetworkProxy: "type", 1
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\searchplugins\startpage-https.xml [2015-09-27]
FF Extension: FT DeepDark - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-08-26]
FF Extension: Bookmark on Delicious - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\delicious@techraga.com.xpi [2015-05-14]
FF Extension: Ghostery - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\firefox@ghostery.com.xpi [2015-01-23]
FF Extension: HTTP Nowhere - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\http-nowhere@cwilper.github.com.xpi [2015-01-23]
FF Extension: Self-Destructing Cookies - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-01-23]
FF Extension: FlashDisable - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2015-05-20]
FF Extension: NoSquint - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\nosquint@urandom.ca.xpi [2015-06-15]
FF Extension: Video WithOut Flash - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\vwof@drev.com.xpi [2015-05-17]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-15]
FF Extension: FlashGot - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-02-16]
FF Extension: Stylish - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-06-14]
FF Extension: Search by Image for Google - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-01-23]
FF Extension: Greasemonkey - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-08]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [100712 2012-12-18] (Native Instruments GmbH)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-06-27] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-10] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-05] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R4 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X]
S3 MFE_RR; \??\C:\Users\tony\AppData\Local\Temp\mfe_rr.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
U3 pfddrpob; \??\C:\Users\tony\AppData\Local\Temp\pfddrpob.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 21:12 - 2015-09-29 21:13 - 02192384 _____ (Farbar) C:\Users\tony\Downloads\FRST64(2).exe
2015-09-28 18:00 - 2015-09-28 18:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-09-28 18:00 - 2015-09-28 18:00 - 00000268 _____ C:\WINDOWS\system32\bootdelete.lst
2015-09-28 15:02 - 2015-09-28 15:03 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-28 14:42 - 2015-09-28 14:43 - 11350472 _____ (SurfRight B.V.) C:\Users\tony\Downloads\HitmanPro_x64.exe
2015-09-28 14:20 - 2015-09-28 14:41 - 00000000 ____D C:\ProgramData\SecTaskMan
2015-09-28 14:20 - 2015-09-28 14:20 - 02816040 _____ C:\Users\tony\Downloads\SecurityTaskManager_Setup.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 00584752 _____ (Neuber GmbH) C:\Users\tony\Downloads\RemoteProcesses.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00001111 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2015-09-28 14:14 - 2015-09-28 14:14 - 00000000 _____ C:\Users\tony\Desktop\sfc slash scannow.txt
2015-09-28 14:06 - 2011-07-25 12:40 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\tony\Downloads\Tcpview.exe
2015-09-28 14:05 - 2015-09-28 14:05 - 00365056 _____ (BiniSoft.org) C:\Users\tony\Downloads\wfc4setup.exe
2015-09-28 12:34 - 2015-09-28 12:35 - 05636489 _____ (Swearware) C:\Users\tony\Downloads\ComboFix(1).exe
2015-09-28 12:32 - 2015-09-28 12:32 - 02192384 _____ (Farbar) C:\Users\tony\Downloads\FRST64(1).exe
2015-09-28 12:30 - 2015-09-28 12:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tony\Downloads\mbar-1.09.3.1001.exe
2015-09-28 11:59 - 2015-09-28 11:59 - 00380416 _____ C:\Users\tony\Downloads\5nrcm7pi.exe
2015-09-28 00:46 - 2015-09-28 00:46 - 30172511 _____ C:\Users\tony\Downloads\xvideos.com_675b6b9e385700fb86d6ae1a9519b2e7.mp4
2015-09-28 00:46 - 2015-09-28 00:46 - 26345799 _____ C:\Users\tony\Downloads\xvideos.com_7dec755860c816681016bd2ba9a754d5.mp4
2015-09-28 00:46 - 2015-09-28 00:46 - 25934861 _____ C:\Users\tony\Downloads\xvideos.com_df35ecfd5007b6a160f6db2d0a49f18c.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 50086890 _____ C:\Users\tony\Downloads\xvideos.com_0152216c39df4227328202267ce7c011.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 26309532 _____ C:\Users\tony\Downloads\xvideos.com_f6c719a07eedd24ab340c152e8d2bc85.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 01961002 _____ C:\Users\tony\Downloads\xvideos.com_53539d65d4fd12719f48a2f3f77b18e8.mp4
2015-09-28 00:44 - 2015-09-28 00:45 - 30976922 _____ C:\Users\tony\Downloads\xvideos.com_bfe3266ae3831898c69e914ef6784479.mp4
2015-09-28 00:44 - 2015-09-28 00:44 - 16735837 _____ C:\Users\tony\Downloads\xvideos.com_82f2eccce6f56a182aaba3ed1c951e9e.mp4
2015-09-28 00:21 - 2015-09-28 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-27 20:33 - 2013-05-10 11:57 - 01661440 _____ (Slackerhome Productions) C:\Users\tony\Desktop\Better DS3.exe
2015-09-27 20:24 - 2015-09-27 20:24 - 00000000 ____D C:\Users\tony\Desktop\ScpServer
2015-09-27 20:24 - 2013-11-02 17:02 - 11438724 _____ C:\Users\tony\Desktop\ScpServer.zip
2015-09-27 20:24 - 2013-11-02 12:28 - 05073240 _____ (Microsoft Corporation) C:\Users\tony\Desktop\vcredist_x86.exe
2015-09-27 20:24 - 2013-11-02 12:28 - 00292184 _____ (Microsoft Corporation) C:\Users\tony\Desktop\dxwebsetup.exe
2015-09-27 20:24 - 2013-11-02 12:27 - 00889416 _____ (Microsoft Corporation) C:\Users\tony\Desktop\dotNetFx40_Full_setup.exe
2015-09-27 15:16 - 2015-09-27 15:22 - 74837388 _____ C:\Users\tony\Downloads\SCP DS3 Driver Package(1).zip
2015-09-27 15:10 - 2015-09-27 20:27 - 00000000 ____D C:\Program Files\Scarlett.Crush Productions
2015-09-27 15:01 - 2015-09-27 15:01 - 00000943 _____ C:\Users\Public\Desktop\DS3 Tool.lnk
2015-09-27 14:54 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Users\tony\Desktop\MijXfilt.sys
2015-09-27 14:54 - 2012-05-12 00:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\tony\Desktop\MotioninJoy_071001_signed.exe
2015-09-27 14:54 - 2011-12-07 20:42 - 01721576 _____ (Microsoft Corporation) C:\Users\tony\Desktop\WdfCoInstaller01009.dll
2015-09-27 14:54 - 2011-12-07 20:42 - 00074960 _____ (Microsoft Corporation) C:\Users\tony\Desktop\xusb21.sys
2015-09-27 14:49 - 2015-09-27 14:49 - 00759932 _____ C:\Users\tony\Downloads\BetterDS3_1.5.3(1).zip
2015-09-27 13:51 - 2015-09-27 13:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-27 13:43 - 2015-09-27 13:43 - 00011834 _____ C:\Users\tony\Desktop\MBRCheck_09.27.15_13.43.46.txt
2015-09-26 19:32 - 2015-09-26 19:45 - 00000000 ____D C:\Users\tony\Desktop\Ich Seh, Ich Seh (Severin Fiala, Veronika Franz, 2014)
2015-09-26 18:47 - 2015-09-27 11:16 - 00173560 _____ C:\Users\tony\Desktop\Higrade Dayz.mp3.sfk
2015-09-26 18:47 - 2015-09-26 18:47 - 00173544 _____ C:\Users\tony\Desktop\Higrade Dayz.sfk
2015-09-26 18:30 - 2015-09-26 18:30 - 133228844 ____T C:\Users\tony\Desktop\Higrade Dayz.wav
2015-09-26 18:30 - 2015-09-26 18:30 - 00846705 ____T C:\Users\tony\Desktop\Higrade Dayz.wav.asd
2015-09-26 18:13 - 2015-09-26 18:14 - 00173136 _____ C:\Users\tony\Desktop\Highgrade Days.mp3.sfk
2015-09-26 18:12 - 2015-09-26 18:13 - 00173120 _____ C:\Users\tony\Desktop\Highgrade Days.sfk
2015-09-26 16:29 - 2015-09-26 16:29 - 132903368 ____T C:\Users\tony\Desktop\Highgrade Days.wav
2015-09-26 16:29 - 2015-09-26 16:29 - 00845733 ____T C:\Users\tony\Desktop\Highgrade Days.wav.asd
2015-09-26 15:40 - 2015-09-26 15:40 - 00406595 _____ C:\Users\tony\Downloads\New Recording 8.m4a
2015-09-25 21:50 - 2015-09-25 21:50 - 00081451 _____ C:\Users\tony\Desktop\66523_4521074183273_884297202_n.jpeg
2015-09-23 19:17 - 2015-09-23 19:17 - 00427147 _____ C:\Users\tony\Downloads\New Recording 3.m4a
2015-09-23 17:25 - 2015-09-23 17:25 - 00431272 _____ C:\Users\tony\Downloads\New Recording 2.m4a
2015-09-22 22:59 - 2015-09-23 00:04 - 00150168 _____ C:\Users\tony\Desktop\Firestarter.mp3.sfk
2015-09-22 22:57 - 2015-09-22 22:59 - 00150832 _____ C:\Users\tony\Desktop\Firestarter.sfk
2015-09-22 22:56 - 2015-09-22 22:56 - 115789346 ____T C:\Users\tony\Desktop\Firestarter.wav
2015-09-22 22:56 - 2015-09-22 22:56 - 00735035 ____T C:\Users\tony\Desktop\Firestarter.wav.asd
2015-09-20 22:55 - 2015-09-20 22:55 - 00186928 _____ C:\Users\tony\Desktop\Resistance Is Existence2.mp3.sfk
2015-09-20 22:54 - 2015-09-20 22:55 - 00186904 _____ C:\Users\tony\Desktop\Resistance Is Existence2.sfk
2015-09-20 22:53 - 2015-09-20 22:54 - 00921269 ____T C:\Users\tony\Desktop\Resistance Is Existence2.wav.asd
2015-09-20 22:53 - 2015-09-20 22:53 - 143492276 ____T C:\Users\tony\Desktop\Resistance Is Existence2.wav
2015-09-20 22:48 - 2015-09-20 22:54 - 00186928 _____ C:\Users\tony\Desktop\Resistance Is Existence.mp3.sfk
2015-09-20 22:48 - 2015-09-20 22:48 - 00186904 _____ C:\Users\tony\Desktop\Resistance Is Existence.sfk
2015-09-20 22:44 - 2015-09-20 22:45 - 00919931 ____T C:\Users\tony\Desktop\Resistance Is Existence.wav.asd
2015-09-20 22:44 - 2015-09-20 22:44 - 143492276 ____T C:\Users\tony\Desktop\Resistance Is Existence.wav
2015-09-20 17:58 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-20 17:58 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-20 17:58 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-20 17:58 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-20 17:58 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-09-20 17:58 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-20 17:58 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-20 17:58 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-20 17:58 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-20 17:58 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-20 17:58 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-20 17:58 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-09-20 17:58 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-09-20 17:58 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-20 17:58 - 2015-07-10 15:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-20 17:58 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-20 17:58 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-20 17:58 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-20 17:58 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-20 17:58 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-20 17:58 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-20 17:58 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-20 17:58 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-20 17:58 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-20 13:26 - 2015-09-20 13:26 - 00000000 ____D C:\Users\tony\AppData\Roaming\MotioninJoy
2015-09-20 13:24 - 2015-09-27 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-09-20 13:24 - 2015-09-27 15:01 - 00000000 ____D C:\Program Files\MotioninJoy
2015-09-20 13:24 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\WINDOWS\system32\MijFrc.dll
2015-09-20 13:23 - 2013-05-19 03:02 - 00039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2015-09-20 13:23 - 2013-01-07 10:56 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-09-20 03:58 - 2015-09-20 03:58 - 00000069 _____ C:\Users\tony\Desktop\icalcs.txt
2015-09-17 21:57 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-17 21:57 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-17 21:57 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-17 21:57 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-17 21:57 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-17 21:57 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-17 21:57 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-17 21:57 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-17 21:57 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-17 21:57 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-17 21:57 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-17 21:57 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-17 21:57 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-17 21:57 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-17 21:57 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-17 21:57 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-17 21:57 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-17 21:57 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-17 21:57 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-17 21:57 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-17 21:57 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-17 21:57 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-17 21:57 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-17 21:57 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-17 21:57 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-17 21:57 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-17 21:57 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-17 21:57 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-17 21:57 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-17 21:57 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-17 21:57 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-17 21:57 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-17 21:57 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-17 21:57 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-17 21:57 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-17 21:57 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-17 21:57 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-17 21:57 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-17 21:57 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-17 21:57 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-17 21:57 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-17 21:57 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-17 21:57 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-17 21:57 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-17 21:57 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-17 21:57 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-17 21:57 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-17 21:57 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-17 21:57 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-17 21:57 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-17 21:57 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-17 21:57 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-17 21:57 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-17 21:57 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-17 21:57 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-17 21:57 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-14 15:51 - 2015-09-14 21:58 - 00000000 ___RD C:\Users\tony\Desktop\Going Places Project
2015-09-07 05:58 - 2015-09-07 05:58 - 226666903 _____ C:\Users\tony\Downloads\tecmos_deception_-_invitation_to_darkness.zip
2015-09-07 05:57 - 2015-09-07 05:57 - 414756701 _____ C:\Users\tony\Downloads\granstream_saga,_the.zip
2015-09-04 14:58 - 2015-09-04 14:58 - 00000000 ____D C:\Users\tony\AppData\Roaming\Nero
2015-09-04 14:57 - 2015-09-04 14:57 - 00000000 ____D C:\ProgramData\Nero
2015-09-04 14:57 - 2015-09-04 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-09-04 14:57 - 2015-09-04 14:57 - 00000000 ____D C:\Program Files (x86)\Nero
2015-09-04 14:57 - 2006-03-17 15:49 - 00368640 _____ (Pegasus Imaging Corporation) C:\WINDOWS\SysWOW64\TwnLib4.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 01757184 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagX7.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 00802816 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagXRA7.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 00497296 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagXpr7.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 00258048 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagXR7.dll
2015-09-02 13:49 - 2015-09-02 13:49 - 00899414 _____ C:\Users\tony\Downloads\SetupDVDDecrypter_3.5.4.0.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 21:17 - 2015-06-14 19:58 - 00018775 _____ C:\Users\tony\Downloads\FRST.txt
2015-09-29 21:17 - 2015-06-14 19:58 - 00000000 ____D C:\FRST
2015-09-29 21:03 - 2014-09-23 06:43 - 01721867 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-29 21:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-29 00:34 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-28 21:40 - 2015-05-03 20:16 - 00007668 _____ C:\Users\tony\AppData\Local\Resmon.ResmonCfg
2015-09-28 21:32 - 2014-09-23 06:04 - 00006463 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-09-28 21:12 - 2015-01-15 16:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-28 20:20 - 2015-01-15 16:31 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-500228877-2413465653-1359094120-1001
2015-09-28 18:00 - 2015-02-06 03:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-28 14:25 - 2015-01-15 16:29 - 00000000 ____D C:\Users\tony\AppData\Local\CrashDumps
2015-09-28 13:11 - 2015-02-05 00:36 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-28 12:49 - 2015-07-05 13:30 - 00000000 ____D C:\Users\tony\Desktop\mbar
2015-09-28 12:49 - 2015-06-27 14:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-28 12:25 - 2015-08-17 11:15 - 00017416 _____ C:\WINDOWS\setupact.log
2015-09-28 12:25 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-28 12:24 - 2015-01-16 04:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-28 12:24 - 2014-03-18 05:54 - 00053954 _____ C:\WINDOWS\PFRO.log
2015-09-28 01:00 - 2015-02-01 22:03 - 00000000 ____D C:\Users\tony\AppData\Roaming\mIRC
2015-09-28 00:52 - 2015-02-01 22:20 - 00000000 ____D C:\Users\tony\AppData\Roaming\vlc
2015-09-27 20:36 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-27 14:13 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-27 13:44 - 2015-01-15 16:19 - 00000000 ____D C:\Users\tony
2015-09-26 21:11 - 2015-02-05 19:48 - 00000000 ____D C:\Users\tony\AppData\Roaming\uTorrent
2015-09-26 09:18 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-20 17:59 - 2015-01-16 07:33 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-09-20 17:59 - 2015-01-16 07:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-20 17:05 - 2015-03-03 16:14 - 00000000 ____D C:\Users\tony\Desktop\dump2
2015-09-20 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-09-19 04:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-17 22:35 - 2013-08-22 10:44 - 00439296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-17 22:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-17 22:05 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-17 22:02 - 2015-01-19 15:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 21:18 - 2015-01-16 07:35 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-01-16 07:35 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-02-02 23:49 - 2013-05-10 11:57 - 1661440 _____ (Slackerhome Productions) C:\Program Files\Better DS3.exe
2015-02-06 04:19 - 2015-03-30 20:36 - 0000600 _____ () C:\Users\tony\AppData\Local\PUTTY.RND
2015-05-03 20:16 - 2015-09-28 21:40 - 0007668 _____ () C:\Users\tony\AppData\Local\Resmon.ResmonCfg
2014-09-23 06:01 - 2014-09-23 06:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-23 02:34

==================== End of FRST.txt ============================

 

 

and the "addition" text file

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by tony (2015-09-29 21:17:37)
Running from C:\Users\tony\Downloads
Windows 8.1 Pro (X64) (2015-01-15 20:21:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

basic (S-1-5-21-500228877-2413465653-1359094120-1003 - Limited - Enabled) => C:\Users\basic
GuestFag (S-1-5-21-500228877-2413465653-1359094120-501 - Limited - Disabled)
t00r (S-1-5-21-500228877-2413465653-1359094120-500 - Administrator - Disabled) => C:\Users\Administrator
tony (S-1-5-21-500228877-2413465653-1359094120-1001 - Administrator - Enabled) => C:\Users\tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{209A9505-AEA6-4D2E-ACFB-F9905CE89AE0}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Alien Isolation Digital Deluxe Edition (HKLM-x32\...\Alien Isolation Digital Deluxe Edition_is1) (Version: Alien Isolation Digital Deluxe Edition - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitvise SSH Client 6.22 (remove only) (HKLM-x32\...\BvSshClient) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DARK SOULS - Prepare To Die Edition (HKLM-x32\...\DARK SOULS - Prepare To Die Edition_is1) (Version:  - )
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version:  - FromSoftware, Inc)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
FileZilla Client 3.10.2 (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.246 - SurfRight B.V.)
Host App Service (HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Pokki) (Version: 0.269.7.660 - Pokki)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Hotline Miami 2 - Wrong Number (HKLM-x32\...\1424773427_is1) (Version: 2.0.0.1 - GOG.com)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio Kontrol 1 Driver (HKLM-x32\...\Native Instruments Audio Kontrol 1 Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.2.189 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.1.854 - Native Instruments)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - UpdatePack.nl)
NFOlux (HKLM-x32\...\NFOlux) (Version:  - )
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{36DF4580-D1B3-11E3-A23E-F04DA23A5C58}) (Version: 2.0.628 - Sony)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.39500 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Pokki Start Menu (HKU\S-1-5-21-500228877-2413465653-1359094120-1003\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version:  - Capcom)
Resident Evil HD Remaster (HKLM-x32\...\Resident Evil HD Remaster_is1) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Security Task Manager 2.1d (HKLM-x32\...\Security Task Manager) (Version: 2.1d - Neuber Software)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Sound Forge Pro 10.0 (HKLM-x32\...\{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}) (Version: 10.0.425 - Sony)
Sound Forge Pro 11.0 (HKLM-x32\...\{FE1A7F80-1348-11E4-8C79-F04DA23A5C58}) (Version: 11.0.293 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-07-05 13:02 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2FE17D40-7267-461E-8662-BFCA94422C08} - System32\Tasks\FUB => C:\Program Files (x86)\Acer\Care Center\FUB.bat
Task: {31B24812-8391-4DDA-9D3B-C78772A09C6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49C43DEB-63B2-4388-8C58-07141C0B3019} - System32\Tasks\{F2EB9544-56F6-409E-AF0C-21DA0A44DD19} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_194_Plugin.exe -c -maintain plugin
Task: {647A9420-C911-424E-B2ED-1C2EEDE2F304} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {668775C1-906D-46F5-BD7F-9FF59CCD762F} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {6C3AFC19-B7B4-4281-AE4B-DB6EA1129C46} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {8176A42E-5A67-43F0-BDAF-6B79C4D24A5B} - System32\Tasks\{63370813-BF7E-4EE6-B933-FB5CD72B4057} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe -c -maintain plugin
Task: {9F8C2B2B-49CA-4D04-AEE3-6C3712AEEEED} - System32\Tasks\{6E44C2FE-AD8C-4B93-8C15-B8E2917BB3A6} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_Plugin.exe -c -maintain plugin
Task: {DBBF0DB9-D025-4793-847B-9E90829B40EA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F54AA33B-D4BB-44F8-9BFA-A109776E333E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F6657A90-4BE6-4D61-9257-37B03074FBE5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-06-27 15:11 - 2015-06-17 02:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-07 19:13 - 2014-04-07 19:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-21 16:05 - 2015-06-24 07:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-02-26 05:27 - 2013-02-26 05:27 - 00129536 _____ () C:\Program Files (x86)\Winamp\System\ClassicPro.w5s
2013-12-12 22:47 - 2013-12-12 22:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04830709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39150699.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45820861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93039284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04830709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39150699.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45820861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93039284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tony\Desktop\dump2\dump\LRFFXIII-Lightning2.jpeg
HKU\S-1-5-21-500228877-2413465653-1359094120-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
HKU\S-1-5-21-500228877-2413465653-1359094120-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "StarWind Management Console"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B188B65E-B72E-4555-840C-34429D355F2F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{485CC7C5-4C24-48D7-A376-0AD43AFD9423}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8B246F0C-3479-4B0C-AB95-22B12CBA6312}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{76FC9FA1-FCBD-4586-B957-0A3E68FA03CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EB61C588-C02A-45CA-8F73-BF8E26A8F210}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{7CD628F8-3AC7-43C8-A621-6A74BB60A7F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7CE6B7B3-8A32-4477-BC0C-11943B6CB277}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{50C416A7-DB2A-4833-AA0B-9F9BE9DAE2C7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F019A841-059F-4807-8A5C-95E253434A3B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6C5B8ACD-911E-498F-8471-0058E54A3308}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{71314109-4FDB-4FA2-80A9-E18A8D686F9B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E8E96025-2273-450F-86E5-380DB4AA58B0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6A540E34-192A-4721-97BF-59AB833A171A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5FF4FE2A-0FDC-4B8F-9BD2-E78E327305AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{15E63219-612F-49BA-9415-2A3C22F3CCD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4400EDC5-3D90-49AF-ACE9-80FC0F6F0F48}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C31A8BEA-9977-4D56-90E8-20760DC685EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{062748AC-93C1-4F23-9D45-D6B077652F53}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{468B1148-1A09-4BD7-BD75-0B062C9C3374}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1F00750C-4D1A-4D68-A30A-65842A65E44F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{84CE9F3A-0805-414A-92E7-BAC83B2C1CC7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2C1788BC-9FAF-4653-8DE5-12DD027EF060}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{48C23609-C33C-49F9-BF67-D8B0DA403A78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2CCF0507-EBB9-48C2-B30A-D828ADE70726}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{57956D4F-6891-4099-8659-29E88900F1AD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{418BC857-E453-41B3-9A9A-1A4190B1AE9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D85F3855-E017-4B1B-B090-BBFA86551D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9ACD10C-4CEB-47C1-8665-DE41F0EF0131}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{973F08BE-2474-497C-9647-3D5174A18050}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{655AEE04-64FC-4A43-AEFD-AB4485F6B740}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{7D8F1EA1-FABC-438E-BCDD-EFB674D19860}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{CAE41F79-3D0A-4A75-B3BF-B21B53258166}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{209C1FC3-B134-43B7-A76B-77840CB50EB3}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{E67F6B1A-438E-49EA-84FF-D041F74860B6}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0B9C2780-8119-4BDB-9DE2-822B5C9AE9C8}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{579231C1-935F-41CD-97F0-5505E5A644AE}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0B80D334-A447-4924-9FBF-316C6FEAC3B5}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0E2986D0-EBFB-4B92-B9B3-BC8E3E401A03}] => (Allow) %ProgramFiles% (x86)\Kepard\Kepard.exe
FirewallRules: [{91FB8865-3B74-46FC-A5E8-09FB289BB0DD}] => (Allow) %ProgramFiles% (x86)\Kepard\Kepard.exe
FirewallRules: [{36F7C12E-F4D4-4CF7-AC01-2DC9C10B3A96}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60438FD9-1A12-438E-8219-56B5DB2C18DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8270A68-9481-4801-9F2A-6E850E08E94C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9272D235-5C0E-40EC-9954-22A43D22DC43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBA1318B-433F-45A8-9CEA-EA39AC3CEBFA}] => (Allow) %ProgramFiles% (x86)\mIRC\mirc.exe
FirewallRules: [{EF679000-E357-4C2B-B321-9AADCA325171}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FDD7F4ED-29BD-4A16-AE88-76C15D359D4F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{10A052FE-D545-4866-BDFE-65393CD177C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{73FE59F8-3F98-4845-AA24-1C2B7F9B8A87}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3A1C5DF0-BCD8-4434-BAB7-3887CFAD404F}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BD982D62-9F50-413C-B4EF-8DC4F8A6A372}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E787CA64-E840-44B3-8D4A-30D859A415C8}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{699A4D0E-428C-4ADD-9759-8198EB155033}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{3F1B8CF4-126F-4EC3-95C8-7CEE5B6D5ED5}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9C2B7E74-4B8A-462C-9DB5-E52CC910B4D2}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{DC213C34-56B8-4BE0-8338-2D1A5C9A25AD}C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{6D3ED639-37BF-4A2F-950D-6BD509A00699}C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [{0256C79A-D0FD-49CF-BCD7-BD82A66FF16A}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{729D007F-6036-441C-9670-B1C0AC85B802}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{2BA1A131-3514-4D06-878C-A71AAD0C5E00}] => (Allow) C:\Program Files\StarWind Software\StarWind\OpenPegasus\bin\cimserver.exe
FirewallRules: [{EBA751C0-44DD-40FE-946E-EFA2AAC4D3AC}] => (Allow) C:\Program Files\StarWind Software\StarWind\OpenPegasus\bin\cimserver.exe
FirewallRules: [TCP Query User{A6E69A68-6ADF-44F1-A1C4-813FC74D5973}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CF2F7E90-C5BA-4973-9B0F-9DF841857EC2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4F4E75AA-9A8A-4D81-90DA-B6A142CE9650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{85971A93-7030-4B52-990D-4964049DFBA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [TCP Query User{FD8964F3-87D0-4B6F-8706-BD7C26870380}C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe] => (Allow) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [UDP Query User{6E6FDA34-EE71-4381-ABA8-5E707ED6BEF2}C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe] => (Allow) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{69372F78-1902-4515-8A22-41D1902E7E7E}] => (Block) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{75E00305-4C7E-425B-B771-AF4C76F517F9}] => (Block) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{651A19BB-93C7-4E4E-B9CE-BC245A95CE2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8ADDE872-63AB-415A-BF13-1E5C92A7DA34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{C1A7E3B1-B8C8-4B4C-AEEF-88B9396D7FF0}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0880F2DB-3933-4DEE-B652-8994C543847C}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{FEC5614C-216E-4750-AB64-71059ADFD07B}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{95B0FB50-AE5E-434F-8C19-18497177D1B8}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{AA667116-44BE-45BA-B1FB-4935866E0BE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [{C8507694-C710-449A-9357-DF812A119239}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [TCP Query User{08B55094-D962-4E51-9C57-44D671DC9CB2}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{3F0E93A0-4864-446E-8FEC-584D0759FB63}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{6AEB0EF1-36BE-4FD7-8E79-5025A55EC5DE}] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{0145E563-365B-42DA-A65E-F99E6F549C5A}] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{14F87017-D04F-43A7-B84A-8F27B790FEC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{8FADF7D0-20F8-490F-A708-594EF2FE6ED2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{C0C199F5-B5FF-4028-9C62-66604D656789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AB76A023-C6BC-4443-9675-449322DEC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE118CC1-371D-47F4-9ACD-BEFA15C24D25}] => (Allow) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9F9E8AA-EE74-40D8-8146-AD771315A3D6}] => (Allow) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0A2767C-6102-417D-BBA4-AB917322B4AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6C97930-AA77-46A4-A37B-5E7B981953E4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD0EBA53-7A43-4679-91C4-6C5BEB93ED3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{76DCD92B-C738-4816-B103-9C1992CF683A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6D10FC8F-FAF9-4D0E-91EE-B3C727B75ECB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D756A500-06A5-41E4-A969-817C906D3B61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7CE746FD-8DF3-409C-B2A2-85D1F2E7CF55}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{25C2597F-3138-459B-BFCA-DDE931CCE96B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{708D95C2-4468-41BC-B868-DA559109A5A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{4F2DE8DA-C82C-435B-8ADC-8E7E62CABECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{303C31BF-2487-46B5-982F-C9361D875D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{DEE798ED-6ACB-4FF8-9BBD-B54B1E7B8697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27B8A254-33DD-4D52-AC62-0E79DD9141A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros Bluetooth Bus
Description: Qualcomm Atheros Bluetooth Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_BUS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2015 09:15:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 4.8.207.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bb0

Start Time: 01d0fb1d59de9ad1

Termination Time: 4294967295

Application Path: C:\Program Files\Windows Defender\MSASCui.exe

Report Id: bad4552a-6710-11e5-82e6-206a8a9c1774

Faulting package full name:

Faulting package-relative application ID:

Error: (09/29/2015 05:19:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:15:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:13:40 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:13:40 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:13:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:11:38 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/28/2015 03:22:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/28/2015 03:22:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {112ae93d-c951-488a-87cb-a59345c32b50}

Error: (09/28/2015 02:25:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 5nrcm7pi.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 5nrcm7pi.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x0008d93e
Faulting process id: 0x1068
Faulting application start time: 0x5nrcm7pi.exe0
Faulting application path: 5nrcm7pi.exe1
Faulting module path: 5nrcm7pi.exe2
Report Id: 5nrcm7pi.exe3
Faulting package full name: 5nrcm7pi.exe4
Faulting package-relative application ID: 5nrcm7pi.exe5


System errors:
=============
Error: (09/29/2015 09:14:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/29/2015 09:11:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


CodeIntegrity:
===================================
  Date: 2015-09-29 02:05:56.864
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-28 05:53:51.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-27 04:30:11.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-22 04:08:56.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-18 05:40:53.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 00:10:20.690
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-26 17:17:03.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-18 03:20:21.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-08 02:49:32.578
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-04 02:24:01.739
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 16307.27 MB
Available physical RAM: 12363 MB
Total Virtual: 18739.27 MB
Available Virtual: 14976.42 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.15 GB) (Free:49.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2C7C75A4)

Partition: GPT.

==================== End of Addition.txt ============================
 



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:34 PM

Posted 30 September 2015 - 12:33 PM

Hey, :)

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
  •  

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • JRT.txt
  • AdwCleaner[C1].txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 01 October 2015 - 04:24 PM

The MBAM scans didn't turn up anything. I will post the results from JTR and AdwareCleaner shortly.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/1/2015
Scan Time: 3:38 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.01.02
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: tony

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 479902
Time Elapsed: 7 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#6 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 01 October 2015 - 04:53 PM

Heres the JTR log. From what i can tell this didn't turn up anything aswell.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 Pro x64
Ran by tony on Thu 10/01/2015 at 17:41:52.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\tony\AppData\Roaming\mozilla\firefox\profiles\f3qpi7ge.default\searchplugins\startpage-hxxps.xml
Emptied folder: C:\Users\tony\AppData\Roaming\mozilla\firefox\profiles\f3qpi7ge.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/01/2015 at 17:50:29.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 01 October 2015 - 05:30 PM

Lastly, the Adwareclearner log.

# AdwCleaner v5.009 - Logfile created 01/10/2015 at 18:20:47
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : tony - ACERX64
# Running from : C:\Users\tony\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\SecTaskMan
[-] Folder Deleted : C:\Users\basic\AppData\Local\pokki

***** [ Files ] *****

[-] File Deleted : C:\Users\basic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
[-] File Deleted : C:\Users\basic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1228 bytes] ##########
 



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:34 PM

Posted 03 October 2015 - 04:54 AM

Please do a FRST scan again and post the logs. :)


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 03 October 2015 - 01:19 PM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by tony (administrator) on ACERX64 (03-10-2015 14:17:16)
Running from C:\Users\tony\Downloads
Loaded Profiles: tony (Available Profiles: tony & basic & t00r)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\Forge100.exe
(Sony Creative Software Inc.) C:\Program Files (x86)\Sony\Sound Forge Pro 10.0\ErrorReportLauncher.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_6.3.9654.20335_x64__8wekyb3d8bbwe\time.exe
(Microsoft Corporation) C:\WINDOWS\System32\calc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Run: [uTorrent] => C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe [1998432 2015-06-20] (BitTorrent Inc.)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [QuickLaunchEnabled] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [ForceStartMenuLogOff] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{02D9D7E3-542F-412A-BFFB-406112EFCDE3}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{3E2F24F5-7D53-481B-9194-E9D6CEB8A1F0}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{91D18385-05AB-400A-848D-B0CA2B9BA9CC}: [DhcpNameServer] 64.71.255.204 64.71.255.198

Internet Explorer:
==================
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> DefaultScope {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {4EF32268-337B-4959-90E8-7D1CADB8BDE7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {A2B8EA94-4097-4C18-8222-2DEA254E7205} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default
FF DefaultSearchEngine: Startpage HTTPS
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "ssl_port", 6698
FF NetworkProxy: "type", 1
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Extension: FT DeepDark - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-08-26]
FF Extension: Bookmark on Delicious - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\delicious@techraga.com.xpi [2015-05-14]
FF Extension: Ghostery - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\firefox@ghostery.com.xpi [2015-01-23]
FF Extension: HTTP Nowhere - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\http-nowhere@cwilper.github.com.xpi [2015-01-23]
FF Extension: Self-Destructing Cookies - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-01-23]
FF Extension: FlashDisable - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2015-05-20]
FF Extension: NoSquint - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\nosquint@urandom.ca.xpi [2015-06-15]
FF Extension: Video WithOut Flash - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\vwof@drev.com.xpi [2015-05-17]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-15]
FF Extension: FlashGot - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-02-16]
FF Extension: Stylish - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-06-14]
FF Extension: Search by Image for Google - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-01-23]
FF Extension: Greasemonkey - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-08]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [100712 2012-12-18] (Native Instruments GmbH)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-06-27] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-10] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-05] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MFE_RR; \??\C:\Users\tony\AppData\Local\Temp\mfe_rr.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 14:16 - 2015-10-03 14:16 - 00000000 ____D C:\Users\tony\Downloads\FRST-OlderVersion
2015-10-01 19:48 - 2015-10-01 19:51 - 00096760 _____ C:\Users\tony\Desktop\Firestarter2.mp3.sfk
2015-10-01 19:47 - 2015-10-01 19:48 - 00272960 _____ C:\Users\tony\Desktop\Firestarter_.mp3.sfk
2015-10-01 17:58 - 2015-10-01 17:58 - 00576511 _____ C:\Users\tony\Downloads\Live with demons(1).m4a
2015-10-01 17:53 - 2015-10-01 18:20 - 00000000 ____D C:\AdwCleaner
2015-10-01 17:53 - 2015-10-01 17:53 - 01670656 _____ C:\Users\tony\Downloads\AdwCleaner.exe
2015-10-01 17:50 - 2015-10-01 17:50 - 00001164 _____ C:\Users\tony\Desktop\JRT.txt
2015-10-01 17:25 - 2015-10-01 17:25 - 01801288 _____ (Malwarebytes) C:\Users\tony\Downloads\JRT.exe
2015-10-01 16:46 - 2015-10-01 16:46 - 00576511 _____ C:\Users\tony\Downloads\Live with demons.m4a
2015-09-28 18:00 - 2015-09-28 18:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-09-28 15:02 - 2015-09-28 15:03 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-28 14:42 - 2015-09-28 14:43 - 11350472 _____ (SurfRight B.V.) C:\Users\tony\Downloads\HitmanPro_x64.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 02816040 _____ C:\Users\tony\Downloads\SecurityTaskManager_Setup.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 00584752 _____ (Neuber GmbH) C:\Users\tony\Downloads\RemoteProcesses.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00001111 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2015-09-28 14:14 - 2015-09-28 14:14 - 00000000 _____ C:\Users\tony\Desktop\sfc slash scannow.txt
2015-09-28 14:06 - 2011-07-25 12:40 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\tony\Downloads\Tcpview.exe
2015-09-28 14:05 - 2015-09-28 14:05 - 00365056 _____ (BiniSoft.org) C:\Users\tony\Downloads\wfc4setup.exe
2015-09-28 12:34 - 2015-09-28 12:35 - 05636489 _____ (Swearware) C:\Users\tony\Downloads\ComboFix(1).exe
2015-09-28 12:30 - 2015-09-28 12:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tony\Downloads\mbar-1.09.3.1001.exe
2015-09-28 11:59 - 2015-09-28 11:59 - 00380416 _____ C:\Users\tony\Downloads\5nrcm7pi.exe
2015-09-28 00:46 - 2015-09-28 00:46 - 30172511 _____ C:\Users\tony\Downloads\xvideos.com_675b6b9e385700fb86d6ae1a9519b2e7.mp4
2015-09-28 00:46 - 2015-09-28 00:46 - 26345799 _____ C:\Users\tony\Downloads\xvideos.com_7dec755860c816681016bd2ba9a754d5.mp4
2015-09-28 00:46 - 2015-09-28 00:46 - 25934861 _____ C:\Users\tony\Downloads\xvideos.com_df35ecfd5007b6a160f6db2d0a49f18c.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 50086890 _____ C:\Users\tony\Downloads\xvideos.com_0152216c39df4227328202267ce7c011.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 26309532 _____ C:\Users\tony\Downloads\xvideos.com_f6c719a07eedd24ab340c152e8d2bc85.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 01961002 _____ C:\Users\tony\Downloads\xvideos.com_53539d65d4fd12719f48a2f3f77b18e8.mp4
2015-09-28 00:44 - 2015-09-28 00:45 - 30976922 _____ C:\Users\tony\Downloads\xvideos.com_bfe3266ae3831898c69e914ef6784479.mp4
2015-09-28 00:44 - 2015-09-28 00:44 - 16735837 _____ C:\Users\tony\Downloads\xvideos.com_82f2eccce6f56a182aaba3ed1c951e9e.mp4
2015-09-28 00:21 - 2015-09-28 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-27 20:33 - 2013-05-10 11:57 - 01661440 _____ (Slackerhome Productions) C:\Users\tony\Desktop\Better DS3.exe
2015-09-27 20:24 - 2015-09-27 20:24 - 00000000 ____D C:\Users\tony\Desktop\ScpServer
2015-09-27 20:24 - 2013-11-02 17:02 - 11438724 _____ C:\Users\tony\Desktop\ScpServer.zip
2015-09-27 20:24 - 2013-11-02 12:28 - 05073240 _____ (Microsoft Corporation) C:\Users\tony\Desktop\vcredist_x86.exe
2015-09-27 20:24 - 2013-11-02 12:28 - 00292184 _____ (Microsoft Corporation) C:\Users\tony\Desktop\dxwebsetup.exe
2015-09-27 20:24 - 2013-11-02 12:27 - 00889416 _____ (Microsoft Corporation) C:\Users\tony\Desktop\dotNetFx40_Full_setup.exe
2015-09-27 15:16 - 2015-09-27 15:22 - 74837388 _____ C:\Users\tony\Downloads\SCP DS3 Driver Package(1).zip
2015-09-27 15:10 - 2015-09-27 20:27 - 00000000 ____D C:\Program Files\Scarlett.Crush Productions
2015-09-27 15:01 - 2015-09-27 15:01 - 00000943 _____ C:\Users\Public\Desktop\DS3 Tool.lnk
2015-09-27 14:54 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Users\tony\Desktop\MijXfilt.sys
2015-09-27 14:54 - 2012-05-12 00:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\tony\Desktop\MotioninJoy_071001_signed.exe
2015-09-27 14:54 - 2011-12-07 20:42 - 01721576 _____ (Microsoft Corporation) C:\Users\tony\Desktop\WdfCoInstaller01009.dll
2015-09-27 14:54 - 2011-12-07 20:42 - 00074960 _____ (Microsoft Corporation) C:\Users\tony\Desktop\xusb21.sys
2015-09-27 14:49 - 2015-09-27 14:49 - 00759932 _____ C:\Users\tony\Downloads\BetterDS3_1.5.3(1).zip
2015-09-27 13:51 - 2015-09-27 13:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-27 13:43 - 2015-09-27 13:43 - 00011834 _____ C:\Users\tony\Desktop\MBRCheck_09.27.15_13.43.46.txt
2015-09-26 19:32 - 2015-09-26 19:45 - 00000000 ____D C:\Users\tony\Desktop\Ich Seh, Ich Seh (Severin Fiala, Veronika Franz, 2014)
2015-09-26 18:47 - 2015-09-27 11:16 - 00173560 _____ C:\Users\tony\Desktop\Higrade Dayz.mp3.sfk
2015-09-26 18:47 - 2015-09-26 18:47 - 00173544 _____ C:\Users\tony\Desktop\Higrade Dayz.sfk
2015-09-26 18:30 - 2015-09-26 18:30 - 133228844 ____T C:\Users\tony\Desktop\Higrade Dayz.wav
2015-09-26 18:30 - 2015-09-26 18:30 - 00846705 ____T C:\Users\tony\Desktop\Higrade Dayz.wav.asd
2015-09-26 18:13 - 2015-09-26 18:14 - 00173136 _____ C:\Users\tony\Desktop\Highgrade Days.mp3.sfk
2015-09-26 18:12 - 2015-09-26 18:13 - 00173120 _____ C:\Users\tony\Desktop\Highgrade Days.sfk
2015-09-26 16:29 - 2015-09-26 16:29 - 132903368 ____T C:\Users\tony\Desktop\Highgrade Days.wav
2015-09-26 16:29 - 2015-09-26 16:29 - 00845733 ____T C:\Users\tony\Desktop\Highgrade Days.wav.asd
2015-09-26 15:40 - 2015-09-26 15:40 - 00406595 _____ C:\Users\tony\Downloads\New Recording 8.m4a
2015-09-25 21:50 - 2015-09-25 21:50 - 00081451 _____ C:\Users\tony\Desktop\66523_4521074183273_884297202_n.jpeg
2015-09-23 19:17 - 2015-09-23 19:17 - 00427147 _____ C:\Users\tony\Downloads\New Recording 3.m4a
2015-09-23 17:25 - 2015-09-23 17:25 - 00431272 _____ C:\Users\tony\Downloads\New Recording 2.m4a
2015-09-22 22:59 - 2015-09-23 00:04 - 00150168 _____ C:\Users\tony\Desktop\Firestarter.mp3.sfk
2015-09-22 22:57 - 2015-09-22 22:59 - 00150832 _____ C:\Users\tony\Desktop\Firestarter.sfk
2015-09-22 22:56 - 2015-09-22 22:56 - 115789346 ____T C:\Users\tony\Desktop\Firestarter.wav
2015-09-22 22:56 - 2015-09-22 22:56 - 00735035 ____T C:\Users\tony\Desktop\Firestarter.wav.asd
2015-09-20 22:55 - 2015-09-20 22:55 - 00186928 _____ C:\Users\tony\Desktop\Resistance Is Existence2.mp3.sfk
2015-09-20 22:54 - 2015-09-20 22:55 - 00186904 _____ C:\Users\tony\Desktop\Resistance Is Existence2.sfk
2015-09-20 22:53 - 2015-09-20 22:54 - 00921269 ____T C:\Users\tony\Desktop\Resistance Is Existence2.wav.asd
2015-09-20 22:53 - 2015-09-20 22:53 - 143492276 ____T C:\Users\tony\Desktop\Resistance Is Existence2.wav
2015-09-20 22:48 - 2015-09-20 22:54 - 00186928 _____ C:\Users\tony\Desktop\Resistance Is Existence.mp3.sfk
2015-09-20 22:48 - 2015-09-20 22:48 - 00186904 _____ C:\Users\tony\Desktop\Resistance Is Existence.sfk
2015-09-20 22:44 - 2015-09-20 22:45 - 00919931 ____T C:\Users\tony\Desktop\Resistance Is Existence.wav.asd
2015-09-20 22:44 - 2015-09-20 22:44 - 143492276 ____T C:\Users\tony\Desktop\Resistance Is Existence.wav
2015-09-20 17:58 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-20 17:58 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-20 17:58 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-20 17:58 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-20 17:58 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-09-20 17:58 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-20 17:58 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-20 17:58 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-20 17:58 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-20 17:58 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-20 17:58 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-20 17:58 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-09-20 17:58 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-09-20 17:58 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-20 17:58 - 2015-07-10 15:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-20 17:58 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-20 17:58 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-20 17:58 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-20 17:58 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-20 17:58 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-20 17:58 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-20 17:58 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-20 17:58 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-20 17:58 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-20 13:26 - 2015-09-20 13:26 - 00000000 ____D C:\Users\tony\AppData\Roaming\MotioninJoy
2015-09-20 13:24 - 2015-09-27 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-09-20 13:24 - 2015-09-27 15:01 - 00000000 ____D C:\Program Files\MotioninJoy
2015-09-20 13:24 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\WINDOWS\system32\MijFrc.dll
2015-09-20 13:23 - 2013-05-19 03:02 - 00039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2015-09-20 13:23 - 2013-01-07 10:56 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-09-20 03:58 - 2015-09-20 03:58 - 00000069 _____ C:\Users\tony\Desktop\icalcs.txt
2015-09-17 21:57 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-17 21:57 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-17 21:57 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-17 21:57 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-17 21:57 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-17 21:57 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-17 21:57 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-17 21:57 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-17 21:57 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-17 21:57 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-17 21:57 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-17 21:57 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-17 21:57 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-17 21:57 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-17 21:57 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-17 21:57 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-17 21:57 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-17 21:57 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-17 21:57 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-17 21:57 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-17 21:57 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-17 21:57 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-17 21:57 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-17 21:57 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-17 21:57 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-17 21:57 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-17 21:57 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-17 21:57 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-17 21:57 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-17 21:57 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-17 21:57 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-17 21:57 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-17 21:57 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-17 21:57 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-17 21:57 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-17 21:57 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-17 21:57 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-17 21:57 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-17 21:57 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-17 21:57 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-17 21:57 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-17 21:57 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-17 21:57 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-17 21:57 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-17 21:57 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-17 21:57 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-17 21:57 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-17 21:57 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-17 21:57 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-17 21:57 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-17 21:57 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-17 21:57 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-17 21:57 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-17 21:57 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-17 21:57 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-17 21:57 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-14 15:51 - 2015-09-14 21:58 - 00000000 ___RD C:\Users\tony\Desktop\Going Places Project
2015-09-07 05:58 - 2015-09-07 05:58 - 226666903 _____ C:\Users\tony\Downloads\tecmos_deception_-_invitation_to_darkness.zip
2015-09-07 05:57 - 2015-09-07 05:57 - 414756701 _____ C:\Users\tony\Downloads\granstream_saga,_the.zip
2015-09-04 14:58 - 2015-09-04 14:58 - 00000000 ____D C:\Users\tony\AppData\Roaming\Nero
2015-09-04 14:57 - 2015-09-04 14:57 - 00000000 ____D C:\ProgramData\Nero
2015-09-04 14:57 - 2015-09-04 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-09-04 14:57 - 2015-09-04 14:57 - 00000000 ____D C:\Program Files (x86)\Nero
2015-09-04 14:57 - 2006-03-17 15:49 - 00368640 _____ (Pegasus Imaging Corporation) C:\WINDOWS\SysWOW64\TwnLib4.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 01757184 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagX7.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 00802816 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagXRA7.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 00497296 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagXpr7.dll
2015-09-04 14:57 - 2006-03-17 12:45 - 00258048 _____ (Pegasus Imaging Corp.) C:\WINDOWS\SysWOW64\imagXR7.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-03 14:17 - 2015-06-14 19:58 - 00017242 _____ C:\Users\tony\Downloads\FRST.txt
2015-10-03 14:17 - 2015-06-14 19:58 - 00000000 ____D C:\FRST
2015-10-03 14:16 - 2015-06-14 19:54 - 02193408 _____ (Farbar) C:\Users\tony\Downloads\FRST64.exe
2015-10-03 14:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-03 13:14 - 2015-02-05 00:36 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-03 00:44 - 2014-09-23 06:43 - 01074468 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-01 19:44 - 2015-03-03 16:14 - 00000000 ____D C:\Users\tony\Desktop\dump2
2015-10-01 18:30 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-01 18:26 - 2014-09-23 06:04 - 00006461 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-10-01 18:24 - 2015-08-17 11:15 - 00017648 _____ C:\WINDOWS\setupact.log
2015-10-01 18:24 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-01 18:23 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-01 17:29 - 2015-01-15 16:19 - 00000000 ____D C:\Users\tony
2015-09-30 00:26 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-29 21:17 - 2015-06-14 19:59 - 00045777 _____ C:\Users\tony\Downloads\Addition.txt
2015-09-28 21:40 - 2015-05-03 20:16 - 00007668 _____ C:\Users\tony\AppData\Local\Resmon.ResmonCfg
2015-09-28 21:12 - 2015-01-15 16:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-28 20:20 - 2015-01-15 16:31 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-500228877-2413465653-1359094120-1001
2015-09-28 18:00 - 2015-02-06 03:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-28 14:25 - 2015-01-15 16:29 - 00000000 ____D C:\Users\tony\AppData\Local\CrashDumps
2015-09-28 12:49 - 2015-07-05 13:30 - 00000000 ____D C:\Users\tony\Desktop\mbar
2015-09-28 12:49 - 2015-06-27 14:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-28 12:24 - 2015-01-16 04:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-28 12:24 - 2014-03-18 05:54 - 00053954 _____ C:\WINDOWS\PFRO.log
2015-09-28 01:00 - 2015-02-01 22:03 - 00000000 ____D C:\Users\tony\AppData\Roaming\mIRC
2015-09-28 00:52 - 2015-02-01 22:20 - 00000000 ____D C:\Users\tony\AppData\Roaming\vlc
2015-09-26 21:11 - 2015-02-05 19:48 - 00000000 ____D C:\Users\tony\AppData\Roaming\uTorrent
2015-09-26 09:18 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-20 17:59 - 2015-01-16 07:33 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-09-20 17:59 - 2015-01-16 07:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-20 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-09-19 04:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-17 22:35 - 2013-08-22 10:44 - 00439296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-17 22:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-17 22:05 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-17 22:02 - 2015-01-19 15:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 21:18 - 2015-01-16 07:35 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-01-16 07:35 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-02-02 23:49 - 2013-05-10 11:57 - 1661440 _____ (Slackerhome Productions) C:\Program Files\Better DS3.exe
2015-02-06 04:19 - 2015-03-30 20:36 - 0000600 _____ () C:\Users\tony\AppData\Local\PUTTY.RND
2015-05-03 20:16 - 2015-09-28 21:40 - 0007668 _____ () C:\Users\tony\AppData\Local\Resmon.ResmonCfg
2014-09-23 06:01 - 2014-09-23 06:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\tony\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-03 04:08

==================== End of FRST.txt ============================

 

 

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by tony (2015-10-03 14:17:48)
Running from C:\Users\tony\Downloads
Windows 8.1 Pro (X64) (2015-01-15 20:21:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

basic (S-1-5-21-500228877-2413465653-1359094120-1003 - Limited - Enabled) => C:\Users\basic
GuestFag (S-1-5-21-500228877-2413465653-1359094120-501 - Limited - Disabled)
t00r (S-1-5-21-500228877-2413465653-1359094120-500 - Administrator - Disabled) => C:\Users\Administrator
tony (S-1-5-21-500228877-2413465653-1359094120-1001 - Administrator - Enabled) => C:\Users\tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{209A9505-AEA6-4D2E-ACFB-F9905CE89AE0}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Alien Isolation Digital Deluxe Edition (HKLM-x32\...\Alien Isolation Digital Deluxe Edition_is1) (Version: Alien Isolation Digital Deluxe Edition - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitvise SSH Client 6.22 (remove only) (HKLM-x32\...\BvSshClient) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DARK SOULS - Prepare To Die Edition (HKLM-x32\...\DARK SOULS - Prepare To Die Edition_is1) (Version:  - )
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version:  - FromSoftware, Inc)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
FileZilla Client 3.10.2 (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.246 - SurfRight B.V.)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Hotline Miami 2 - Wrong Number (HKLM-x32\...\1424773427_is1) (Version: 2.0.0.1 - GOG.com)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio Kontrol 1 Driver (HKLM-x32\...\Native Instruments Audio Kontrol 1 Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.2.189 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.1.854 - Native Instruments)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - UpdatePack.nl)
NFOlux (HKLM-x32\...\NFOlux) (Version:  - )
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{36DF4580-D1B3-11E3-A23E-F04DA23A5C58}) (Version: 2.0.628 - Sony)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.39500 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version:  - Capcom)
Resident Evil HD Remaster (HKLM-x32\...\Resident Evil HD Remaster_is1) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Security Task Manager 2.1d (HKLM-x32\...\Security Task Manager) (Version: 2.1d - Neuber Software)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Sound Forge Pro 10.0 (HKLM-x32\...\{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}) (Version: 10.0.425 - Sony)
Sound Forge Pro 11.0 (HKLM-x32\...\{FE1A7F80-1348-11E4-8C79-F04DA23A5C58}) (Version: 11.0.293 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points =========================

17-09-2015 21:58:04 Windows Update
25-09-2015 00:26:05 Scheduled Checkpoint
28-09-2015 15:22:29 Checkpoint by HitmanPro
01-10-2015 17:26:01 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-07-05 13:02 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2FE17D40-7267-461E-8662-BFCA94422C08} - System32\Tasks\FUB => C:\Program Files (x86)\Acer\Care Center\FUB.bat
Task: {31B24812-8391-4DDA-9D3B-C78772A09C6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49C43DEB-63B2-4388-8C58-07141C0B3019} - System32\Tasks\{F2EB9544-56F6-409E-AF0C-21DA0A44DD19} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_194_Plugin.exe -c -maintain plugin
Task: {647A9420-C911-424E-B2ED-1C2EEDE2F304} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {668775C1-906D-46F5-BD7F-9FF59CCD762F} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {8176A42E-5A67-43F0-BDAF-6B79C4D24A5B} - System32\Tasks\{63370813-BF7E-4EE6-B933-FB5CD72B4057} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe -c -maintain plugin
Task: {9F8C2B2B-49CA-4D04-AEE3-6C3712AEEEED} - System32\Tasks\{6E44C2FE-AD8C-4B93-8C15-B8E2917BB3A6} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_Plugin.exe -c -maintain plugin
Task: {A4D92032-EFE2-4D23-9BF2-C758D7BE05D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {DBBF0DB9-D025-4793-847B-9E90829B40EA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F54AA33B-D4BB-44F8-9BFA-A109776E333E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F6657A90-4BE6-4D61-9257-37B03074FBE5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-06-27 15:11 - 2015-06-17 02:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-07 19:13 - 2014-04-07 19:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-04-29 05:38 - 2014-04-29 05:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 05:35 - 2014-04-29 05:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 05:42 - 2014-04-29 05:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-06-21 16:05 - 2015-06-24 07:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-19 21:51 - 2014-02-19 21:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-02-26 05:27 - 2013-02-26 05:27 - 00129536 _____ () C:\Program Files (x86)\Winamp\System\ClassicPro.w5s
2013-12-12 22:47 - 2013-12-12 22:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04830709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39150699.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45820861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93039284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04830709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39150699.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45820861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93039284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tony\Desktop\dump2\dump\LRFFXIII-Lightning2.jpeg
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "StarWind Management Console"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B188B65E-B72E-4555-840C-34429D355F2F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{485CC7C5-4C24-48D7-A376-0AD43AFD9423}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8B246F0C-3479-4B0C-AB95-22B12CBA6312}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{76FC9FA1-FCBD-4586-B957-0A3E68FA03CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EB61C588-C02A-45CA-8F73-BF8E26A8F210}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{7CD628F8-3AC7-43C8-A621-6A74BB60A7F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7CE6B7B3-8A32-4477-BC0C-11943B6CB277}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{50C416A7-DB2A-4833-AA0B-9F9BE9DAE2C7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F019A841-059F-4807-8A5C-95E253434A3B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6C5B8ACD-911E-498F-8471-0058E54A3308}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{71314109-4FDB-4FA2-80A9-E18A8D686F9B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E8E96025-2273-450F-86E5-380DB4AA58B0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6A540E34-192A-4721-97BF-59AB833A171A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5FF4FE2A-0FDC-4B8F-9BD2-E78E327305AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{15E63219-612F-49BA-9415-2A3C22F3CCD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4400EDC5-3D90-49AF-ACE9-80FC0F6F0F48}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C31A8BEA-9977-4D56-90E8-20760DC685EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{062748AC-93C1-4F23-9D45-D6B077652F53}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{468B1148-1A09-4BD7-BD75-0B062C9C3374}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1F00750C-4D1A-4D68-A30A-65842A65E44F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{84CE9F3A-0805-414A-92E7-BAC83B2C1CC7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2C1788BC-9FAF-4653-8DE5-12DD027EF060}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{48C23609-C33C-49F9-BF67-D8B0DA403A78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2CCF0507-EBB9-48C2-B30A-D828ADE70726}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{57956D4F-6891-4099-8659-29E88900F1AD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{418BC857-E453-41B3-9A9A-1A4190B1AE9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D85F3855-E017-4B1B-B090-BBFA86551D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9ACD10C-4CEB-47C1-8665-DE41F0EF0131}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{973F08BE-2474-497C-9647-3D5174A18050}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{655AEE04-64FC-4A43-AEFD-AB4485F6B740}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{7D8F1EA1-FABC-438E-BCDD-EFB674D19860}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{CAE41F79-3D0A-4A75-B3BF-B21B53258166}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{209C1FC3-B134-43B7-A76B-77840CB50EB3}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{E67F6B1A-438E-49EA-84FF-D041F74860B6}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0B9C2780-8119-4BDB-9DE2-822B5C9AE9C8}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{579231C1-935F-41CD-97F0-5505E5A644AE}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0B80D334-A447-4924-9FBF-316C6FEAC3B5}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0E2986D0-EBFB-4B92-B9B3-BC8E3E401A03}] => (Allow) %ProgramFiles% (x86)\Kepard\Kepard.exe
FirewallRules: [{91FB8865-3B74-46FC-A5E8-09FB289BB0DD}] => (Allow) %ProgramFiles% (x86)\Kepard\Kepard.exe
FirewallRules: [{36F7C12E-F4D4-4CF7-AC01-2DC9C10B3A96}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60438FD9-1A12-438E-8219-56B5DB2C18DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8270A68-9481-4801-9F2A-6E850E08E94C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9272D235-5C0E-40EC-9954-22A43D22DC43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBA1318B-433F-45A8-9CEA-EA39AC3CEBFA}] => (Allow) %ProgramFiles% (x86)\mIRC\mirc.exe
FirewallRules: [{EF679000-E357-4C2B-B321-9AADCA325171}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FDD7F4ED-29BD-4A16-AE88-76C15D359D4F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{10A052FE-D545-4866-BDFE-65393CD177C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{73FE59F8-3F98-4845-AA24-1C2B7F9B8A87}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3A1C5DF0-BCD8-4434-BAB7-3887CFAD404F}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BD982D62-9F50-413C-B4EF-8DC4F8A6A372}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E787CA64-E840-44B3-8D4A-30D859A415C8}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{699A4D0E-428C-4ADD-9759-8198EB155033}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{3F1B8CF4-126F-4EC3-95C8-7CEE5B6D5ED5}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9C2B7E74-4B8A-462C-9DB5-E52CC910B4D2}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{DC213C34-56B8-4BE0-8338-2D1A5C9A25AD}C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{6D3ED639-37BF-4A2F-950D-6BD509A00699}C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [{0256C79A-D0FD-49CF-BCD7-BD82A66FF16A}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{729D007F-6036-441C-9670-B1C0AC85B802}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{2BA1A131-3514-4D06-878C-A71AAD0C5E00}] => (Allow) C:\Program Files\StarWind Software\StarWind\OpenPegasus\bin\cimserver.exe
FirewallRules: [{EBA751C0-44DD-40FE-946E-EFA2AAC4D3AC}] => (Allow) C:\Program Files\StarWind Software\StarWind\OpenPegasus\bin\cimserver.exe
FirewallRules: [TCP Query User{A6E69A68-6ADF-44F1-A1C4-813FC74D5973}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CF2F7E90-C5BA-4973-9B0F-9DF841857EC2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4F4E75AA-9A8A-4D81-90DA-B6A142CE9650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{85971A93-7030-4B52-990D-4964049DFBA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [TCP Query User{FD8964F3-87D0-4B6F-8706-BD7C26870380}C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe] => (Allow) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [UDP Query User{6E6FDA34-EE71-4381-ABA8-5E707ED6BEF2}C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe] => (Allow) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{69372F78-1902-4515-8A22-41D1902E7E7E}] => (Block) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{75E00305-4C7E-425B-B771-AF4C76F517F9}] => (Block) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{651A19BB-93C7-4E4E-B9CE-BC245A95CE2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8ADDE872-63AB-415A-BF13-1E5C92A7DA34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{C1A7E3B1-B8C8-4B4C-AEEF-88B9396D7FF0}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0880F2DB-3933-4DEE-B652-8994C543847C}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{FEC5614C-216E-4750-AB64-71059ADFD07B}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{95B0FB50-AE5E-434F-8C19-18497177D1B8}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{AA667116-44BE-45BA-B1FB-4935866E0BE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [{C8507694-C710-449A-9357-DF812A119239}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [TCP Query User{08B55094-D962-4E51-9C57-44D671DC9CB2}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{3F0E93A0-4864-446E-8FEC-584D0759FB63}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{6AEB0EF1-36BE-4FD7-8E79-5025A55EC5DE}] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{0145E563-365B-42DA-A65E-F99E6F549C5A}] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{14F87017-D04F-43A7-B84A-8F27B790FEC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{8FADF7D0-20F8-490F-A708-594EF2FE6ED2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{C0C199F5-B5FF-4028-9C62-66604D656789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AB76A023-C6BC-4443-9675-449322DEC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE118CC1-371D-47F4-9ACD-BEFA15C24D25}] => (Allow) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9F9E8AA-EE74-40D8-8146-AD771315A3D6}] => (Allow) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0A2767C-6102-417D-BBA4-AB917322B4AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6C97930-AA77-46A4-A37B-5E7B981953E4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD0EBA53-7A43-4679-91C4-6C5BEB93ED3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{76DCD92B-C738-4816-B103-9C1992CF683A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6D10FC8F-FAF9-4D0E-91EE-B3C727B75ECB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D756A500-06A5-41E4-A969-817C906D3B61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7CE746FD-8DF3-409C-B2A2-85D1F2E7CF55}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{25C2597F-3138-459B-BFCA-DDE931CCE96B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{708D95C2-4468-41BC-B868-DA559109A5A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{4F2DE8DA-C82C-435B-8ADC-8E7E62CABECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{303C31BF-2487-46B5-982F-C9361D875D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{DEE798ED-6ACB-4FF8-9BBD-B54B1E7B8697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27B8A254-33DD-4D52-AC62-0E79DD9141A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros Bluetooth Bus
Description: Qualcomm Atheros Bluetooth Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_BUS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2015 05:26:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/30/2015 04:19:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.0.5738 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a5c

Start Time: 01d0fa5dce7189bf

Termination Time: 93

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 82a9658e-67b0-11e5-82e6-206a8a9c1774

Faulting package full name:

Faulting package-relative application ID:

Error: (09/29/2015 09:15:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 4.8.207.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bb0

Start Time: 01d0fb1d59de9ad1

Termination Time: 4294967295

Application Path: C:\Program Files\Windows Defender\MSASCui.exe

Report Id: bad4552a-6710-11e5-82e6-206a8a9c1774

Faulting package full name:

Faulting package-relative application ID:

Error: (09/29/2015 05:19:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:15:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:13:40 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:13:40 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:13:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:11:38 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/28/2015 03:22:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (10/03/2015 04:09:50 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/03/2015 04:09:20 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/02/2015 06:14:33 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/02/2015 06:14:03 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/02/2015 06:00:22 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/02/2015 05:59:52 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/01/2015 06:21:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
%%109

Error: (10/01/2015 06:21:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (10/01/2015 06:21:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/01/2015 06:21:04 PM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}


CodeIntegrity:
===================================
  Date: 2015-10-02 06:00:22.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-01 05:55:32.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-29 02:05:56.864
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-28 05:53:51.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-27 04:30:11.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-22 04:08:56.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-18 05:40:53.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 00:10:20.690
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-26 17:17:03.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-18 03:20:21.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 21%
Total physical RAM: 16307.27 MB
Available physical RAM: 12819.41 MB
Total Virtual: 18739.27 MB
Available Virtual: 15028.41 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.15 GB) (Free:48.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2C7C75A4)

Partition: GPT.

==================== End of Addition.txt ============================
 



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:34 PM

Posted 05 October 2015 - 08:40 AM

Hi,

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document. start
    CreateRestorePoint:
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    GroupPolicyScripts: Restriction <======= ATTENTION
    GroupPolicyScripts\User: Restriction <======= ATTENTION
    Hosts:
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> DefaultScope {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
    SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
    FF NetworkProxy: "ssl_port", 6698
    FF NetworkProxy: "type", 1
    EmptyTemp:
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.


 


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 05 October 2015 - 05:30 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by tony (2015-10-05 18:23:28) Run:1
Running from C:\Users\tony\Desktop
Loaded Profiles: tony (Available Profiles: tony & basic & t00r)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
Hosts:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> DefaultScope {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} URL =
FF NetworkProxy: "ssl_port", 6698
FF NetworkProxy: "type", 1
EmptyTemp:
*****************

Restore point was successfully created.
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-500228877-2413465653-1359094120-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A5E622F-3638-4F08-9C2B-5ECE64D92ABC}" => key removed successfully
HKCR\CLSID\{7A5E622F-3638-4F08-9C2B-5ECE64D92ABC} => key not found.
Firefox Proxy settings were reset.
FF NetworkProxy: "type", 1 => not found
EmptyTemp: => 78.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 18:24:00 ====



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:34 PM

Posted 07 October 2015 - 02:23 PM

Can you please give me a fresh set of FRST logs. Thank you.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 07 October 2015 - 04:57 PM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-10-2015
Ran by tony (administrator) on ACERX64 (07-10-2015 17:56:02)
Running from C:\Users\tony\Desktop\FRST-OlderVersion
Loaded Profiles: tony (Available Profiles: tony & basic & t00r)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(mIRC Co. Ltd.) C:\Program Files (x86)\mIRC\mirc.exe
(Ableton) C:\ProgramData\Ableton\Live 9.2 Suite\Program\Ableton Live 9 Suite.exe
() C:\ProgramData\Ableton\Live 9.2 Suite\Resources\Extensions\Index\Ableton Index.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Run: [uTorrent] => C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe [1998432 2015-06-20] (BitTorrent Inc.)
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [QuickLaunchEnabled] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Policies\Explorer: [ForceStartMenuLogOff] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-30]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{02D9D7E3-542F-412A-BFFB-406112EFCDE3}: [DhcpNameServer] 64.71.255.204 64.71.255.198
Tcpip\..\Interfaces\{3E2F24F5-7D53-481B-9194-E9D6CEB8A1F0}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{91D18385-05AB-400A-848D-B0CA2B9BA9CC}: [DhcpNameServer] 64.71.255.204 64.71.255.198

Internet Explorer:
==================
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {4EF32268-337B-4959-90E8-7D1CADB8BDE7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-500228877-2413465653-1359094120-1001 -> {A2B8EA94-4097-4C18-8222-2DEA254E7205} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default
FF DefaultSearchEngine: Startpage HTTPS
FF DefaultSearchEngine.US: Google
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Extension: FT DeepDark - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-08-26]
FF Extension: Bookmark on Delicious - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\delicious@techraga.com.xpi [2015-05-14]
FF Extension: Ghostery - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\firefox@ghostery.com.xpi [2015-01-23]
FF Extension: HTTP Nowhere - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\http-nowhere@cwilper.github.com.xpi [2015-01-23]
FF Extension: Self-Destructing Cookies - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-01-23]
FF Extension: FlashDisable - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2015-05-20]
FF Extension: NoSquint - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\nosquint@urandom.ca.xpi [2015-06-15]
FF Extension: Video WithOut Flash - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\vwof@drev.com.xpi [2015-05-17]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-06-15]
FF Extension: FlashGot - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-02-16]
FF Extension: Stylish - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-06-14]
FF Extension: Search by Image for Google - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-01-23]
FF Extension: Greasemonkey - C:\Users\tony\AppData\Roaming\Mozilla\Firefox\Profiles\f3qpi7ge.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-08]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-16] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ak1avs; C:\Windows\System32\Drivers\ak1avs.sys [359784 2012-12-18] (Native Instruments GmbH)
R3 ak1usb_svc; C:\Windows\System32\Drivers\ak1usb.sys [100712 2012-12-18] (Native Instruments GmbH)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-02] (Qualcomm Atheros Communications, Inc.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-02] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-06-27] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-07] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-07-10] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-05] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MFE_RR; \??\C:\Users\tony\AppData\Local\Temp\mfe_rr.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 20:26 - 2015-10-06 20:26 - 45030588 _____ C:\Users\tony\Downloads\xvideos.com_e1e57e1f329035c4a25722f80de61d58.mp4
2015-10-06 20:25 - 2015-10-06 20:26 - 44749478 _____ C:\Users\tony\Downloads\xvideos.com_df3755fdf508c229dffc68d25a8f9d32.mp4
2015-10-06 20:25 - 2015-10-06 20:25 - 37851667 _____ C:\Users\tony\Downloads\xvideos.com_b5c711b7ef4c51f0052ef85bd14ed437.mp4
2015-10-06 20:24 - 2015-10-06 20:24 - 40816314 _____ C:\Users\tony\Downloads\xvideos.com_424f8521f3432953f8734ed06872772f.mp4
2015-10-06 20:23 - 2015-10-06 20:23 - 43682674 _____ C:\Users\tony\Downloads\xvideos.com_9563784f34c26233e941c8956f958f6d.mp4
2015-10-06 20:23 - 2015-10-06 20:23 - 42291402 _____ C:\Users\tony\Downloads\xvideos.com_8bea07803238107d1e0fe58f949b95f0.mp4
2015-10-06 20:23 - 2015-10-06 20:23 - 38788315 _____ C:\Users\tony\Downloads\xvideos.com_96875142a3135bbc146b6eab6b5cbd87.mp4
2015-10-06 20:22 - 2015-10-06 20:22 - 45282256 _____ C:\Users\tony\Downloads\xvideos.com_f68c65b2a9b603dcd03e4c442b454041.mp4
2015-10-05 18:27 - 2015-10-05 18:27 - 00000008 __RSH C:\Users\tony\ntuser.pol
2015-10-05 18:27 - 2015-10-05 18:27 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-05 18:23 - 2015-10-07 17:56 - 00000000 ____D C:\Users\tony\Desktop\FRST-OlderVersion
2015-10-04 15:24 - 2015-10-04 15:24 - 00870545 _____ C:\Users\tony\Downloads\New Recording 5.m4a
2015-10-04 14:48 - 2015-10-04 14:48 - 01118278 _____ C:\Users\tony\Downloads\Finding it hard..m4a
2015-10-04 14:24 - 2015-10-04 14:24 - 00011495 _____ C:\Users\tony\Downloads\0x4593035A-sec.asc
2015-10-04 14:24 - 2015-10-04 14:24 - 00006061 _____ C:\Users\tony\Downloads\0x4593035A-pub.asc
2015-10-03 18:44 - 2015-10-05 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-03 15:01 - 2015-10-03 15:01 - 02471168 _____ (mIRC Co. Ltd.) C:\Users\tony\Downloads\mirc743.exe
2015-10-03 14:59 - 2015-10-03 15:03 - 00000000 ____D C:\Program Files (x86)\mIRC
2015-10-03 14:59 - 2015-10-03 14:59 - 00000927 _____ C:\Users\tony\Desktop\mIRC.lnk
2015-10-03 14:59 - 2015-10-03 14:59 - 00000927 _____ C:\Users\basic\Desktop\mIRC.lnk
2015-10-03 14:59 - 2015-10-03 14:59 - 00000927 _____ C:\Users\Administrator\Desktop\mIRC.lnk
2015-10-03 14:59 - 2015-10-03 14:59 - 00000000 ____D C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mIRC
2015-10-03 14:59 - 2015-10-03 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-10-03 14:57 - 2015-10-03 14:58 - 01121693 _____ (mIRC Co. Ltd.) C:\Users\tony\Downloads\mirc62.exe
2015-10-03 14:16 - 2015-10-05 18:22 - 00000000 ____D C:\Users\tony\Downloads\FRST-OlderVersion
2015-10-01 19:48 - 2015-10-01 19:51 - 00096760 _____ C:\Users\tony\Desktop\Firestarter2.mp3.sfk
2015-10-01 19:47 - 2015-10-01 19:48 - 00272960 _____ C:\Users\tony\Desktop\Firestarter_.mp3.sfk
2015-10-01 17:58 - 2015-10-01 17:58 - 00576511 _____ C:\Users\tony\Downloads\Live with demons(1).m4a
2015-10-01 17:53 - 2015-10-01 18:20 - 00000000 ____D C:\AdwCleaner
2015-10-01 17:53 - 2015-10-01 17:53 - 01670656 _____ C:\Users\tony\Downloads\AdwCleaner.exe
2015-10-01 17:50 - 2015-10-01 17:50 - 00001164 _____ C:\Users\tony\Desktop\JRT.txt
2015-10-01 17:25 - 2015-10-01 17:25 - 01801288 _____ (Malwarebytes) C:\Users\tony\Downloads\JRT.exe
2015-10-01 16:46 - 2015-10-01 16:46 - 00576511 _____ C:\Users\tony\Downloads\Live with demons.m4a
2015-09-28 18:00 - 2015-09-28 18:00 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-09-28 15:02 - 2015-09-28 15:03 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-28 14:42 - 2015-09-28 14:43 - 11350472 _____ (SurfRight B.V.) C:\Users\tony\Downloads\HitmanPro_x64.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 02816040 _____ C:\Users\tony\Downloads\SecurityTaskManager_Setup.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 00584752 _____ (Neuber GmbH) C:\Users\tony\Downloads\RemoteProcesses.exe
2015-09-28 14:20 - 2015-09-28 14:20 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00001111 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-09-28 14:20 - 2015-09-28 14:20 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2015-09-28 14:14 - 2015-09-28 14:14 - 00000000 _____ C:\Users\tony\Desktop\sfc slash scannow.txt
2015-09-28 14:06 - 2011-07-25 12:40 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\tony\Downloads\Tcpview.exe
2015-09-28 14:05 - 2015-09-28 14:05 - 00365056 _____ (BiniSoft.org) C:\Users\tony\Downloads\wfc4setup.exe
2015-09-28 12:34 - 2015-09-28 12:35 - 05636489 _____ (Swearware) C:\Users\tony\Downloads\ComboFix(1).exe
2015-09-28 12:30 - 2015-09-28 12:30 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tony\Downloads\mbar-1.09.3.1001.exe
2015-09-28 11:59 - 2015-09-28 11:59 - 00380416 _____ C:\Users\tony\Downloads\5nrcm7pi.exe
2015-09-28 00:46 - 2015-09-28 00:46 - 30172511 _____ C:\Users\tony\Downloads\xvideos.com_675b6b9e385700fb86d6ae1a9519b2e7.mp4
2015-09-28 00:46 - 2015-09-28 00:46 - 26345799 _____ C:\Users\tony\Downloads\xvideos.com_7dec755860c816681016bd2ba9a754d5.mp4
2015-09-28 00:46 - 2015-09-28 00:46 - 25934861 _____ C:\Users\tony\Downloads\xvideos.com_df35ecfd5007b6a160f6db2d0a49f18c.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 50086890 _____ C:\Users\tony\Downloads\xvideos.com_0152216c39df4227328202267ce7c011.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 26309532 _____ C:\Users\tony\Downloads\xvideos.com_f6c719a07eedd24ab340c152e8d2bc85.mp4
2015-09-28 00:45 - 2015-09-28 00:45 - 01961002 _____ C:\Users\tony\Downloads\xvideos.com_53539d65d4fd12719f48a2f3f77b18e8.mp4
2015-09-28 00:44 - 2015-09-28 00:45 - 30976922 _____ C:\Users\tony\Downloads\xvideos.com_bfe3266ae3831898c69e914ef6784479.mp4
2015-09-28 00:44 - 2015-09-28 00:44 - 16735837 _____ C:\Users\tony\Downloads\xvideos.com_82f2eccce6f56a182aaba3ed1c951e9e.mp4
2015-09-27 20:33 - 2013-05-10 11:57 - 01661440 _____ (Slackerhome Productions) C:\Users\tony\Desktop\Better DS3.exe
2015-09-27 20:24 - 2015-09-27 20:24 - 00000000 ____D C:\Users\tony\Desktop\ScpServer
2015-09-27 20:24 - 2013-11-02 17:02 - 11438724 _____ C:\Users\tony\Desktop\ScpServer.zip
2015-09-27 20:24 - 2013-11-02 12:28 - 05073240 _____ (Microsoft Corporation) C:\Users\tony\Desktop\vcredist_x86.exe
2015-09-27 20:24 - 2013-11-02 12:28 - 00292184 _____ (Microsoft Corporation) C:\Users\tony\Desktop\dxwebsetup.exe
2015-09-27 20:24 - 2013-11-02 12:27 - 00889416 _____ (Microsoft Corporation) C:\Users\tony\Desktop\dotNetFx40_Full_setup.exe
2015-09-27 15:16 - 2015-09-27 15:22 - 74837388 _____ C:\Users\tony\Downloads\SCP DS3 Driver Package(1).zip
2015-09-27 15:10 - 2015-09-27 20:27 - 00000000 ____D C:\Program Files\Scarlett.Crush Productions
2015-09-27 15:01 - 2015-09-27 15:01 - 00000943 _____ C:\Users\Public\Desktop\DS3 Tool.lnk
2015-09-27 14:54 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Users\tony\Desktop\MijXfilt.sys
2015-09-27 14:54 - 2012-05-12 00:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\tony\Desktop\MotioninJoy_071001_signed.exe
2015-09-27 14:54 - 2011-12-07 20:42 - 01721576 _____ (Microsoft Corporation) C:\Users\tony\Desktop\WdfCoInstaller01009.dll
2015-09-27 14:54 - 2011-12-07 20:42 - 00074960 _____ (Microsoft Corporation) C:\Users\tony\Desktop\xusb21.sys
2015-09-27 14:49 - 2015-09-27 14:49 - 00759932 _____ C:\Users\tony\Downloads\BetterDS3_1.5.3(1).zip
2015-09-27 13:51 - 2015-09-27 13:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-27 13:43 - 2015-09-27 13:43 - 00011834 _____ C:\Users\tony\Desktop\MBRCheck_09.27.15_13.43.46.txt
2015-09-26 19:32 - 2015-09-26 19:45 - 00000000 ____D C:\Users\tony\Desktop\Ich Seh, Ich Seh (Severin Fiala, Veronika Franz, 2014)
2015-09-26 18:47 - 2015-09-27 11:16 - 00173560 _____ C:\Users\tony\Desktop\Higrade Dayz.mp3.sfk
2015-09-26 18:47 - 2015-09-26 18:47 - 00173544 _____ C:\Users\tony\Desktop\Higrade Dayz.sfk
2015-09-26 18:30 - 2015-09-26 18:30 - 133228844 ____T C:\Users\tony\Desktop\Higrade Dayz.wav
2015-09-26 18:30 - 2015-09-26 18:30 - 00846705 ____T C:\Users\tony\Desktop\Higrade Dayz.wav.asd
2015-09-26 18:13 - 2015-09-26 18:14 - 00173136 _____ C:\Users\tony\Desktop\Highgrade Days.mp3.sfk
2015-09-26 18:12 - 2015-09-26 18:13 - 00173120 _____ C:\Users\tony\Desktop\Highgrade Days.sfk
2015-09-26 16:29 - 2015-09-26 16:29 - 132903368 ____T C:\Users\tony\Desktop\Highgrade Days.wav
2015-09-26 16:29 - 2015-09-26 16:29 - 00845733 ____T C:\Users\tony\Desktop\Highgrade Days.wav.asd
2015-09-26 15:40 - 2015-09-26 15:40 - 00406595 _____ C:\Users\tony\Downloads\New Recording 8.m4a
2015-09-25 21:50 - 2015-09-25 21:50 - 00081451 _____ C:\Users\tony\Desktop\66523_4521074183273_884297202_n.jpeg
2015-09-23 19:17 - 2015-09-23 19:17 - 00427147 _____ C:\Users\tony\Downloads\New Recording 3.m4a
2015-09-23 17:25 - 2015-09-23 17:25 - 00431272 _____ C:\Users\tony\Downloads\New Recording 2.m4a
2015-09-22 22:59 - 2015-09-23 00:04 - 00150168 _____ C:\Users\tony\Desktop\Firestarter.mp3.sfk
2015-09-22 22:57 - 2015-09-22 22:59 - 00150832 _____ C:\Users\tony\Desktop\Firestarter.sfk
2015-09-22 22:56 - 2015-09-22 22:56 - 115789346 ____T C:\Users\tony\Desktop\Firestarter.wav
2015-09-22 22:56 - 2015-09-22 22:56 - 00735035 ____T C:\Users\tony\Desktop\Firestarter.wav.asd
2015-09-20 22:55 - 2015-09-20 22:55 - 00186928 _____ C:\Users\tony\Desktop\Resistance Is Existence2.mp3.sfk
2015-09-20 22:54 - 2015-09-20 22:55 - 00186904 _____ C:\Users\tony\Desktop\Resistance Is Existence2.sfk
2015-09-20 22:53 - 2015-09-20 22:54 - 00921269 ____T C:\Users\tony\Desktop\Resistance Is Existence2.wav.asd
2015-09-20 22:53 - 2015-09-20 22:53 - 143492276 ____T C:\Users\tony\Desktop\Resistance Is Existence2.wav
2015-09-20 22:48 - 2015-09-20 22:54 - 00186928 _____ C:\Users\tony\Desktop\Resistance Is Existence.mp3.sfk
2015-09-20 22:48 - 2015-09-20 22:48 - 00186904 _____ C:\Users\tony\Desktop\Resistance Is Existence.sfk
2015-09-20 22:44 - 2015-09-20 22:45 - 00919931 ____T C:\Users\tony\Desktop\Resistance Is Existence.wav.asd
2015-09-20 22:44 - 2015-09-20 22:44 - 143492276 ____T C:\Users\tony\Desktop\Resistance Is Existence.wav
2015-09-20 17:58 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-20 17:58 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-20 17:58 - 2015-09-02 14:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-20 17:58 - 2015-09-02 13:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-20 17:58 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-09-20 17:58 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-09-20 17:58 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-20 17:58 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-20 17:58 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-20 17:58 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-20 17:58 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-20 17:58 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-20 17:58 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-09-20 17:58 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-09-20 17:58 - 2015-07-13 15:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-20 17:58 - 2015-07-10 15:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-20 17:58 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-20 17:58 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-20 17:58 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-20 17:58 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-20 17:58 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-20 17:58 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-20 17:58 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-20 17:58 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-20 17:58 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-20 13:26 - 2015-09-20 13:26 - 00000000 ____D C:\Users\tony\AppData\Roaming\MotioninJoy
2015-09-20 13:24 - 2015-09-27 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-09-20 13:24 - 2015-09-27 15:01 - 00000000 ____D C:\Program Files\MotioninJoy
2015-09-20 13:24 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\WINDOWS\system32\MijFrc.dll
2015-09-20 13:23 - 2013-05-19 03:02 - 00039168 _____ (Scarlet.Crush Productions) C:\WINDOWS\system32\Drivers\ScpVBus.sys
2015-09-20 13:23 - 2013-01-07 10:56 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2015-09-20 03:58 - 2015-09-20 03:58 - 00000069 _____ C:\Users\tony\Desktop\icalcs.txt
2015-09-17 21:57 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-17 21:57 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-17 21:57 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-17 21:57 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-17 21:57 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-17 21:57 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-17 21:57 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-17 21:57 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-17 21:57 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-17 21:57 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-17 21:57 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-17 21:57 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-17 21:57 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-17 21:57 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-17 21:57 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-17 21:57 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-17 21:57 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-17 21:57 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-17 21:57 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-17 21:57 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-17 21:57 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-17 21:57 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-17 21:57 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-17 21:57 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-17 21:57 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-17 21:57 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-17 21:57 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-17 21:57 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-17 21:57 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-17 21:57 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-17 21:57 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-17 21:57 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-17 21:57 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-17 21:57 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-17 21:57 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-17 21:57 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-17 21:57 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-17 21:57 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-17 21:57 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-17 21:57 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-17 21:57 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-17 21:57 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-17 21:57 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-17 21:57 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-17 21:57 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-17 21:57 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-17 21:57 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-17 21:57 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-17 21:57 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-17 21:57 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-17 21:57 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-17 21:57 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-17 21:57 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-17 21:57 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-17 21:57 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-17 21:57 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-17 21:57 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-17 21:57 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-17 21:57 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-14 15:51 - 2015-09-14 21:58 - 00000000 ___RD C:\Users\tony\Desktop\Going Places Project
2015-09-07 05:58 - 2015-09-07 05:58 - 226666903 _____ C:\Users\tony\Downloads\tecmos_deception_-_invitation_to_darkness.zip
2015-09-07 05:57 - 2015-09-07 05:57 - 414756701 _____ C:\Users\tony\Downloads\granstream_saga,_the.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-07 17:56 - 2015-06-14 19:58 - 00000000 ____D C:\FRST
2015-10-07 17:55 - 2015-02-01 22:20 - 00000000 ____D C:\Users\tony\AppData\Roaming\vlc
2015-10-07 17:37 - 2015-02-01 22:03 - 00000000 ____D C:\Users\tony\AppData\Roaming\mIRC
2015-10-07 17:23 - 2014-09-23 06:43 - 01621330 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-07 17:17 - 2015-02-05 00:36 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-07 17:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-06 23:51 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-05 18:40 - 2015-01-15 16:31 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-500228877-2413465653-1359094120-1001
2015-10-05 18:33 - 2014-03-18 06:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-05 18:29 - 2014-09-23 06:04 - 00006463 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-10-05 18:27 - 2015-08-17 11:15 - 00017996 _____ C:\WINDOWS\setupact.log
2015-10-05 18:27 - 2015-01-15 16:19 - 00000000 ____D C:\Users\tony
2015-10-05 18:27 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-05 18:23 - 2015-06-14 19:54 - 02193920 _____ (Farbar) C:\Users\tony\Desktop\FRST64.exe
2015-10-05 18:23 - 2015-02-08 19:55 - 00000000 ____D C:\Users\tony\AppData\LocalLow\Temp
2015-10-05 18:23 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-05 17:27 - 2014-09-23 05:59 - 00003722 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-05 17:27 - 2014-09-23 05:59 - 00003476 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-05 17:19 - 2015-01-16 04:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-05 17:19 - 2014-03-18 05:54 - 00054326 _____ C:\WINDOWS\PFRO.log
2015-10-03 14:49 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-03 14:18 - 2015-06-14 19:59 - 00045680 _____ C:\Users\tony\Downloads\Addition.txt
2015-10-03 14:18 - 2015-06-14 19:58 - 00042837 _____ C:\Users\tony\Downloads\FRST.txt
2015-10-03 14:16 - 2015-06-14 19:54 - 02193408 _____ (Farbar) C:\Users\tony\Downloads\FRST64.exe
2015-10-01 19:44 - 2015-03-03 16:14 - 00000000 ____D C:\Users\tony\Desktop\dump2
2015-09-28 21:40 - 2015-05-03 20:16 - 00007668 _____ C:\Users\tony\AppData\Local\Resmon.ResmonCfg
2015-09-28 21:12 - 2015-01-15 16:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-28 18:00 - 2015-02-06 03:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-28 14:25 - 2015-01-15 16:29 - 00000000 ____D C:\Users\tony\AppData\Local\CrashDumps
2015-09-28 12:49 - 2015-07-05 13:30 - 00000000 ____D C:\Users\tony\Desktop\mbar
2015-09-28 12:49 - 2015-06-27 14:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-26 21:11 - 2015-02-05 19:48 - 00000000 ____D C:\Users\tony\AppData\Roaming\uTorrent
2015-09-26 09:18 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-20 17:59 - 2015-01-16 07:33 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-09-20 17:59 - 2015-01-16 07:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-20 16:53 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-09-19 04:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-17 22:35 - 2013-08-22 10:44 - 00439296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-17 22:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-17 22:05 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-17 22:02 - 2015-01-19 15:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 21:18 - 2015-01-16 07:35 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 21:18 - 2015-01-16 07:35 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-02-02 23:49 - 2013-05-10 11:57 - 1661440 _____ (Slackerhome Productions) C:\Program Files\Better DS3.exe
2015-02-06 04:19 - 2015-03-30 20:36 - 0000600 _____ () C:\Users\tony\AppData\Local\PUTTY.RND
2015-05-03 20:16 - 2015-09-28 21:40 - 0007668 _____ () C:\Users\tony\AppData\Local\Resmon.ResmonCfg
2014-09-23 06:01 - 2014-09-23 06:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-03 04:08

==================== End of FRST.txt ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-10-2015
Ran by tony (2015-10-07 17:56:38)
Running from C:\Users\tony\Desktop\FRST-OlderVersion
Windows 8.1 Pro (X64) (2015-01-15 20:21:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

basic (S-1-5-21-500228877-2413465653-1359094120-1003 - Limited - Enabled) => C:\Users\basic
GuestFag (S-1-5-21-500228877-2413465653-1359094120-501 - Limited - Disabled)
t00r (S-1-5-21-500228877-2413465653-1359094120-500 - Administrator - Disabled) => C:\Users\Administrator
tony (S-1-5-21-500228877-2413465653-1359094120-1001 - Administrator - Enabled) => C:\Users\tony

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{209A9505-AEA6-4D2E-ACFB-F9905CE89AE0}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Alien Isolation Digital Deluxe Edition (HKLM-x32\...\Alien Isolation Digital Deluxe Edition_is1) (Version: Alien Isolation Digital Deluxe Edition - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitvise SSH Client 6.22 (remove only) (HKLM-x32\...\BvSshClient) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetLink Controller (HKLM\...\{7FBA83D7-D58E-4B70-9B9B-12E95B183B22}) (Version: 16.6.1.3 - Broadcom Corporation)
ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DARK SOULS - Prepare To Die Edition (HKLM-x32\...\DARK SOULS - Prepare To Die Edition_is1) (Version:  - )
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version:  - FromSoftware, Inc)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
FileZilla Client 3.10.2 (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.246 - SurfRight B.V.)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Hotline Miami 2 - Wrong Number (HKLM-x32\...\1424773427_is1) (Version: 2.0.0.1 - GOG.com)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Native Instruments Audio Kontrol 1 Driver (HKLM-x32\...\Native Instruments Audio Kontrol 1 Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.2.189 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.1.854 - Native Instruments)
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - UpdatePack.nl)
NFOlux (HKLM-x32\...\NFOlux) (Version:  - )
Noise Reduction Plug-In 2.0 (HKLM-x32\...\{36DF4580-D1B3-11E3-A23E-F04DA23A5C58}) (Version: 2.0.628 - Sony)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.1.39500 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version:  - Capcom)
Resident Evil HD Remaster (HKLM-x32\...\Resident Evil HD Remaster_is1) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Security Task Manager 2.1d (HKLM-x32\...\Security Task Manager) (Version: 2.1d - Neuber Software)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Sound Forge Pro 10.0 (HKLM-x32\...\{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}) (Version: 10.0.425 - Sony)
Sound Forge Pro 11.0 (HKLM-x32\...\{FE1A7F80-1348-11E4-8C79-F04DA23A5C58}) (Version: 11.0.293 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-500228877-2413465653-1359094120-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points =========================

17-09-2015 21:58:04 Windows Update
25-09-2015 00:26:05 Scheduled Checkpoint
28-09-2015 15:22:29 Checkpoint by HitmanPro
01-10-2015 17:26:01 JRT Pre-Junkware Removal
05-10-2015 18:23:34 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-10-05 18:23 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00BE2C54-79CF-4A43-97D5-2F405C87F4E6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {2FE17D40-7267-461E-8662-BFCA94422C08} - System32\Tasks\FUB => C:\Program Files (x86)\Acer\Care Center\FUB.bat
Task: {31B24812-8391-4DDA-9D3B-C78772A09C6F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {49C43DEB-63B2-4388-8C58-07141C0B3019} - System32\Tasks\{F2EB9544-56F6-409E-AF0C-21DA0A44DD19} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_194_Plugin.exe -c -maintain plugin
Task: {647A9420-C911-424E-B2ED-1C2EEDE2F304} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-08] (Acer Incorporated)
Task: {668775C1-906D-46F5-BD7F-9FF59CCD762F} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {8176A42E-5A67-43F0-BDAF-6B79C4D24A5B} - System32\Tasks\{63370813-BF7E-4EE6-B933-FB5CD72B4057} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe -c -maintain plugin
Task: {825DAEE5-CF2F-40CE-95F7-2E6A60F1F230} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {9E1D26CB-441D-4888-B589-21A0BD0C5D29} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {9F8C2B2B-49CA-4D04-AEE3-6C3712AEEEED} - System32\Tasks\{6E44C2FE-AD8C-4B93-8C15-B8E2917BB3A6} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_Plugin.exe -c -maintain plugin
Task: {F6657A90-4BE6-4D61-9257-37B03074FBE5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-06-27 15:11 - 2015-06-17 02:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-07 19:13 - 2014-04-07 19:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-04-29 05:38 - 2014-04-29 05:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 05:35 - 2014-04-29 05:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 05:42 - 2014-04-29 05:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-06-25 19:54 - 2015-06-25 19:54 - 10196936 _____ () C:\ProgramData\Ableton\Live 9.2 Suite\Resources\Extensions\Index\Ableton Index.exe
2015-06-21 16:05 - 2015-06-24 07:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-19 21:51 - 2014-02-19 21:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\04830709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39150699.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45820861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93039284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\04830709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39150699.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45820861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93039284.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-500228877-2413465653-1359094120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tony\Desktop\dump2\dump\LRFFXIII-Lightning2.jpeg
DNS Servers: 64.71.255.204 - 64.71.255.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "StarWind Management Console"
HKU\S-1-5-21-500228877-2413465653-1359094120-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B188B65E-B72E-4555-840C-34429D355F2F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{485CC7C5-4C24-48D7-A376-0AD43AFD9423}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{8B246F0C-3479-4B0C-AB95-22B12CBA6312}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{76FC9FA1-FCBD-4586-B957-0A3E68FA03CD}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EB61C588-C02A-45CA-8F73-BF8E26A8F210}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{7CD628F8-3AC7-43C8-A621-6A74BB60A7F6}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{7CE6B7B3-8A32-4477-BC0C-11943B6CB277}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{50C416A7-DB2A-4833-AA0B-9F9BE9DAE2C7}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{F019A841-059F-4807-8A5C-95E253434A3B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6C5B8ACD-911E-498F-8471-0058E54A3308}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{71314109-4FDB-4FA2-80A9-E18A8D686F9B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E8E96025-2273-450F-86E5-380DB4AA58B0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{6A540E34-192A-4721-97BF-59AB833A171A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{5FF4FE2A-0FDC-4B8F-9BD2-E78E327305AA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{15E63219-612F-49BA-9415-2A3C22F3CCD7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4400EDC5-3D90-49AF-ACE9-80FC0F6F0F48}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C31A8BEA-9977-4D56-90E8-20760DC685EA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{062748AC-93C1-4F23-9D45-D6B077652F53}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{468B1148-1A09-4BD7-BD75-0B062C9C3374}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1F00750C-4D1A-4D68-A30A-65842A65E44F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{84CE9F3A-0805-414A-92E7-BAC83B2C1CC7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2C1788BC-9FAF-4653-8DE5-12DD027EF060}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{48C23609-C33C-49F9-BF67-D8B0DA403A78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2CCF0507-EBB9-48C2-B30A-D828ADE70726}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{57956D4F-6891-4099-8659-29E88900F1AD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{418BC857-E453-41B3-9A9A-1A4190B1AE9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D85F3855-E017-4B1B-B090-BBFA86551D3B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C9ACD10C-4CEB-47C1-8665-DE41F0EF0131}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{973F08BE-2474-497C-9647-3D5174A18050}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{655AEE04-64FC-4A43-AEFD-AB4485F6B740}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{7D8F1EA1-FABC-438E-BCDD-EFB674D19860}] => (Allow) C:\Program Files (x86)\mIRC\mirc.exe
FirewallRules: [{CAE41F79-3D0A-4A75-B3BF-B21B53258166}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{209C1FC3-B134-43B7-A76B-77840CB50EB3}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{E67F6B1A-438E-49EA-84FF-D041F74860B6}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0B9C2780-8119-4BDB-9DE2-822B5C9AE9C8}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{579231C1-935F-41CD-97F0-5505E5A644AE}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0B80D334-A447-4924-9FBF-316C6FEAC3B5}] => (Allow) C:\Program Files (x86)\Kepard\Kepard.exe
FirewallRules: [{0E2986D0-EBFB-4B92-B9B3-BC8E3E401A03}] => (Allow) %ProgramFiles% (x86)\Kepard\Kepard.exe
FirewallRules: [{91FB8865-3B74-46FC-A5E8-09FB289BB0DD}] => (Allow) %ProgramFiles% (x86)\Kepard\Kepard.exe
FirewallRules: [{36F7C12E-F4D4-4CF7-AC01-2DC9C10B3A96}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60438FD9-1A12-438E-8219-56B5DB2C18DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F8270A68-9481-4801-9F2A-6E850E08E94C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9272D235-5C0E-40EC-9954-22A43D22DC43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBA1318B-433F-45A8-9CEA-EA39AC3CEBFA}] => (Allow) %ProgramFiles% (x86)\mIRC\mirc.exe
FirewallRules: [{EF679000-E357-4C2B-B321-9AADCA325171}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FDD7F4ED-29BD-4A16-AE88-76C15D359D4F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{10A052FE-D545-4866-BDFE-65393CD177C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{73FE59F8-3F98-4845-AA24-1C2B7F9B8A87}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3A1C5DF0-BCD8-4434-BAB7-3887CFAD404F}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BD982D62-9F50-413C-B4EF-8DC4F8A6A372}C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E787CA64-E840-44B3-8D4A-30D859A415C8}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{699A4D0E-428C-4ADD-9759-8198EB155033}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{3F1B8CF4-126F-4EC3-95C8-7CEE5B6D5ED5}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9C2B7E74-4B8A-462C-9DB5-E52CC910B4D2}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{DC213C34-56B8-4BE0-8338-2D1A5C9A25AD}C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{6D3ED639-37BF-4A2F-950D-6BD509A00699}C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe] => (Allow) C:\users\tony\desktop\cisco packet tracer 6.1.1sv\bin\packettracer6.exe
FirewallRules: [{0256C79A-D0FD-49CF-BCD7-BD82A66FF16A}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{729D007F-6036-441C-9670-B1C0AC85B802}] => (Allow) C:\Program Files\StarWind Software\StarWind\StarWindService.exe
FirewallRules: [{2BA1A131-3514-4D06-878C-A71AAD0C5E00}] => (Allow) C:\Program Files\StarWind Software\StarWind\OpenPegasus\bin\cimserver.exe
FirewallRules: [{EBA751C0-44DD-40FE-946E-EFA2AAC4D3AC}] => (Allow) C:\Program Files\StarWind Software\StarWind\OpenPegasus\bin\cimserver.exe
FirewallRules: [TCP Query User{A6E69A68-6ADF-44F1-A1C4-813FC74D5973}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CF2F7E90-C5BA-4973-9B0F-9DF841857EC2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4F4E75AA-9A8A-4D81-90DA-B6A142CE9650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{85971A93-7030-4B52-990D-4964049DFBA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [TCP Query User{FD8964F3-87D0-4B6F-8706-BD7C26870380}C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe] => (Allow) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [UDP Query User{6E6FDA34-EE71-4381-ABA8-5E707ED6BEF2}C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe] => (Allow) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{69372F78-1902-4515-8A22-41D1902E7E7E}] => (Block) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{75E00305-4C7E-425B-B771-AF4C76F517F9}] => (Block) C:\program files (x86)\sega\alien isolation digital deluxe edition\ai.exe
FirewallRules: [{651A19BB-93C7-4E4E-B9CE-BC245A95CE2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8ADDE872-63AB-415A-BF13-1E5C92A7DA34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{C1A7E3B1-B8C8-4B4C-AEEF-88B9396D7FF0}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0880F2DB-3933-4DEE-B652-8994C543847C}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{FEC5614C-216E-4750-AB64-71059ADFD07B}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{95B0FB50-AE5E-434F-8C19-18497177D1B8}] => (Block) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{AA667116-44BE-45BA-B1FB-4935866E0BE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [{C8507694-C710-449A-9357-DF812A119239}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [TCP Query User{08B55094-D962-4E51-9C57-44D671DC9CB2}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{3F0E93A0-4864-446E-8FEC-584D0759FB63}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{6AEB0EF1-36BE-4FD7-8E79-5025A55EC5DE}] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{0145E563-365B-42DA-A65E-F99E6F549C5A}] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{14F87017-D04F-43A7-B84A-8F27B790FEC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{8FADF7D0-20F8-490F-A708-594EF2FE6ED2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{C0C199F5-B5FF-4028-9C62-66604D656789}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AB76A023-C6BC-4443-9675-449322DEC40C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE118CC1-371D-47F4-9ACD-BEFA15C24D25}] => (Allow) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D9F9E8AA-EE74-40D8-8146-AD771315A3D6}] => (Allow) C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F0A2767C-6102-417D-BBA4-AB917322B4AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6C97930-AA77-46A4-A37B-5E7B981953E4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BD0EBA53-7A43-4679-91C4-6C5BEB93ED3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{76DCD92B-C738-4816-B103-9C1992CF683A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6D10FC8F-FAF9-4D0E-91EE-B3C727B75ECB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D756A500-06A5-41E4-A969-817C906D3B61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7CE746FD-8DF3-409C-B2A2-85D1F2E7CF55}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{25C2597F-3138-459B-BFCA-DDE931CCE96B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{708D95C2-4468-41BC-B868-DA559109A5A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{4F2DE8DA-C82C-435B-8ADC-8E7E62CABECB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{303C31BF-2487-46B5-982F-C9361D875D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{DEE798ED-6ACB-4FF8-9BBD-B54B1E7B8697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27B8A254-33DD-4D52-AC62-0E79DD9141A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe

==================== Faulty Device Manager Devices =============

Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HD WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros Bluetooth Bus
Description: Qualcomm Atheros Bluetooth Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_BUS
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2015 07:29:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (10/05/2015 06:23:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/05/2015 06:23:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3ccb2d52-19df-498d-923d-620d67feddce}

Error: (10/05/2015 05:26:26 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : (u'Device Profile Push Failure, {"FaultCode":"DPM-22999","IsClientFault":false,"UserMessage":"An error occurred at backend in device profile service"}', HTTPError('500 Server Error: Internal Server Error',))

Error: (10/01/2015 05:26:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/30/2015 04:19:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 41.0.0.5738 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a5c

Start Time: 01d0fa5dce7189bf

Termination Time: 93

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 82a9658e-67b0-11e5-82e6-206a8a9c1774

Faulting package full name:

Faulting package-relative application ID:

Error: (09/29/2015 09:15:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 4.8.207.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bb0

Start Time: 01d0fb1d59de9ad1

Termination Time: 4294967295

Application Path: C:\Program Files\Windows Defender\MSASCui.exe

Report Id: bad4552a-6710-11e5-82e6-206a8a9c1774

Faulting package full name:

Faulting package-relative application ID:

Error: (09/29/2015 05:19:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:15:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (09/29/2015 05:13:40 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8


System errors:
=============
Error: (10/07/2015 05:45:27 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/07/2015 05:44:57 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/06/2015 03:40:15 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/06/2015 03:39:45 AM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/05/2015 06:41:15 PM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/05/2015 06:40:45 PM) (Source: DCOM) (EventID: 10010) (User: ACERX64)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/05/2015 05:27:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Update Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/05/2015 05:20:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:28:46 PM on ‎10/‎4/‎2015 was unexpected.

Error: (10/04/2015 10:48:26 PM) (Source: DCOM) (EventID: 10005) (User: ACERX64)
Description: 1068upnphostUnavailable{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (10/04/2015 10:48:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058


CodeIntegrity:
===================================
  Date: 2015-10-05 18:42:25.572
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-04 04:10:32.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-02 06:00:22.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-10-01 05:55:32.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-29 02:05:56.864
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-28 05:53:51.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-27 04:30:11.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-22 04:08:56.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-18 05:40:53.828
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-30 00:10:20.690
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16307.27 MB
Available physical RAM: 12401.63 MB
Total Virtual: 18739.27 MB
Available Virtual: 14658.18 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.15 GB) (Free:38.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2C7C75A4)

Partition: GPT.

==================== End of Addition.txt ============================



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,013 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:34 PM

Posted 09 October 2015 - 04:13 PM

GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 hehathledger

hehathledger
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 14 October 2015 - 07:00 PM

Alright, Heres the eset logs...
I will say this in foreword, there were alot of results but to me they are MOSTLY false-positive. hence the "Potentially Unwanted Program"
I know this community does not endorse the use of cracks or pirated software, but in this case I understand the risks of using such software.

The ONLY result here I'm surprised about is this:
\Wave.Arts.Tube.Saturator.v1.33.x32.x64.Incl.Keygen.WIN.rar    a variant of Generik.GUYUUZJ trojan
I am aware that the 0day/warez community spreads malware in this fashion and there is a certain amount of risk involved in using cracked software...Usually though, they end up getting nuked or reported on forums or whatever. I guess I need to be a bit more careful in the future. I'm all ears, but if my 2 cent opinion matters, I dont think that this was the surface vector for infection. Please let me know. I thought I should also mention that I DO visit adult oriented websites (xvideos.com) for example, and i DO frequent on IRC on some known "dangerous" networks, like eftnet. In my mind, it seems much more likely that I have been rooted by hanging out on IRC or visiting shady XXX sites. I'm being as transparent as I can be with you, albeit it is sort of embarrassing. I really just want to get rid of this rat/rootkit/whatever. Thanks again for your help

eset log:
C:\backup\etc\Ableton Live 9 Suite v9.0.5 - Win.x64 - Incl. patch\WiN.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\backup\temp\Ableton.Live.9.0.6.WIN.x64.Incl.Patch\Ableton.Live.9.0.6.x64.WIN.Incl.Patch.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\backup\temp\Ableton.Live.9.0.6.WIN.x64.Incl.Patch\patch\Ableton LivePatch [io].exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Program Files (x86)\BANDAI NAMCO Games\DARK SOULS - Prepare To Die Edition\DATA\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Program Files (x86)\inXile Entertainment\Wasteland 2\Build\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Sandbox\tony\DefaultBox\user\current\AppData\Local\Temp\SBIE_Temp\1d0428e476113f2\Keygen.exe    a variant of Win32/Keygen.HU potentially unsafe application
C:\Sandbox\tony\DefaultBox\user\current\AppData\Local\Temp\SBIE_Temp\1d0428fd5d071fd\Keygen.exe    a variant of Win32/Keygen.HU potentially unsafe application
C:\Sandbox\tony\DefaultBox\user\current\AppData\Local\Temp\SBIE_Temp\1d0428fdd63fece\Keygen.exe    a variant of Win32/Keygen.HU potentially unsafe application
C:\Sandbox\tony\DefaultBox\user\current\Desktop\SONY.Sound.Forge.Pro.11.0.build.293.incl.keygen\Sony.Products.Multikeygen\di-spm40.zip    a variant of Win32/Keygen.HU potentially unsafe application
C:\Sandbox\tony\DefaultBox\user\current\Desktop\SONY.Sound.Forge.Pro.11.0.build.293.incl.keygen\Sony.Products.Multikeygen\Keygen.exe    a variant of Win32/Keygen.HU potentially unsafe application
C:\Users\tony\AppData\Roaming\mIRC\downloads\burn\Dark.Souls.Prepare.to.Die.Edition.MULTi9-PROPHET\ppt-dspd.iso    a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\tony\AppData\Roaming\mIRC\downloads\burn\Wasteland.2.MULTi7-PROPHET\ppt-wld2.iso    a variant of Win32/HackTool.Crack.CS potentially unsafe application
C:\Users\tony\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\tony\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe    a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\tony\Desktop\dump2\dump\ftp\00%VST\Ableton.Live.9.Suite.v9.2.1.x86.Incl.iO.Patch\Ableton.Live.9.Suite.v9.2.1.x86.Incl.iO.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\tony\Desktop\dump2\dump\ftp\00%VST\Wave.Arts.Tube.Saturator.v1.33.x32.x64.Incl.Keygen.WIN.MAC\Wave.Arts.Tube.Saturator.v1.33.x32.x64.Incl.Keygen.WIN.rar    a variant of Generik.GUYUUZJ trojan
C:\Users\tony\Desktop\dump2\dump\ftp\Ableton.Live.Suite.v9.1.7.x64.Incl.IO.Patch\Ableton LivePatch [io].zip    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\tony\Desktop\dump2\dump\ftp\Ableton.Live.Suite.v9.1.7.x64.Incl.IO.Patch\asr64.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\tony\Desktop\dump2\dump\ftp\Ableton.Live.Suite.v9.2.Final.WIN.x64\Ableton.Live.Suite.v9.2.Final.WIN.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\tony\Desktop\dump2\dump\ftp\Ableton.Live.Suite.v9.2.Final.WIN.x64\Patch\Ableton LivePatch [io].exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\tony\Desktop\dump2\dump\ftp\SONY.Sound.Forge.Pro.11.0.build.293.incl.keygen\SONY.Sound.Forge.Pro.11.0.build.293.incl.keygen.part1.rar    a variant of Win32/Keygen.HU potentially unsafe application
C:\Users\tony\Downloads\uTorrent.exe    a variant of Win32/OpenCandy.C potentially unsafe application

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users