Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

gamersinfo.org

malware popups

  • This topic is locked This topic is locked
19 replies to this topic

#1 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 31 December 2014 - 11:33 AM

This started a couple of days ago. I rebooted my computer and Firefox loads with a gamersinfo.org tab. I am not sure how it got loaded. Anyway here are the logs that were requested when I start a new topic. I have run Malwarebytes, and spybot.

 

aswMBR version 1.0.1.2252 Copyright© 2014
AVAST Software Run date: 2014-12-31 10:21:05 ----------------------------- 10:21:05.351 OS Version: Windows x64 6.2.9200
10:21:05.351 Number of processors: 4 586
0x2A07 10:21:05.352 ComputerName: DANS-PC UserName:
Dan's 10:21:06.573 Initialize success 10:21:06.636 VM: initialized successfully 10:21:06.636 VM: Intel CPU supported
10:21:12.805 VM: disk I/O iaStor.sys 10:23:00.079 AVAST engine defs: 14123100 10:24:04.487 Disk 0 (boot)
\Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 10:24:04.487 Disk 0 Vendor: SAMSUNG_ 1AJ1
Size: 953869MB BusType: 3 10:24:04.487 Disk 1 \Device\Harddisk1\DR1 ->
\Device\Ide\IAAStorageDevice-2 10:24:04.487 Disk 1 Vendor: SAMSUNG_ 1AQ1
Size: 1907729MB BusType: 3 10:24:04.675 Disk 0 MBR read successfully 10:24:04.675 Disk 0 MBR scan 10:24:04.690 Disk 0 Windows 7 default MBR
code 10:24:04.690 Disk 0 Partition 1 80 (A) 07
HPFS/NTFS NTFS 953867 MB offset 2048 10:24:04.706 Disk 0 scanning
C:\WINDOWS\system32\drivers 10:24:16.144 Service scanning 10:24:37.676 Modules scanning 10:24:37.676 Disk 0 trace - called modules: 10:24:37.676 ntoskrnl.exe CLASSPNP.SYS
disk.sys ACPI.sys iaStor.sys hal.dll
10:24:37.692 1 nt!IofCallDriver ->
\Device\Harddisk0\DR0[0xffffe000d67cd360] 10:24:37.692 3 CLASSPNP.SYS[fffff8002d491170]
-> nt!IofCallDriver -> [0xffffe000d515adc0] 10:24:37.707 5 ACPI.sys[fffff8002d2fdc21] ->
nt!IofCallDriver ->
\Device\Ide\IAAStorageDevice-1[0xffffe000d5155050] 10:24:38.707 AVAST engine scan C:\WINDOWS 10:24:41.254 AVAST engine scan
C:\WINDOWS\system32 10:27:15.526 AVAST engine scan
C:\WINDOWS\system32\drivers 10:27:27.979 AVAST engine scan C:\Users\Dan's 10:56:39.919 File:
C:\Users\Dan's\Documents\Rainmeter\Skins\@Backup\Kotoko
4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe **INFECTED**
Win32:Dropper-gen [Drp] 10:57:20.749 File:
C:\Users\Dan's\Documents\Rainmeter\Skins\Kotoko
4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe **INFECTED**
Win32:Dropper-gen [Drp] 11:00:26.568 File:
C:\Users\Dan's\Downloads\Richard_Kadrey_-_[Sandman_Slim_06]_-_The_Getaway_God_(epub).epub.exe
**INFECTED** Win32:Adware-gen [Adw] 11:03:22.621 AVAST engine scan C:\ProgramData 11:04:54.828 Disk 0 statistics 5909456/0/0 @
323.38 MB/s 11:04:54.828 Scan finished successfully 11:20:36.759 Disk 0 MBR has been saved
successfully to "C:\Users\Dan's\Desktop\MBR.dat" 11:20:36.759 The log file has been saved
successfully to "C:\Users\Dan's\Desktop\aswMBR.txt"

----------------

 

Scan result of Farbar Recovery Scan Tool
(FRST.txt) (x64) Version: 28-12-2014 Ran by Dan's (administrator) on DANS-PC on
31-12-2014 11:22:42 Running from C:\Users\Dan's\Desktop Loaded Profile: Dan's (Available profiles:
Dan's) Platform: Windows 8.1 Pro (X64) OS Language:
English (United States) Internet Explorer Version 11 (Default browser:
FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted)
=================

(If an entry is included in the fixlist, the
process will be closed. The file will not be moved.)

(Microsoft Corporation)
C:\Windows\System32\dasHost.exe (Hewlett-Packard Company) C:\Program Files
(x86)\Common Files\LightScribe\LSSrvc.exe (PC Pitstop LLC) C:\Program Files
(x86)\PCPitstop\Super Shield\PCPitstopRTService.exe (PC Pitstop LLC) C:\Program Files
(x86)\PCPitstop\PCPitstopScheduleService.exe (Cyber Power Systems, Inc.) C:\Program Files
(x86)\CyberPower PowerPanel Personal Edition\ppped.exe (Microsoft Corporation)
C:\Windows\System32\alg.exe () C:\Program Files
(x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (Intel Corporation) C:\Program Files
(x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Program Files
(x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (ASUSTeK Computer Inc.) C:\Program Files
(x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (Microsoft Corporation)
C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTeK Computer Inc.) C:\Program Files
(x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe (PeerBlock, LLC) C:\Program
Files\PeerBlock\peerblock.exe (ASUSTeK Computer Inc.) C:\Program Files
(x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.) C:\Program Files
(x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) C:\Program Files
(x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (IvoSoft) C:\Program Files\Classic
Shell\ClassicStartMenu.exe (ASUSTeK Computer Inc.) C:\Program Files
(x86)\ASUS\AI Suite II\AI Suite II.exe (Microsoft Corporation)
C:\Windows\System32\SkyDrive.exe (ASUSTeK Computer Inc.) C:\Program Files
(x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (Logitech Inc.) C:\Program Files\Logitech Gaming
Software\LCore.exe (Logitech Inc.) C:\Program Files\Logitech Gaming
Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech Gaming
Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming
Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming
Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming
Software\Applets\LCDRSS.exe (NVIDIA Corporation) C:\Program Files
(x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Siber Systems) C:\Program Files (x86)\Siber
Systems\AI RoboForm\robotaskbaricon.exe (Mozilla Corporation) C:\Program Files
(x86)\Mozilla Firefox\firefox.exe (Secunia) C:\Program Files
(x86)\Secunia\PSI\psi_tray.exe (PC Pitstop LLC) C:\Program Files
(x86)\PCPitstop\Info Center\InfoCenter.exe () C:\Program Files\Rainmeter\Rainmeter.exe (Renesas Electronics Corporation) C:\Program
Files (x86)\Renesas Electronics\USB 3.0 Host Controller
Driver\Application\nusb3mon.exe (Cyber Power Systems, Inc.) C:\Program Files
(x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Renesas Electronics Corporation) C:\Program
Files (x86)\Renesas Electronics\USB 3.0 Host Controller
Driver\Application\rusb3mon.exe (Safer-Networking Ltd.) C:\Program Files
(x86)\Spybot - Search & Destroy 2\SDTray.exe (PC Pitstop LLC) C:\Program Files
(x86)\PCPitstop\Super Shield\PCMaticRT.exe (Microsoft Corporation)
C:\Windows\System32\SettingSyncHost.exe () C:\Program
Files\WindowsApps\Microsoft.WordamentTapSnap_1.0.2.0_x86__8wekyb3d8bbwe\SnapAttackWin8.1.exe (Microsoft Corporation) C:\Program
Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe



==================== Registry (Whitelisted)
==================

(If an entry is included in the fixlist, the
registry item will be restored to default or removed. The file will
not be moved.)

HKLM\...\Run: [Eraser] => C:\Program
Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [Launch LCore] => C:\Program
Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28]
(Logitech Inc.) HKLM\...\Run: [Nvtmru] => "C:\Program
Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [Classic Start Menu] =>
C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984
2014-04-20] (IvoSoft) HKLM\...\Run: [Windows Mobile Device Center] =>
C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft
Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files
(x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472
2014-12-12] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] =>
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [amd_dc_opt] => C:\Program
Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22]
(AMD) HKLM-x32\...\Run: [IAStorIcon] => C:\Program
Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
[284440 2011-04-29] (Intel Corporation) HKLM-x32\...\Run: [Info Center] => C:\Program
Files (x86)\PCPitstop\Info Center\InfoCenter.exe [27328 2012-08-31]
(PC Pitstop LLC) HKLM-x32\...\Run: [NUSB3MON] => C:\Program
Files (x86)\Renesas Electronics\USB 3.0 Host Controller
Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas
Electronics Corporation) HKLM-x32\...\Run: [PowerPanel Personal Edition
User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel
Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power
Systems, Inc.) HKLM-x32\...\Run: [PWRISOVM.EXE] =>
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-05-30]
(Power Software Ltd) HKLM-x32\...\Run: [RUSB3MON] => C:\Program
Files (x86)\Renesas Electronics\USB 3.0 Host Controller
Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas
Electronics Corporation) HKLM-x32\...\Run: [ACSW17EN] => C:\Program
Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984
2013-09-25] (ACD Systems) HKLM-x32\...\Run: [SDTray] => C:\Program
Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576
2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\Run: [PC MaticRT] => C:\Program
Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1728624 2014-12-01]
(PC Pitstop LLC) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll
[X] HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run:
[Driver Detective] => C:\Program Files (x86)\PC Drivers
HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
[3988888 2013-09-27] (PC Drivers Headquarters) HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run:
[PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992
2014-01-14] (PeerBlock, LLC) HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run:
[RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe
[495616 2007-09-02] () HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run:
[RoboForm] => C:\Program Files (x86)\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe [110160 2014-11-27] (Siber Systems) HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run:
[CMD] => cmd.exe /c start http://ooov.net && exit <=====
ATTENTION HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
F - "F:\Setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
I - "I:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
J - "J:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
{49ae9a59-728c-11e4-bf99-002683146b5b} - "J:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
{5fadc030-fca3-11e3-bf62-002683146b5b} - "I:\LG_PC_Programs.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
{829b14fe-ed42-11e3-bf52-bcaec57615fd} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
{958b714d-f737-11e3-bf60-002683146b5b} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2:
{ce37d1d1-ef88-11e3-bf53-bcaec57615fd} - "I:\LGAutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk ->
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup:
C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product
Registration.lnk -> C:\Program Files (x86)\Common
Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) Startup:
C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program
Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: [ShareOverlay] ->
{594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic
Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay]
-> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program
Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Group Policy on Chrome detected
<======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy
restriction <======= ATTENTION

==================== Internet (Whitelisted)
====================

(If an item is included in the fixlist, if it is
a registry item it will be removed or restored to default.)

HKU\S-1-5-21-490156171-3473242110-392294870-1000\Software\Microsoft\Internet
Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp BHO: No Name ->
{0877c1fc-19c6-4fe2-8e3d-699d8edb2964} -> C:\Program Files
(x86)\Ginger\GingerIEAddin\adxloader64.dll No File BHO: ExplorerBHO Class ->
{449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic
Shell\ClassicExplorer64.dll (IvoSoft) BHO: RoboForm Toolbar Helper ->
{724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files
(x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: Java™ Plug-In SSV Helper ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program
Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper ->
{DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program
Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class ->
{EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic
Shell\ClassicIEDLL_64.dll (IvoSoft) BHO: Adblock Plus for IE Browser Helper Object
-> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program
Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: ExplorerBHO Class ->
{449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic
Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Groove GFS Browser Helper ->
{4DB74D06-491C-440D-305E-012400990F3E} ->
C:\WINDOWS\SysWOW64\api-ms--win-service-management-l1-1-0.dll () BHO-x32: RoboForm Toolbar Helper ->
{724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files
(x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Java™ Plug-In SSV Helper ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files
(x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper ->
{DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files
(x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class ->
{EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic
Shell\ClassicIEDLL_32.dll (IvoSoft) BHO-x32: Adblock Plus for IE Browser Helper
Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program
Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Toolbar: HKLM - &RoboForm Toolbar -
{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber
Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM - Classic Explorer Bar -
{553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic
Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - &RoboForm Toolbar -
{724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber
Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - Classic Explorer Bar -
{553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic
Shell\ClassicExplorer32.dll (IvoSoft) Toolbar:
HKU\S-1-5-21-490156171-3473242110-392294870-1000 -> &RoboForm
Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files
(x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) DPF: HKLM-x32
{0D41B8C5-2599-4893-8183-00195EC8D5F9}
http://support.asus....k_sys_ctrl3.cab DPF: HKLM-x32
{0E5F0222-96B9-11D3-8997-00104BD12D94}
http://utilities.pcp...ols/pcmatic.cab DPF: HKLM-x32
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}
http://quickscan.bit...m/qsax/qsax.cab Winsock: Catalog5 07 C:\Program Files
(x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll
[24320] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program
Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll
[26368] (National Instruments Corporation) Hosts: There are more than one entry in Hosts.
See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox: ======== FF ProfilePath:
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default FF NewTab: https://privatelee.qrobe.it/ FF DefaultSearchEngine: qrobe.it (HTTPS) FF SelectedSearchEngine: qrobe.it (HTTPS) FF Homepage: privatelee.qrobe.it FF NetworkProxy: "no_proxies_on",
"localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer ->
C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 ->
C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
(Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2
-> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle
Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 ->
c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll (
Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer ->
C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel
WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel®
Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel
Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel
WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management
Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32:
@java.com/DTPlugin,version=11.25.2 -> C:\Program Files
(x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle
Corporation) FF Plugin-x32:
@java.com/JavaPlugin,version=11.25.2 -> C:\Program Files
(x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0
-> c:\Program Files (x86)\Microsoft
Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32:
@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files
(x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF Plugin-x32: @siber.com/RoboForm ->
C:\Program Files (x86)\Siber Systems\AI
RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.) FF Plugin
HKU\S-1-5-21-490156171-3473242110-392294870-1000:
@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files
(x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF Plugin
HKU\S-1-5-21-490156171-3473242110-392294870-1000:
gingersoftware.com/gingerPlugin -> C:\Program Files
(x86)\Ginger\GingerServices\GingerServicesProxy.dll No File FF user.js: detected! =>
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files
(x86)\mozilla firefox\plugins\nplv2011win32.dll (National
Instruments) FF Plugin ProgramFiles/Appdata: C:\Program Files
(x86)\mozilla firefox\plugins\nplv2012win32.dll (National
Instruments) FF SearchPlugin:
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\searchplugins\qrobeit-https.xml FF Extension: Fire IE -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\fireie@fireie.org
[2014-12-19] FF Extension: HTTPS-Everywhere -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\https-everywhere@eff.org
[2014-10-15] FF Extension: Hola Better Internet -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014-12-30] FF Extension: NetVideoHunter -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\netvideohunter@netvideohunter.com
[2014-07-28] FF Extension: ColorfulTabs -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2014-12-17] FF Extension: Empty Cache Button -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2014-09-13] FF Extension: Default Full Zoom Level -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2014-10-26] FF Extension: Disconnect -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\2.0@disconnect.me.xpi
[2014-05-13] FF Extension: Add-on Compatibility Reporter -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\compatibility@addons.mozilla.org.xpi
[2014-05-22] FF Extension: YouTube HTML5 Switch -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-coCUQ7NySNPcj72dA3557kKXGZU@jetpack.xpi
[2013-06-18] FF Extension: AdF.ly Skipper ★WORKING★ -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi
[2014-07-29] FF Extension: Enhanced Steam -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi
[2014-03-07] FF Extension: Honey -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi
[2014-12-19] FF Extension: YouTube Center -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi
[2014-01-29] FF Extension: Lazarus: Form Recovery -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazarus@interclue.com.xpi
[2013-03-11] FF Extension: Lazy Click -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazyclick@tmarki.com.xpi
[2013-03-11] FF Extension: Long URL Please -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\longurlplease@darragh.curran.xpi
[2013-11-15] FF Extension: Masking Agent -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\maskingagent@basa.nl.xpi
[2013-03-21] FF Extension: No Small Text -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\nosmalltext@pjs.nl.xpi
[2014-11-06] FF Extension: Stealthy -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\stealthyextension@gmail.com.xpi
[2014-07-10] FF Extension: Google Translator for Firefox -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\translator@zoli.bod.xpi
[2013-03-11] FF Extension: imagiris -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\user@imagiris.txt.xpi
[2013-03-11] FF Extension: Resurrect Pages -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
[2013-03-11] FF Extension: URL Fixer -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi
[2013-03-11] FF Extension: Easy YouTube Video Downloader -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013-08-12] FF Extension: Adblock Plus -
C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014-11-12] FF Extension: Ginger - C:\Program Files
(x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com
[2014-11-10] FF Extension: Ginger - Grammar and Spell Checker
- C:\Program Files (x86)\Mozilla
Firefox\extensions\firefox@gingersoftware.com [2014-11-10] FF HKLM-x32\...\Firefox\Extensions:
[{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files
(x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox -
C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-03-11] FF
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Firefox\Extensions:
[{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files
(x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======

==================== Services (Whitelisted)
=================

(If an entry is included in the fixlist, the
service will be removed from the registry. The file will not be moved
unless listed separately.)

R3 asComSvc; C:\Program Files
(x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-11] () R3 asHmComSvc; C:\Program Files
(x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-11] (ASUSTeK
Computer Inc.) S3 AsSysCtrlService; C:\Program Files
(x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120
2013-03-11] (ASUSTeK Computer Inc.) S3 AsusFanControlService; C:\Program Files
(x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
[1475744 2013-11-02] (ASUSTeK Computer Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll
[324608 2014-10-28] (Microsoft Corporation) S3 DAUpdaterSvc; C:\Program Files
(x86)\Steam\steamapps\common\Dragon Age Ultimate
Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-04-23]
(BioWare) S3 Futuremark SystemInfo Service; C:\Program
Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28]
(Futuremark) S3 GalaxyService; C:\Program Files
(x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com) S3 GfExperienceService; C:\Program Files\NVIDIA
Corporation\GeForce Experience Service\GfExperienceService.exe
[1148560 2014-12-12] (NVIDIA Corporation) R3 ICCS; C:\Program Files (x86)\Intel\Intel®
Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27]
(Intel Corporation) [File not signed] S3 jhi_service; C:\Program Files
(x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
[166720 2012-06-25] (Intel Corporation) R2 LightScribeService; C:\Program Files
(x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16]
(Hewlett-Packard Company) [File not signed] S3 LkCitadelServer;
C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National
Instruments, Inc.) S3 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe
[50328 2012-06-05] (National Instruments Corporation) S3 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe
[60568 2012-06-05] (National Instruments Corporation) S3 NIApplicationWebServer; C:\Program Files
(x86)\National Instruments\Shared\NI
WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National
Instruments Corporation) S4 NIApplicationWebServer64; C:\Program
Files\National Instruments\Shared\NI
WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National
Instruments Corporation) S3 NIDomainService; C:\Program Files
(x86)\National Instruments\Shared\Security\nidmsrv.exe [370328
2012-06-05] (National Instruments Corporation) S3 NILM License Manager; C:\Program Files
(x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
[1427688 2010-08-02] (Macrovision Corporation) S3 nimDNSResponder; C:\Program Files
(x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
[258776 2012-05-31] (National Instruments Corporation) S3 niSvcLoc; C:\Program Files (x86)\National
Instruments\Shared\NI WebServer\SystemWebServer.exe [53952
2012-05-22] (National Instruments Corporation) S3 NvNetworkService; C:\Program Files
(x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520
2014-12-12] (NVIDIA Corporation) S3 NvStreamSvc; C:\Program Files\NVIDIA
Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA
Corporation) S3 Origin Client Service; C:\Program Files
(x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic
Arts) R2 PCPitstop Realtime; C:\Program Files
(x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [605808
2014-12-01] (PC Pitstop LLC) R2 PCPitstop Scheduling; C:\Program Files
(x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-05-30] (PC
Pitstop LLC) R2 ppped; C:\Program Files (x86)\CyberPower
PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber
Power Systems, Inc.) S3 SDScannerService; C:\Program Files
(x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168
2014-06-24] (Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files
(x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408
2014-06-27] (Safer-Networking Ltd.) S3 SDWSCService; C:\Program Files (x86)\Spybot -
Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25]
(Safer-Networking Ltd.) S3 Secunia PSI Agent; C:\Program Files
(x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) S3 Secunia Update Agent; C:\Program Files
(x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) S3 WdNisSvc; C:\Program Files\Windows
Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows
Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) S3 GingerUpdateService; "C:\Program Files
(x86)\Ginger\GingerUpdateService\GingerUpdateService.exe" [X]

==================== Drivers (Whitelisted)
====================

(If an entry is included in the fixlist, the
service will be removed from the registry. The file will not be moved
unless listed separately.)

S3 andnetadb;
C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18]
(Google Inc) S3 AndNetDiag;
C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG
Electronics Inc.) S3 AndNetDiag2;
C:\Windows\system32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18]
(LG Electronics Inc.) S3 ANDNetModem;
C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28]
(LG Electronics Inc.) R3 arusb_win7x;
C:\Windows\system32\DRIVERS\arusb_win7x.sys [769024 2010-02-23]
(Atheros Communications, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys
[15232 2012-08-22] () R1 AsUpIO;
C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] () R3 DIRECTIO; C:\Program
Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] () S3 gfiark;
C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23]
(ThreatTrack Security) R3 LGSHidFilt;
C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30]
(Logitech Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA
Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA
Corporation) R3 nvvad_WaveExtensible;
C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA
Corporation) R3 pbfilter; C:\Program
Files\PeerBlock\pbfilter.sys [22600 2014-01-14] () S3 PSI;
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03]
(Secunia) S3 PTQHBUS;
C:\Windows\System32\drivers\PTQHBUS.sys [69264 2009-12-15] (DEVGURU
Co., LTD.) S3 WdNisDrv;
C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21]
(Microsoft Corporation) S3 cpuz136;
\??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X] U3 DfSdkS; No ImagePath S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X] U3 aswMBR;
\??\C:\Users\Dan's\AppData\Local\Temp\aswMBR.sys [X] U3 aswVmm;
\??\C:\Users\Dan's\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted)
===================

(If an item is included in the fixlist, it will
be removed from the registry. Any associated file could be listed
separately to be moved.)



==================== One Month Created Files and
Folders ========

(If an entry is included in the fixlist, the
file\folder will be moved.)

2014-12-31 11:22 - 2014-12-31 11:23 - 00028270
_____ () C:\Users\Dan's\Desktop\FRST.txt 2014-12-31 11:21 - 2014-12-31 11:22 - 00000000
____D () C:\FRST 2014-12-31 11:21 - 2014-12-31 11:21 - 02123264
_____ (Farbar) C:\Users\Dan's\Desktop\FRST64.exe 2014-12-31 11:20 - 2014-12-31 11:20 - 00002622
_____ () C:\Users\Dan's\Desktop\aswMBR.txt 2014-12-31 11:20 - 2014-12-31 11:20 - 00000512
_____ () C:\Users\Dan's\Desktop\MBR.dat 2014-12-31 10:20 - 2014-12-31 10:20 - 05198336
_____ (AVAST Software) C:\Users\Dan's\Desktop\aswMBR.exe 2014-12-31 09:44 - 2014-12-31 09:44 - 00000000
____D () C:\Users\Dan's\Documents\PassMark 2014-12-31 09:32 - 2014-12-31 10:27 - 00031832
_____ () C:\Users\Dan's\AppData\Local\Temp\Dan's.bmp 2014-12-30 23:43 - 2014-12-30 23:43 - 00006002
_____ () C:\WINDOWS\system32\PTHQsetup_20141230.log 2014-12-30 23:38 - 2014-12-30 23:38 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-30 22:15 - 2014-12-30 22:14 - 00450892
____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221533.backup 2014-12-30 22:14 - 2014-12-14 12:39 - 00450892
____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221456.backup 2014-12-30 21:34 - 2014-12-30 21:34 - 00001343
_____ () C:\Users\Public\Desktop\GeForce Experience.lnk 2014-12-30 21:34 - 2014-12-30 21:34 - 00000000
____D () C:\WINDOWS\LastGood 2014-12-30 21:34 - 2014-12-30 21:34 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA
Corporation 2014-12-30 21:34 - 2014-12-13 02:03 - 00062608
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2014-12-30 21:34 - 2014-12-12 18:11 - 02824504
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2014-12-30 21:34 - 2014-12-12 18:11 - 02210040
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2014-12-30 21:34 - 2014-12-12 18:11 - 01715224
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2014-12-30 21:34 - 2014-12-12 18:11 - 01291464
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 32099472
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 25460552
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 24764232
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 20465808
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 18594432
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 17264312
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 16040184
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 14128496
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 13288360
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 13202520
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 10770120
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 10710160
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 10345280
_____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2014-12-30 21:33 - 2014-12-13 04:08 - 03610440
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 03293136
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 03248968
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 02897824
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 01895056
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 01556624
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00994384
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00968336
_____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00942400
_____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00928072
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00906560
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00876976
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00834880
_____ () C:\WINDOWS\system32\nvmcumd.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00353224
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00306328
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00178632
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00165760
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2014-12-30 21:33 - 2014-12-13 04:08 - 00027983
_____ () C:\WINDOWS\system32\nvinfo.pb 2014-12-30 21:33 - 2014-11-22 04:46 - 00038032
_____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2014-12-30 21:33 - 2014-11-22 04:46 - 00035472
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2014-12-30 21:33 - 2014-11-22 04:46 - 00032400
_____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2014-12-30 21:28 - 2014-12-30 21:30 - 307606328
_____ (NVIDIA Corporation)
C:\Users\Dan's\Downloads\347.09-desktop-win8-win7-winvista-64bit-international-whql.exe 2014-12-30 19:57 - 2014-12-13 02:03 - 06859408
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2014-12-30 19:55 - 2014-12-30 19:55 - 00000000
____D () C:\WINDOWS\LastGood.Tmp 2014-12-30 18:20 - 2014-12-30 18:20 - 00000008
_____ () C:\Users\Dan's\Documents\oliveranch order.txt 2014-12-30 10:24 - 2014-12-30 10:41 - 341142420
_____ () C:\Users\Dan's\Downloads\Sting - Live 60th birthday concert
NY Beacon Theatre 1 october 2011.mp4 2014-12-30 09:04 - 2014-12-30 09:04 - 00000902
_____ () C:\Users\Public\Desktop\calibre 64bit - E-book
management.lnk 2014-12-30 08:56 - 2014-12-30 08:56 - 68653056
_____ () C:\Users\Dan's\Downloads\calibre-64bit-2.14.0.msi 2014-12-28 18:18 - 2014-12-28 18:20 - 34305058
_____ () C:\Users\Dan's\Downloads\torbrowser-install-4.0.2_en-US.exe 2014-12-28 14:40 - 2014-12-28 14:48 - 443555719
_____ () C:\Users\Dan's\Downloads\N7_2013_tools20140228.zip 2014-12-28 14:40 - 2014-12-28 14:40 - 23590680
_____ (深圳瓶子科技有限公司)
C:\Users\Dan's\Downloads\ShuameSetup_2.0.3.exe 2014-12-28 14:39 - 2014-12-28 14:43 - 281012968
_____ ()
C:\Users\Dan's\Downloads\miui_Nexus7_4.8.22_396a8fe8f5_4.4.zip 2014-12-27 20:25 - 2014-12-27 20:25 - 04551776
_____ (Krzysztof Kowalczyk)
C:\Users\Dan's\Downloads\SumatraPDF-3.0-install.exe 2014-12-27 19:36 - 2014-12-27 19:36 - 00000951
_____ () C:\Users\Public\Desktop\Tagman.lnk 2014-12-27 19:36 - 2014-12-27 19:36 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\Abelssoft 2014-12-27 19:36 - 2014-12-27 19:36 - 00000000
____D () C:\ProgramData\XDMessagingv4 2014-12-27 19:36 - 2014-12-27 19:36 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tagman 2014-12-27 19:36 - 2014-12-27 19:36 - 00000000
____D () C:\Program Files (x86)\Tagman 2014-12-27 19:35 - 2014-12-27 19:35 - 00001090
_____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-27 19:35 - 2014-11-21 06:14 - 00093400
_____ (Malwarebytes Corporation)
C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-12-27 19:35 - 2014-11-21 06:14 - 00064216
_____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-12-27 19:35 - 2014-11-21 06:14 - 00025816
_____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-12-27 17:38 - 2014-12-27 17:39 - 26498368
_____ (Abelssoft ) C:\Users\Dan's\Downloads\TAGMAN_2015.exe 2014-12-26 23:26 - 2014-12-26 23:26 - 00000000
____D () C:\Users\Dan's\Documents\My Cheat Tables 2014-12-24 20:57 - 2014-12-24 20:57 - 17102864
_____ (Electronic Arts, Inc.)
C:\Users\Dan's\Downloads\OriginThinSetup.exe 2014-12-24 19:35 - 2014-12-24 19:35 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity
2000 Special Edition 2014-12-24 19:24 - 2014-12-24 19:24 - 00001330
_____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk 2014-12-24 19:24 - 2014-12-24 19:24 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon
Age Inquisition 2014-12-24 14:58 - 2014-12-24 19:34 - 00000000
____D () C:\Program Files (x86)\Origin Games 2014-12-24 14:57 - 2014-12-24 15:22 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\Origin 2014-12-24 14:55 - 2014-12-30 21:52 - 00000000
____D () C:\Program Files (x86)\Origin 2014-12-24 14:55 - 2014-12-24 14:55 - 00000951
_____ () C:\Users\Public\Desktop\Origin.lnk 2014-12-24 14:55 - 2014-12-24 14:55 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-12-22 11:23 - 2014-11-10 18:39 - 22290560
_____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-12-22 11:22 - 2014-12-22 11:22 - 00060416
_____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-12-22 11:22 - 2014-12-22 11:22 - 00051712
_____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2014-12-22 11:22 - 2014-12-22 11:22 - 00025600
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-12-22 11:22 - 2014-12-22 11:22 - 00017408
_____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2014-12-22 11:22 - 2014-11-17 14:17 - 00672984
_____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-12-22 11:22 - 2014-11-17 14:17 - 00273240
_____ (Microsoft Corporation)
C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-12-22 11:22 - 2014-11-15 13:05 - 00801584
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2014-12-22 11:22 - 2014-11-15 00:29 - 00962216
_____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2014-12-22 11:22 - 2014-11-14 08:36 - 00055776
_____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-12-22 11:22 - 2014-11-14 01:10 - 03558400
_____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-12-22 11:22 - 2014-11-14 00:58 - 00116736
_____ (Microsoft Corporation)
C:\WINDOWS\system32\SystemSettingsDatabase.dll 2014-12-22 11:22 - 2014-11-14 00:58 - 00035840
_____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-12-22 11:22 - 2014-11-14 00:57 - 01027584
_____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-12-22 11:22 - 2014-11-14 00:57 - 00140288
_____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-12-22 11:22 - 2014-11-14 00:54 - 00463872
_____ (Microsoft Corporation)
C:\WINDOWS\system32\SystemSettings.Handlers.dll 2014-12-22 11:22 - 2014-11-14 00:54 - 00407552
_____ (Microsoft Corporation)
C:\WINDOWS\system32\WUSettingsProvider.dll 2014-12-22 11:22 - 2014-11-14 00:54 - 00095744
_____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-12-22 11:22 - 2014-11-14 00:53 - 00894976
_____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-12-22 11:22 - 2014-11-14 00:52 - 01714176
_____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-12-22 11:22 - 2014-11-14 00:46 - 02171904
_____ (Microsoft Corporation)
C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-12-22 11:22 - 2014-11-14 00:46 - 01091072
_____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-12-22 11:22 - 2014-11-14 00:39 - 02819584
_____ (Microsoft Corporation)
C:\WINDOWS\system32\SettingsHandlers.dll 2014-12-22 11:22 - 2014-11-13 23:04 - 00029696
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-12-22 11:22 - 2014-11-13 23:03 - 00885760
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-12-22 11:22 - 2014-11-13 23:03 - 00124928
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-12-22 11:22 - 2014-11-13 23:01 - 00723968
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-12-22 11:22 - 2014-11-13 23:01 - 00081920
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-12-22 11:22 - 2014-11-13 22:53 - 00790528
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-12-22 11:22 - 2014-11-10 18:17 - 19731824
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-12-22 11:22 - 2014-11-10 12:06 - 02485056
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-12-22 11:22 - 2014-11-10 12:06 - 00473408
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2014-12-22 11:22 - 2014-11-10 12:06 - 00428864
_____ (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-12-22 11:22 - 2014-11-10 12:06 - 00136512
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2014-12-22 11:22 - 2014-11-09 20:57 - 00096768
_____ (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\agilevpn.sys 2014-12-22 11:22 - 2014-11-09 19:37 - 00845312
_____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2014-12-22 11:22 - 2014-11-09 19:34 - 01084416
_____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2014-12-22 11:22 - 2014-11-09 19:26 - 00422400
_____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2014-12-22 11:22 - 2014-11-09 19:20 - 00420864
_____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2014-12-22 11:22 - 2014-11-09 19:09 - 00272384
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2014-12-22 11:22 - 2014-11-09 19:08 - 00702464
_____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2014-12-22 11:22 - 2014-11-09 19:06 - 00713216
_____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2014-12-22 11:22 - 2014-11-09 18:57 - 00624640
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2014-12-22 11:22 - 2014-11-09 18:57 - 00561664
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2014-12-22 11:22 - 2014-11-08 04:42 - 01390928
_____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2014-12-22 11:22 - 2014-11-08 04:23 - 01127976
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2014-12-22 11:22 - 2014-11-07 22:00 - 00072192
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2014-12-22 11:22 - 2014-11-07 22:00 - 00024576
_____ (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\ndistapi.sys 2014-12-22 11:22 - 2014-11-07 21:58 - 00112640
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2014-12-22 11:22 - 2014-11-07 21:58 - 00080896
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2014-12-22 11:22 - 2014-11-07 21:56 - 00048128
_____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp 2014-12-22 11:22 - 2014-11-07 21:56 - 00043008
_____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll 2014-12-22 11:22 - 2014-11-07 21:56 - 00030208
_____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll 2014-12-22 11:22 - 2014-11-07 21:24 - 00077824
_____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll 2014-12-22 11:22 - 2014-11-07 21:13 - 00039424
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp 2014-12-22 11:22 - 2014-11-07 21:13 - 00033280
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll 2014-12-22 11:22 - 2014-11-07 21:13 - 00022528
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll 2014-12-22 11:22 - 2014-11-07 20:48 - 00061440
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll 2014-12-22 11:22 - 2014-11-07 20:38 - 00166912
_____ (Microsoft Corporation)
C:\WINDOWS\system32\AppxAllUserStore.dll 2014-12-22 11:22 - 2014-11-07 20:17 - 00143360
_____ (Microsoft Corporation)
C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2014-12-22 11:22 - 2014-11-07 20:09 - 00182784
_____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2014-12-22 11:22 - 2014-11-07 20:03 - 00733696
_____ (Microsoft Corporation)
C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-12-22 11:22 - 2014-11-07 19:59 - 00162304
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2014-12-22 11:22 - 2014-11-07 19:58 - 04837376
_____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-12-22 11:22 - 2014-11-07 19:49 - 01154048
_____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-12-22 11:22 - 2014-11-06 21:58 - 00952896
_____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2014-12-22 11:22 - 2014-11-06 21:20 - 00786120
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-12-22 11:22 - 2014-11-04 20:12 - 00211968
_____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL 2014-12-22 11:22 - 2014-11-04 20:12 - 00128000
_____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL 2014-12-22 11:22 - 2014-11-04 20:06 - 00514048
_____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2014-12-22 11:22 - 2014-11-04 19:44 - 00657920
_____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2014-12-22 11:22 - 2014-11-04 19:43 - 00252416
_____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2014-12-22 11:22 - 2014-11-04 19:41 - 00558080
_____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2014-12-22 11:22 - 2014-11-04 19:39 - 00155648
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL 2014-12-22 11:22 - 2014-11-04 19:39 - 00094208
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL 2014-12-22 11:22 - 2014-11-04 19:33 - 00465408
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2014-12-22 11:22 - 2014-11-04 19:21 - 00658432
_____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2014-12-22 11:22 - 2014-11-04 19:20 - 00498688
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2014-12-22 11:22 - 2014-11-04 19:18 - 00507392
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2014-12-22 11:22 - 2014-11-04 19:14 - 00309760
_____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-12-22 11:22 - 2014-11-04 19:06 - 00555520
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2014-12-22 11:22 - 2014-11-04 13:33 - 00058176
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2014-12-22 11:22 - 2014-11-04 13:25 - 00059712
____C (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\kbdclass.sys 2014-12-22 11:22 - 2014-11-04 13:25 - 00051008
____C (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\mouclass.sys 2014-12-22 11:22 - 2014-11-04 00:55 - 00026112
____C (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\sermouse.sys 2014-12-22 11:22 - 2014-11-04 00:54 - 00108544
____C (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\i8042prt.sys 2014-12-22 11:22 - 2014-11-04 00:54 - 00032256
____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys 2014-12-22 11:22 - 2014-11-04 00:54 - 00030208
____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2014-12-22 11:22 - 2014-11-04 00:27 - 00128512
_____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2014-12-22 11:22 - 2014-11-03 23:01 - 00827392
_____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2014-12-22 11:22 - 2014-10-30 18:51 - 18823168
_____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-12-22 11:22 - 2014-10-30 18:10 - 15158784
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-12-22 11:22 - 2014-10-29 23:55 - 07473472
_____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-12-22 11:22 - 2014-10-29 23:47 - 01499384
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2014-12-22 11:22 - 2014-10-29 23:41 - 01733952
_____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2014-12-22 11:22 - 2014-10-28 21:05 - 00551232
____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2014-12-22 11:22 - 2014-10-28 20:02 - 00285184
_____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2014-12-22 11:22 - 2014-10-28 20:02 - 00013312
_____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2014-12-22 11:22 - 2014-10-28 19:57 - 00016896
_____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2014-12-22 11:22 - 2014-10-28 19:55 - 00242176
_____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2014-12-22 11:22 - 2014-10-28 19:15 - 00014336
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2014-12-22 11:22 - 2014-10-28 19:15 - 00005632
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2014-12-22 11:22 - 2014-10-28 19:14 - 00004096
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2014-12-22 11:22 - 2014-10-28 19:13 - 00169984
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2014-12-22 11:22 - 2014-10-28 19:13 - 00025600
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2014-12-22 11:22 - 2014-10-28 19:13 - 00008704
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2014-12-22 11:22 - 2014-10-26 16:10 - 00390841
_____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-12-22 11:22 - 2014-10-20 19:59 - 00016896
_____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll 2014-12-22 11:22 - 2014-10-20 19:19 - 00015360
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll 2014-12-22 11:22 - 2014-10-20 18:50 - 00074752
_____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll 2014-12-22 11:22 - 2014-10-20 18:31 - 01574400
_____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll 2014-12-22 11:22 - 2014-10-20 18:31 - 00055296
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll 2014-12-22 11:22 - 2014-10-20 18:30 - 01454080
_____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2014-12-22 11:22 - 2014-10-20 18:20 - 01142272
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll 2014-12-22 11:22 - 2014-10-16 22:56 - 00238912
____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2014-12-22 11:22 - 2014-10-16 22:56 - 00153920
____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2014-12-22 11:22 - 2014-10-16 22:56 - 00039744
____C (Microsoft Corporation)
C:\WINDOWS\system32\Drivers\intelpep.sys 2014-12-22 11:22 - 2014-10-16 21:35 - 00086336
_____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-12-20 12:47 - 2014-12-20 12:47 - 00244104
_____ () C:\Users\Dan's\Downloads\Firefox Setup Stub 34.0.5.exe 2014-12-17 19:29 - 2014-12-17 19:29 - 00003828
_____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate
1383541367 2014-12-17 19:29 - 2014-12-17 19:29 - 00001017
_____ () C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Opera.lnk 2014-12-16 20:42 - 2014-12-16 20:42 - 00000000
____D () C:\Users\Dan's\Downloads\Dragon Age Inquisition V1.01
Trainer +15 MrAntiFun 2014-12-15 16:48 - 2014-12-15 16:48 - 00001704
_____ () C:\Users\Dan's\Desktop\Play FINAL FANTASY XIII.lnk 2014-12-15 11:23 - 2014-12-15 11:23 - 00000045
_____ () C:\Users\Dan's\Documents\blood test numbers 121614.txt 2014-12-14 16:40 - 2014-12-14 16:40 - 00001116
_____ () C:\Users\Dan's\Desktop\Final Fantasy XIII-2.lnk 2014-12-14 16:40 - 2014-12-14 16:40 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final
Fantasy XIII-2 2014-12-14 16:30 - 2014-12-14 16:57 - 00000000
____D () C:\Program Files (x86)\Final Fantasy XIII-2 2014-12-14 12:39 - 2014-12-14 12:39 - 00450892
____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123928.backup 2014-12-14 12:39 - 2014-12-01 00:45 - 00450892
____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123903.backup 2014-12-13 18:38 - 2014-12-30 21:35 - 00000000
____D () C:\ProgramData\Origin 2014-12-13 18:38 - 2014-12-24 14:55 - 00000000
____D () C:\ProgramData\Electronic Arts 2014-12-13 11:20 - 2014-11-26 15:10 - 00714720
_____ (Adobe Systems Incorporated)
C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-12-13 11:20 - 2014-11-26 15:10 - 00106976
_____ (Adobe Systems Incorporated)
C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-13 11:17 - 2014-11-21 21:13 - 25059840
_____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-12-13 11:17 - 2014-11-21 20:50 - 00580096
_____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-12-13 11:17 - 2014-11-21 20:49 - 02885120
_____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-12-13 11:17 - 2014-11-21 20:49 - 00417280
_____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-12-13 11:17 - 2014-11-21 20:48 - 00088064
_____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-12-13 11:17 - 2014-11-21 20:35 - 00812544
_____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-12-13 11:17 - 2014-11-21 20:34 - 06039552
_____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-12-13 11:17 - 2014-11-21 20:22 - 19749376
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-12-13 11:17 - 2014-11-21 20:08 - 00092160
_____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-12-13 11:17 - 2014-11-21 20:07 - 00501248
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-12-13 11:17 - 2014-11-21 20:06 - 00340992
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-12-13 11:17 - 2014-11-21 20:06 - 00145408
_____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-12-13 11:17 - 2014-11-21 20:05 - 00316928
_____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-12-13 11:17 - 2014-11-21 20:05 - 00064000
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-12-13 11:17 - 2014-11-21 20:01 - 02277888
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-12-13 11:17 - 2014-11-21 19:59 - 01032704
_____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-12-13 11:17 - 2014-11-21 19:55 - 00661504
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-12-13 11:17 - 2014-11-21 19:52 - 00262144
_____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-12-13 11:17 - 2014-11-21 19:49 - 00800768
_____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-12-13 11:17 - 2014-11-21 19:49 - 00718848
_____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-12-13 11:17 - 2014-11-21 19:49 - 00373760
_____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-12-13 11:17 - 2014-11-21 19:46 - 02125312
_____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-12-13 11:17 - 2014-11-21 19:43 - 14412800
_____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-12-13 11:17 - 2014-11-21 19:35 - 00076288
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-12-13 11:17 - 2014-11-21 19:34 - 00128000
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-12-13 11:17 - 2014-11-21 19:33 - 00285696
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-12-13 11:17 - 2014-11-21 19:29 - 04299264
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-12-13 11:17 - 2014-11-21 19:29 - 00880128
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-12-13 11:17 - 2014-11-21 19:28 - 02358272
_____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-12-13 11:17 - 2014-11-21 19:25 - 00230400
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-12-13 11:17 - 2014-11-21 19:23 - 00688640
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-12-13 11:17 - 2014-11-21 19:23 - 00326656
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-12-13 11:17 - 2014-11-21 19:22 - 02052096
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-12-13 11:17 - 2014-11-21 19:15 - 01548288
_____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-12-13 11:17 - 2014-11-21 19:13 - 12836864
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-12-13 11:17 - 2014-11-21 19:03 - 00800768
_____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-12-13 11:17 - 2014-11-21 19:00 - 01888256
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-12-13 11:17 - 2014-11-21 18:56 - 01307136
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-12-13 11:17 - 2014-11-21 18:54 - 00710144
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-12-13 11:17 - 2014-10-30 17:39 - 01970432
_____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2014-12-13 11:17 - 2014-10-30 17:38 - 01612992
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2014-12-13 11:17 - 2014-10-30 16:37 - 00129536
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-12-13 11:17 - 2014-10-30 16:34 - 00146432
_____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-12-13 11:16 - 2014-11-09 20:29 - 00034304
_____ (Microsoft Corporation)
C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2014-12-13 11:16 - 2014-11-09 19:51 - 00028672
_____ (Microsoft Corporation)
C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-13 11:16 - 2014-11-06 22:16 - 01762840
_____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2014-12-13 11:16 - 2014-11-06 21:26 - 01489072
_____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2014-12-12 20:51 - 2014-12-12 20:51 - 00000000
____D () C:\Users\Dan's\Documents\Egosoft 2014-12-12 20:48 - 2014-12-12 20:50 - 00000000
____D () C:\editing 2014-12-12 20:40 - 2014-12-12 20:40 - 00001219
_____ () C:\Users\Dan's\Desktop\X Rebirth The Teladi Outpost.lnk 2014-12-12 20:40 - 2014-12-12 20:40 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\by.xatab 2014-12-12 20:33 - 2014-12-12 20:51 - 00000000
____D () C:\Program Files (x86)\X Rebirth The Teladi Outpost 2014-12-12 10:14 - 2014-12-12 10:14 - 18119856
_____ (Adobe Systems Incorporated)
C:\Users\Dan's\Downloads\install_flash_player.exe 2014-12-06 00:35 - 2014-12-06 00:35 - 00190428
_____ () C:\Users\Dan's\Downloads\UIT_IphStich.zip 2014-12-04 21:01 - 2014-12-04 21:01 - 30134887
_____ () C:\Users\Dan's\Downloads\Episode 63 Billy Gibbons Live From
Daryl's House with Daryl Hall Current Episode.mp4 2014-12-01 14:17 - 2014-04-15 12:02 - 00082872
_____ (GFI Software) C:\WINDOWS\system32\Drivers\sbapifs.sys 2014-12-01 00:45 - 2014-12-01 00:45 - 00450892
____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141201-004531.backup 2014-12-01 00:45 - 2014-12-01 00:37 - 00450892
____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141201-004500.backup 2014-12-01 00:37 - 2014-08-18 09:43 - 00450770
____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141201-003756.backup

==================== One Month Modified Files
and Folders =======

(If an entry is included in the fixlist, the
file\folder will be moved.)

2014-12-31 11:23 - 2014-05-04 13:40 - 00000000
____D () C:\Users\Dan's\AppData\Local\Temp\Temp 2014-12-31 11:22 - 2013-03-11 14:11 - 00000000
____D () C:\ProgramData\PCPitstopDat 2014-12-31 11:12 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\AppReadiness 2014-12-31 11:11 - 2013-03-11 09:43 - 00003594
_____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache
Files-S-1-5-21-490156171-3473242110-392294870-1000 2014-12-31 11:06 - 2014-06-06 00:23 - 01960707
_____ () C:\WINDOWS\WindowsUpdate.log 2014-12-31 11:02 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\system32\sru 2014-12-31 10:27 - 2013-12-17 10:13 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\ClassicShell 2014-12-31 09:57 - 2014-06-18 16:25 - 00000374
_____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job 2014-12-31 09:57 - 2013-12-31 08:52 - 00000000
___DO () C:\Users\Dan's\SkyDrive 2014-12-31 09:57 - 2013-03-11 14:30 - 00000000
____D () C:\Program Files\PeerBlock 2014-12-31 09:55 - 2014-08-01 12:58 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\Tropico 4 2014-12-31 09:55 - 2013-03-11 10:53 - 00000000
____D () C:\Program Files (x86)\Steam 2014-12-31 09:43 - 2013-10-22 17:54 - 00000000
____D () C:\Program Files (x86)\OCCT 2014-12-31 09:31 - 2013-03-11 14:01 - 00000000
____D () C:\ProgramData\PCPitstop 2014-12-31 09:29 - 2013-03-11 09:56 - 00000000
____D () C:\Program Files (x86)\CyberPower PowerPanel Personal
Edition 2014-12-31 09:04 - 2014-11-24 14:05 - 00000374
_____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics 2014-12-31 09:04 - 2013-08-22 08:45 - 00000006
____H () C:\WINDOWS\Tasks\SA.DAT 2014-12-31 09:03 - 2013-08-22 07:25 - 00524288
___SH () C:\WINDOWS\system32\config\BBI 2014-12-31 00:47 - 2014-07-15 23:01 - 00129752
_____ (Malwarebytes Corporation)
C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-31 00:34 - 2013-03-11 16:56 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\uTorrent 2014-12-30 23:45 - 2014-08-07 17:27 - 00000000
____D () C:\Program Files (x86)\Maxis 2014-12-30 23:44 - 2013-08-12 21:57 - 00000000
_____ () C:\conmgr.log 2014-12-30 23:44 - 2013-03-11 10:21 - 00000000
___HD () C:\Program Files (x86)\InstallShield Installation
Information 2014-12-30 23:39 - 2014-01-15 13:58 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Steam 2014-12-30 21:36 - 2013-12-31 01:14 - 00000000
____D () C:\ProgramData\NVIDIA Corporation 2014-12-30 21:34 - 2014-06-09 04:30 - 00004979
_____ () C:\WINDOWS\setupact.log 2014-12-30 21:34 - 2013-12-31 01:14 - 00000000
____D () C:\ProgramData\NVIDIA 2014-12-30 21:34 - 2013-12-31 01:13 - 00000000
____D () C:\Program Files\NVIDIA Corporation 2014-12-30 21:34 - 2013-12-31 01:13 - 00000000
____D () C:\Program Files (x86)\NVIDIA Corporation 2014-12-30 20:46 - 2014-06-08 21:47 - 00208890
_____ () C:\WINDOWS\PFRO.log 2014-12-30 20:45 - 2013-12-31 01:22 - 00000000
____D () C:\Users\Dan's 2014-12-30 09:07 - 2014-06-07 16:14 - 00000000
____D () C:\Users\Dan's\Documents\Calibre Library 2014-12-30 09:04 - 2014-06-07 16:11 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre
64bit - E-book Management 2014-12-30 09:04 - 2014-06-07 16:11 - 00000000
____D () C:\Program Files\Calibre2 2014-12-28 18:24 - 2014-06-07 20:11 - 00000000
____D () C:\Users\Dan's\Desktop\Tor Browser 2014-12-28 17:16 - 2013-03-12 10:44 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\MediaMonkey 2014-12-28 00:53 - 2014-01-19 14:38 - 00409904
_____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-12-28 00:52 - 2014-07-15 23:01 - 00000000
____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-27 20:25 - 2013-03-11 16:09 - 00001903
_____ () C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\SumatraPDF.lnk 2014-12-27 19:36 - 2014-09-18 21:30 - 00092160
___SH () C:\Users\Dan's\Desktop\Thumbs.db 2014-12-27 19:35 - 2014-07-15 23:01 - 00000000
____D () C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Malwarebytes Anti-Malware 2014-12-24 19:24 - 2013-03-11 15:23 - 00000000
____D () C:\ProgramData\Package Cache 2014-12-24 15:09 - 2013-02-01 11:59 - 00000000
____D () C:\Temp 2014-12-22 12:39 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\rescache 2014-12-22 11:33 - 2013-03-11 10:56 - 00000000
____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-22 11:30 - 2013-08-22 09:36 - 00000000
___RD () C:\WINDOWS\ToastData 2014-12-22 11:30 - 2013-08-22 09:36 - 00000000
___RD () C:\WINDOWS\ImmersiveControlPanel 2014-12-22 11:30 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\SysWOW64\setup 2014-12-22 11:30 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\system32\setup 2014-12-22 11:23 - 2012-07-26 01:59 - 00000000
____D () C:\WINDOWS\CbsTemp 2014-12-20 18:38 - 2014-10-23 18:35 - 00001787
_____ () C:\Users\Dan's\Desktop\Play Civilization Beyond Earth.lnk 2014-12-20 18:38 - 2014-10-23 18:35 - 00000966
_____ () C:\Users\Dan's\Desktop\visit www.nosteam.ro.lnk 2014-12-20 18:36 - 2013-01-15 20:52 - 00000000
____D () C:\Games 2014-12-20 12:48 - 2014-11-10 11:59 - 00000000
____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-20 12:48 - 2013-03-11 10:56 - 00001137
_____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla
Firefox.lnk 2014-12-20 12:48 - 2013-03-11 10:56 - 00001125
_____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-17 19:29 - 2013-11-03 23:02 - 00000000
____D () C:\Program Files (x86)\Opera 2014-12-14 13:10 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\PolicyDefinitions 2014-12-14 13:09 - 2014-03-28 10:43 - 00004438
_____ () C:\WINDOWS\wininit.ini 2014-12-14 13:09 - 2013-03-11 12:51 - 00000000
____D () C:\ProgramData\Spybot - Search & Destroy 2014-12-14 12:46 - 2013-06-28 10:47 - 00000000
____D () C:\GOG Games 2014-12-13 19:22 - 2013-12-11 19:06 - 00000000
____D () C:\Users\Dan's\Documents\BioWare 2014-12-13 11:23 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\system32\sr-Latn-RS 2014-12-13 11:23 - 2013-08-22 09:36 - 00000000
____D () C:\WINDOWS\system32\sr-Latn-CS 2014-12-13 11:23 - 2013-08-13 12:11 - 00000000
____D () C:\WINDOWS\system32\MRT 2014-12-13 11:20 - 2013-03-11 11:34 - 112710672
_____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-12-13 04:08 - 2014-09-19 23:37 - 00074056
_____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2014-12-13 04:08 - 2014-09-19 23:37 - 00060560
_____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2014-12-13 02:03 - 2014-09-19 23:37 - 03513488
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2014-12-13 02:03 - 2014-09-19 23:37 - 00935240
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2014-12-13 02:03 - 2014-09-19 23:37 - 00386368
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2014-12-13 02:03 - 2013-03-11 11:27 - 02558608
_____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2014-12-12 20:48 - 2014-11-23 10:35 - 00000000
____D () C:\Users\Dan's\AppData\Roaming\Notepad++ 2014-12-12 20:44 - 2014-01-19 11:53 - 00000000
____D () C:\WINDOWS\SysWOW64\directx 2014-12-12 17:11 - 2014-09-19 23:37 - 04151176
_____ () C:\WINDOWS\system32\nvcoproc.bin 2014-12-11 22:07 - 2014-05-13 00:12 - 00000000
____D () C:\Users\Dan's\Documents\theRenamer 2014-12-07 18:43 - 2014-11-25 16:38 - 00000000
____D () C:\Program Files (x86)\SystemRequirementsLab 2014-12-07 18:43 - 2013-10-31 13:07 - 00000000
____D () C:\ProgramData\SystemRequirementsLab 2014-12-05 00:09 - 2013-09-29 22:04 - 00863592
_____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-12-04 19:34 - 2014-06-06 16:33 - 00000000
____D () C:\Users\Dan's\Documents\LG OSP 2014-12-04 18:10 - 2013-10-13 07:10 - 00000000
____D () C:\Users\Dan's\Documents\Telltale Games 2014-12-02 22:18 - 2014-11-29 01:21 - 191933275
_____ () C:\Users\Dan's\Downloads\Lynyrd Skynyrd - complete concert
from Winterland 1975.mp4 2014-12-01 00:31 - 2014-08-18 09:30 - 00000000
____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

Files to move or delete: ==================== C:\ProgramData\sdpsenv.dat



==================== Bamital & volsnap Check
=================

(There is no automatic fix for files that do not
pass verification.)

C:\Windows\System32\winlogon.exe => File is
digitally signed C:\Windows\System32\wininit.exe => File is
digitally signed C:\Windows\explorer.exe => File is digitally
signed C:\Windows\SysWOW64\explorer.exe => File is
digitally signed C:\Windows\System32\svchost.exe => File is
digitally signed C:\Windows\SysWOW64\svchost.exe => File is
digitally signed C:\Windows\System32\services.exe => File is
digitally signed C:\Windows\System32\User32.dll => File is
digitally signed C:\Windows\SysWOW64\User32.dll => File is
digitally signed C:\Windows\System32\userinit.exe => File is
digitally signed C:\Windows\SysWOW64\userinit.exe => File is
digitally signed C:\Windows\System32\rpcss.dll => File is
digitally signed C:\Windows\System32\Drivers\volsnap.sys =>
File is digitally signed



LastRegBack: 2014-12-31 09:29

==================== End Of Log
============================

 

------------

Additional scan result of Farbar Recovery Scan
Tool (x64) Version: 28-12-2014 Ran by Dan's at 2014-12-31 11:23:35 Running from C:\Users\Dan's\Desktop Boot Mode: Normal ==========================================================



==================== Security Center
========================

(If an entry is included in the fixlist, it will
be removed.)

AV: PC Matic Super Shield (Enabled - Up to date)
{A75D148F-9EA0-5C05-DCC3-E2888D63FFEC} AV: Windows Defender (Disabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: PC Matic Super Shield (Enabled - Up to date)
{1C3CF56B-B89A-538B-E673-D9FAF6E4B551} AS: Windows Defender (Disabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Up
to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs
======================

(Only the adware programs with "hidden"
flag could be added to the fixlist to unhide them. The adware
programs should be uninstalled manually.)

µTorrent
(HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\uTorrent)
(Version: 3.4.2.35702 - BitTorrent Inc.) 3DMark 11
(HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version:
1.0.132.0 - Futuremark) 3DMark 11 (Version: 1.0.132.0 - Futuremark)
Hidden 7-Zip 9.20 (x64 edition)
(HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0
- Igor Pavlov) ACBL Convention Card Editor
(HKLM-x32\...\Product_Name) (Version: - ) ACDSee 17
(HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version:
17.0.42 - ACD Systems International Inc.) Acoustica CD/DVD Label Maker
(HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version: - ) Adblock Plus for IE (32-bit and 64-bit)
(HKLM\...\{7FA52B15-7FC2-46E7-8791-5F46F069CC7C}) (Version: 1.0.541 -
Eyeo GmbH) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe
Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems
Incorporated) AI Suite II
(HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version:
2.00.01 - ASUSTeK Computer Inc.) Ashampoo WinOptimizer 11 v.11.0.1
(HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version:
11.0.1 - Ashampoo GmbH & Co. KG) Asmedia ASM104x USB 3.0 Host Controller Driver
(HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version:
1.16.4.0 - Asmedia Technology) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1)
(Version: 2.0.5 - Audacity Team) BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS
Development Team) Bridge Baron 22
(HKLM-x32\...\{B0C3F9C3-225A-4AA0-8A6E-28C7C116599E}) (Version:
22.00.01 - Great Game Products, Inc.) BVS Solitaire Collection version 7.6
(HKLM-x32\...\BVSSOL_is1) (Version: 7.6 - BVS Development
Corporation) calibre 64bit
(HKLM\...\{4D3E3E3F-5AE9-4D5A-AE74-9A979FC71F8E}) (Version: 2.14.0 -
Kovid Goyal) CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1)
(Version: - Henri Gourvest.) Character Control - Planescape Torment v1.0.3
(HKLM-x32\...\Character Control - Planescape Torment v1.0.3)
(Version: - ) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine
6.4_is1) (Version: - Cheat Engine) Classic Shell
(HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 -
IvoSoft) ConvertXtoDVD 4.1.19.365
(HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version:
4.1.19.365 - ) CyberPower PowerPanel Personal Edition 1.3.3
(HKLM-x32\...\{972F23F4-F293-4074-853D-125A59EB356D}) (Version: 1.3.3
- Cyber Power Systems, Inc.) Daum PotPlayer 1.5.37776 x64 Edition
(HKLM\...\PotPlayer64) (Version: - ) Dragon Age: Origins - Ultimate Edition
(HKLM-x32\...\Steam App 47810) (Version: - BioWare) Dragon Age™: Inquisition
(HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version:
1.0.0.3 - Electronic Arts) Driver Detective
(HKLM-x32\...\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}) (Version: 8.1 -
PC Drivers HeadQuarters) Dual-Core Optimizer
(HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version:
1.1.4.0169 - AMD) Electric Sheep 2.7b34c (HKLM-x32\...\Electric
Sheep) (Version: 2.7b34c - Electricsheep) EPSON WorkForce 500 Series Printer Uninstall
(HKLM\...\EPSON WorkForce 500 Series) (Version: - SEIKO EPSON
Corporation) Eraser 6.0.10.2620
(HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620
- The Eraser Project) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.)
Hidden EVGA OC Scanner X 3.3.0 (64-bit)
(HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: -
EVGA) FastStone Capture 7.4 (HKLM-x32\...\FastStone
Capture) (Version: 7.4 - FastStone Soft) FastStone Image Viewer 4.6
(HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft) FileBot
(HKLM\...\{15003E45-BBE8-4CAE-AA60-A56E3FC4E9BB}) (Version: 4.2 -
Reinhard Pointner) Final Fantasy XIII-2 (HKLM-x32\...\Final Fantasy
XIII-2_is1) (Version: - ) Fraps (remove only) (HKLM-x32\...\Fraps)
(Version: - ) Full Combat Rebalance v1.6a (HKLM-x32\...\Full
Combat Rebalance_is1) (Version: 1.6a - Andrzej Kwiatkowski) Futuremark SystemInfo
(HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version:
4.25.366 - Futuremark) Galaxy Client
(HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version:
0.1.0.456 - GOG.com) GOG.com Downloader version 3.6.0
(HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version:
3.6.0 - GOG.com) HI-TECH C Compiler for the PIC10/12/16 MCUs
V9.82PL0 (HKLM-x32\...\PICC 9.82) (Version: 9.82 - HI-TECH Software) HI-TECH C51-lite V9.60PL0 (HKLM-x32\...\HC51
9.60PL0) (Version: 9.60 - HI-TECH Software) I-Doser Premium (HKLM-x32\...\I-Doser) (Version:
5.0 - I-Doser.com) Intel® Control Center
(HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version:
1.2.1.1007 - Intel Corporation) Intel® Management Engine Components
(HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version:
8.1.0.1252 - Intel Corporation) Intel® Rapid Storage Technology
(HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version:
10.5.0.1026 - Intel Corporation) Intel® Watchdog Timer Driver (Intel® WDT)
(HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: -
Intel Corporation) Java 7 Update 71 (64-bit)
(HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 -
Oracle) Java 7 Update 72
(HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version:
7.0.720 - Oracle) Java 8 Update 25 (64-bit)
(HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 -
Oracle Corporation) Java 8 Update 25
(HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version:
8.0.250 - Oracle Corporation) JMicron JMB36X Driver
(HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version:
1.17.65.11 - JMicron Technology Corp.) jv16 PowerTools 2014 (HKLM-x32\...\jv16
PowerTools 2014) (Version: - Macecraft Software) LAME v3.99.3 (for Windows)
(HKLM-x32\...\LAME_is1) (Version: - ) LG On-Screen Phone (HKLM-x32\...\LG On-Screen
Phone) (Version: 4.2.001.140114 - LG Electronics) LG United Mobile Driver
(HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1
- LG Electronics) LGNPST Components
(HKLM-x32\...\{A2A9AF56-6ED2-436A-ADAF-9CAAFC9F7A6D}) (Version:
5.0.20.0 - LG Electronics) LGNPST for ACG
(HKLM-x32\...\{177AEA1B-2C52-4661-B120-F9CC66554615}) (Version: 2.2.3
- LG Electronics) LGNPST GenericModels
(HKLM-x32\...\{BAD75632-C312-4DBD-8A45-D70E1807C353}) (Version:
5.0.12.0 - LG Electronics) LibreOffice 4.0 Help Pack (English)
(HKLM-x32\...\{6B80B041-06E7-4EDB-B523-9397D1DF3684}) (Version:
4.0.1.2 - The Document Foundation) LibreOffice 4.2.4.2
(HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version:
4.2.4.2 - The Document Foundation) LightScribe Diagnostic Utility
(HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version:
1.18.27.10 - LightScribe) LightScribe System Software
(HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version:
1.18.27.10 - LightScribe) LightScribe Template Labeler
(HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version:
1.18.27.10 - LightScribe) Logitech Gaming Software 8.55 (HKLM\...\Logitech
Gaming Software) (Version: 8.55.137 - Logitech Inc.) Malwarebytes Anti-Malware version 2.0.4.1028
(HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 -
Malwarebytes Corporation) marvell 91xx driver (HKLM-x32\...\MagniDriver)
(Version: 1.1.0.6 - Marvell) Mass Effect (HKLM-x32\...\Steam App 17460)
(Version: - BioWare) Mass Effect 2 (HKLM-x32\...\Steam App 24980)
(Version: - BioWare) Math Kernel Libraries (64-bit) (Version:
1.0.23.0 - National Instruments) Hidden Math Kernel Libraries (x32 Version: 1.0.23.0 -
National Instruments) Hidden MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1)
(Version: 4.0 - Ventis Media Inc.) Microsoft ASP.NET MVC 4 Runtime
(HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version:
4.0.40804.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE
Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF})
(Version: 3.5.88.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace
(HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version:
3.5.50.0 - Microsoft Corporation) Microsoft Silverlight
(HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version:
8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version:
8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version:
8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336
- Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000
- Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64
9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE})
(Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64
9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6})
(Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64
9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4})
(Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86
9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4})
(Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475})
(Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
(Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F})
(Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64
10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7})
(Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86
10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
(Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64)
- 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6})
(Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86)
- 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a})
(Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64)
- 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e})
(Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86)
- 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9})
(Version: 12.0.21005.1 - Корпорация Майкрософт) Middle Earth Shadow of Mordor
(HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - ) mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC
Co. Ltd.) Movie Collector
(HKLM-x32\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:
- Collectorz.com) Mozilla Firefox 34.0.5 (x86 en-US)
(HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 -
Mozilla) Mozilla Maintenance Service
(HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP3 Parser
(HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version:
4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694)
(HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version:
4.30.2117.0 - Microsoft Corporation) MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1)
(Version: 2014 - Abelssoft) National Instruments Software (HKLM-x32\...\NI
Uninstaller) (Version: - National Instruments) Neverwinter Nights 2 Complete
(HKLM-x32\...\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 - GOG.com) Nexus Mod Manager
(HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.3
- Black Tree Gaming) NFOPad 1.66 (HKLM-x32\...\NFOPad) (Version: 1.66
- True Human Design) NI .NET Framework 4.0 (x32 Version: 4.01.49152 -
National Instruments) Hidden NI ActiveX Container (64-bit) (Version:
12.0.14.0 - National Instruments) Hidden NI ActiveX Container (x32 Version: 12.0.14.0 -
National Instruments) Hidden NI Authentication 12.0.0 (64-bit) (Version:
12.0.367.0 - National Instruments) Hidden NI Authentication 12.0.0 (x32 Version:
12.0.367.0 - National Instruments) Hidden NI Circuit Design Suite 12.0.1 Core (x32
Version: 12.0.923 - National Instruments) Hidden NI Circuit Design Suite 12.0.1 Pro (x32 Version:
12.0.923 - National Instruments) Hidden NI Circuit Design Suite 12.0.1 Pro Licenses (x32
Version: 12.0.923 - National Instruments) Hidden NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0 -
National Instruments) Hidden NI Curl 12.0.0 (x32 Version: 12.0.412.0 -
National Instruments) Hidden NI Error Reporting 2012 (x32 Version: 12.0.172.0
- National Instruments) Hidden NI EulaDepot (x32 Version: 3.10.392 - National
Instruments) Hidden NI Example Finder 12.0 (x32 Version: 12.0.291.0
- National Instruments) Hidden NI GMP Windows 32-bit Installer 12.0.0 (x32
Version: 12.0.46.0 - National Instruments) Hidden NI GMP Windows 64-bit Installer 12.0.0 (Version:
12.0.46.0 - National Instruments) Hidden NI Help Assistant (64bit) (Version: 1.0.11 -
National Instruments) Hidden NI Help Assistant (x32 Version: 1.0.11 -
National Instruments) Hidden NI LabVIEW 2011 Real-Time NBFifo (x32 Version:
11.0.250.0 - National Instruments) Hidden NI LabVIEW 2012 Deployment Framework (x32
Version: 12.0.369.0 - National Instruments) Hidden NI LabVIEW 2012 Real-Time NBFifo (x32 Version:
12.0.219.0 - National Instruments) Hidden NI LabVIEW 2012 Run-Time Engine Web Server (x32
Version: 12.0.406.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2011 SP1 (x32
Version: 11.0.448.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine 2012 (x32 Version:
12.0.381.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2011 (x32
Version: 11.0.449.0 - National Instruments) Hidden NI LabVIEW Run-Time Engine Interop 2012 (x32
Version: 12.0.150.0 - National Instruments) Hidden NI LabVIEW Web Server for Run-Time Engine (x32
Version: 11.0.375.0 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Analysis Library
(64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Analysis Library (x32
Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Low-Level Driver
(Original) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Low-Level Driver
(Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Network Variable
Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Network Variable
Library (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 Run-Time Engine
(64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 TDM Streaming Library
(64-bit) (Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI 2010 SP1 TDM Streaming Library
(x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI Run-Time Engine 2010 SP1
(Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32
Version: 10.0.1434 - National Instruments) Hidden NI License Manager (x32 Version: 3.7.44 -
National Instruments) Hidden NI Logos 5.4 (64-bit) (Version: 5.4.303.0 -
National Instruments) Hidden NI Logos 5.4 (x32 Version: 5.4.303.0 - National
Instruments) Hidden NI Logos XT Support (x32 Version: 5.4.295.0 -
National Instruments) Hidden NI Logos64 XT Support (Version: 5.4.295.0 -
National Instruments) Hidden NI Math Kernel Libraries (64-bit) (Version:
1.0.10.0 - National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.10.0
- National Instruments) Hidden NI Math Kernel Libraries (x32 Version: 1.0.861.0
- National Instruments) Hidden NI MAX Remote Configuration 64-bit Installer 5.0
(Version: 5.00.49153 - National Instruments) Hidden NI MAX Remote Configuration Installer 5.0 (x32
Version: 5.00.49153 - National Instruments) Hidden NI MDF Support (x32 Version: 3.10.392 - National
Instruments) Hidden NI mDNS Responder 2.1 for Windows 64-bit
(Version: 2.10.49152 - National Instruments) Hidden NI mDNS Responder 2.1.0 (x32 Version: 2.10.49152
- National Instruments) Hidden NI MetaSuite Installer (x32 Version: 3.10.393 -
National Instruments) Hidden NI NI LabVIEW 2011 SP1 Run-Time Engine
Non-English Support (x32 Version: 11.0.302.0 - National Instruments)
Hidden NI NI LabVIEW 2012 Run-Time Engine Non-English
Support. (x32 Version: 12.0.363.0 - National Instruments) Hidden NI SSL LabVIEW RTE 2012 Support (x32 Version:
12.0.125.0 - National Instruments) Hidden NI SSL Support (64-bit) (Version: 12.0.408.0 -
National Instruments) Hidden NI SSL Support (x32 Version: 12.0.408.0 -
National Instruments) Hidden NI System State Publisher (64-bit) (Version:
12.0.218.0 - National Instruments) Hidden NI System State Publisher (x32 Version:
12.0.358.0 - National Instruments) Hidden NI System Web Server 12.0 (x32 Version:
12.0.414.0 - National Instruments) Hidden NI System Web Server Base 12.0.0 (64-bit)
(Version: 12.0.407.0 - National Instruments) Hidden NI System Web Server Base 12.0.0 (x32 Version:
12.0.407.0 - National Instruments) Hidden NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0
- National Instruments) Hidden NI TDM Streaming 2.4 (x32 Version: 2.4.55.0 -
National Instruments) Hidden NI Trace Engine (64-bit) (Version: 12.0.401.0 -
National Instruments) Hidden NI Trace Engine (x32 Version: 12.0.401.0 -
National Instruments) Hidden NI Uninstaller (x32 Version: 3.10.392 - National
Instruments) Hidden NI Update Service 2.2.1 (x32 Version: 2.21.7.0 -
National Instruments) Hidden NI USI 2.0.0 (x32 Version: 2.0.04901 - National
Instruments) Hidden NI USI 2.0.0 64-Bit (Version: 2.0.04901 -
National Instruments) Hidden NI VC2005MSMs x64 (Version: 8.05.0 - National
Instruments) Hidden NI VC2005MSMs x86 (x32 Version: 8.05.0 -
National Instruments) Hidden NI VC2008MSMs x64 (Version: 9.0.401 - National
Instruments) Hidden NI VC2008MSMs x86 (x32 Version: 9.0.401 -
National Instruments) Hidden NI VC2010MSMs x64 (Version: 10.0.001 - National
Instruments) Hidden NI VC2010MSMs x86 (x32 Version: 10.0.001 -
National Instruments) Hidden NI Web Application Server 12.0 (64-bit)
(Version: 12.0.422.0 - National Instruments) Hidden NI Web Application Server 12.0 (x32 Version:
12.0.422.0 - National Instruments) Hidden NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 -
National Instruments) Hidden NI Web Pipeline 2.0.1 64-bit support (Version:
2.0.122.0 - National Instruments) Hidden NI-Mesa (Version: 11.0.11.0 - National
Instruments) Hidden NI-Mesa (x32 Version: 11.0.11.0 - National
Instruments) Hidden NirSoft Wireless Network Watcher
(HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version:
6.6.9 - Notepad++ Team) NVIDIA GeForce Experience 2.1.5
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience)
(Version: 2.1.5 - NVIDIA Corporation) NVIDIA Graphics Driver 347.09
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver)
(Version: 347.09 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX)
(Version: 9.14.0702 - NVIDIA Corporation) OCCT Perestroika 3.1.0 (HKLM-x32\...\OCCT_is1)
(Version: - Tetedeiench) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera
26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636
- Electronic Arts, Inc.) Overseer (HKLM-x32\...\Overseer_is1) (Version:
- GOG.com) PC Matic 1.1.0.50 (HKLM-x32\...\PC Matic_is1)
(Version: 1.1.0.50 - PC Pitstop LLC) PC Matic Super Shield 1.0.0.51 (HKLM-x32\...\PC
Pitstop SuperShield_is1) (Version: 1.0.0.51 - PC Pitstop LLC) PC Pitstop Info Center 1.0.0.16
(HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.16 - PC
Pitstop LLC.) PCMark 8
(HKLM-x32\...\{2e7be30e-4525-4b8d-94c1-abb05bbd6d30}) (Version:
2.0.204.0 - Futuremark) PCMark 8 (Version: 2.0.204.0 - Futuremark)
Hidden PeerBlock 1.2 (r693)
(HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version:
1.2.0.693 - PeerBlock, LLC) PerformanceTest v8.0 (HKLM\...\PerformanceTest
8_is1) (Version: 8.0.1018.0 - Passmark Software) Planescape Torment (HKLM-x32\...\Planescape
Torment_is1) (Version: - GOG.com) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.2 -
Power Software Ltd) PrivaZer (HKLM-x32\...\PrivaZer) (Version:
2.11.0.0 - Goversoft LLC) QuickTime Alternative 3.2.2
(HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - ) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1
r2290 - ) Realms of Arkania - Blade of Destiny For the
Gods DLC (HKLM-x32\...\UmVhbG1zb2ZBcmthbmlhQmxhZGVvZkRlc3Rpbnk=_is1)
(Version: 1 - ) Renesas Electronics USB 3.0 Host Controller
Driver
(HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE})
(Version: 3.0.23.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller
Driver
(HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996})
(Version: 2.1.39.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller
Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation)
Hidden Renesas Electronics USB 3.0 Host Controller
Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation)
Hidden Revo Uninstaller Pro 3.0.2
(HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2
- VS Revo Group, Ltd.) RivaTuner Statistics Server 6.0.0
(HKLM-x32\...\RTSS) (Version: 6.0.0 - Unwinder) RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI
RoboForm) (Version: 7-9-11-1 - Siber Systems) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1)
(Version: - Punk Software) RotWW FCR ENG
(HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\RotWW FCR ENG)
(Version: - ) SeaTools for Windows (HKLM-x32\...\SeaTools for
Windows) (Version: - Seagate Technology) Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia
PSI) (Version: 3.0.0.7011 - Secunia) Shadowrun Returns (HKLM-x32\...\Steam App
234650) (Version: - Harebrained Schemes) SHIELD Streaming (Version: 3.1.3000 - NVIDIA
Corporation) Hidden SHIELD Wireless Controller Driver (Version:
16.18.9 - NVIDIA Corporation) Hidden Should I Remove It
(HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Should I Remove
It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (x32 Version: 1.0.4 - Reason
Software Company Inc.) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam
App 8930) (Version: - 2K Games, Inc.) SimCity 2000 Special Edition
(HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version:
2.0.0.1 - Electronic Arts) Speccy (HKLM\...\Speccy) (Version: 1.23 -
Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan)
(Version: - ) Spybot - Search & Destroy
(HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version:
2.4.40 - Safer-Networking Ltd.) Steam
(HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version:
1.0.0.0 - Valve Corporation) Sublight (HKLM\...\Sublight_is1) (Version: 4 -
Sublight Labs) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version:
3.0 - Krzysztof Kowalczyk) System Ninja version 2.4.5
(HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version:
2.4.5 - SingularLabs) System Requirements Lab CYRI
(HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version:
6.0.21.0 - Husdawg, LLC) System Requirements Lab Detection
(HKLM-x32\...\{75AFA48E-C2C3-480A-8356-69006BCA8004}) (Version:
2.2.3.0 - Husdawg, LLC) Tagman (HKLM-x32\...\Tagman_is1) (Version: 1.34
- Abelssoft) Tesla Effect: A Tex Murphy Adventure
(HKLM-x32\...\VGVzbGFFZmZlY3RBVGV4TXVycGh5QWR2ZW50dXJl_is1) (Version:
1 - ) Tex Murphy 1 and 2
(HKLM-x32\...\GOGPACKTEX1AND2_is1) (Version: 2.0.0.70 - GOG.com) The Pandora Directive
(HKLM-x32\...\GOGPACKTEX4_is1) (Version: 2.0.0.12 - GOG.com) The Ultimate Troubleshooter (HKLM-x32\...\The
Ultimate Troubleshooter) (Version: - AnswersThatWork.com) The Walking Dead (HKLM-x32\...\Steam App 207610)
(Version: - ) The Walking Dead: Season Two (HKLM-x32\...\Steam
App 261030) (Version: - Telltale Games) The Witcher 2 - Assassins of Kings Enhanced
Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced
Edition_is1) (Version: - GOG.com) The Witcher Enhanced Edition Director's Cut
(HKLM-x32\...\The Witcher Enhanced Edition Director's Cut_is1)
(Version: - GOG.com) theRenamer 7.69
(HKLM-x32\...\{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1) (Version:
- theRenamer) TP-LINK Wireless Client Utility (x32 Version:
2.0 - TP-LINK) Hidden Tropico (HKLM-x32\...\Steam App 33520) (Version:
- PopTop Software) Tropico 2: Pirate Cove (HKLM-x32\...\Steam App
33530) (Version: - PopTop Software) Tropico 3 - Steam Special Edition
(HKLM-x32\...\Steam App 23490) (Version: - Haemimont Games) Tropico 3: Absolute Power (HKLM-x32\...\Steam
App 57600) (Version: - Haemimont Games) Tropico 4 (HKLM-x32\...\Steam App 57690)
(Version: - Haemimont Games) Tropico 5 v1.04 (Special Steam Edition)(3 DLC)
(HKLM-x32\...\Tropico 5 v1.04 (Special Steam Edition)(3 DLC)1.04)
(Version: 1.04 - Friends in War) Under a Killing Moon
(HKLM-x32\...\GOGPACKTEX3_is1) (Version: 2.0.0.10 - GOG.com) VC_CRT_x64 (Version: 1.02.0000 - Intel
Corporation) Hidden Wasteland 2 (HKLM-x32\...\1207665783_is1)
(Version: 2.0.0.8 - GOG.com) Watch Dogs (HKLM-x32\...\Watch Dogs_R.G.
Mechanics_is1) (Version: - R.G. Mechanics, spider91) Windows Mobile Device Center
(HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version:
6.1.6965.0 - Microsoft Corporation) Wise Disk Cleaner 7.97 (HKLM-x32\...\Wise Disk
Cleaner_is1) (Version: 7.97 - WiseCleaner.com, Inc.) X Rebirth The Teladi Outpost v.3.0.0.0
(HKLM-x32\...\X Rebirth The Teladi Outpost_is1) (Version: - ) XBMC
(HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\XBMC) (Version:
- Team XBMC) Xenonauts (HKLM-x32\...\Xenonauts_is1) (Version:
- ) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec
1.3.2) (Version: 1.3.2 - Xvid Team) Zip Motion Block Video codec (Remove Only)
(HKLM-x32\...\ZMBV) (Version: - DOSBox Team)

==================== Custom CLSID (selected
items): ==========================

(If an entry is included in the fixlist, it will
be removed from registry. Any eventual file will not be moved.)

CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{11FFBFC4-F659-4B0C-9AE5-F303D6388DE2}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{50816FB8-F732-4619-9AF6-1DE9BE6935AA}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{617D20C6-66F6-44E2-9029-5676DA09DF95}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{65530C01-AC04-408F-AC64-DF190D9C0A89}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{7321CFC2-9DBE-447D-95F9-6FB5DF021A83}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{77205869-4901-44E3-8294-2C9224A67FDF}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{7AD308AA-5926-43FA-859E-233559367132}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{8D8C3FC1-38EA-4376-B746-9F6D7E6326FF}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{9D786B21-D481-4737-8D7B-81662CEC5B64}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{9F06FCDF-2113-449D-B6CC-183EF2FE390F}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File CustomCLSID:
HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{DED1C6B0-D833-4AE1-91A3-0AAE902D515E}\InprocServer32
-> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File

==================== Restore Points
=========================

30-12-2014 09:04:12 Installed calibre 64bit 31-12-2014 09:31:34 PC Pitstop Restore Point

==================== Hosts content:
==========================

(If needed Hosts: directive could be included in
the fixlist to reset Hosts.)

2012-07-25 23:26 - 2014-12-30 22:15 - 00450892
____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1    www.007guard.com 127.0.0.1    007guard.com 127.0.0.1    008i.com 127.0.0.1    www.008k.com 127.0.0.1    008k.com 127.0.0.1    www.00hq.com 127.0.0.1    00hq.com 127.0.0.1    010402.com 127.0.0.1    www.032439.com 127.0.0.1    032439.com 127.0.0.1    www.0scan.com 127.0.0.1    0scan.com 127.0.0.1    www.1000gratisproben.com 127.0.0.1    1000gratisproben.com 127.0.0.1    1001namen.com 127.0.0.1    www.1001namen.com 127.0.0.1    100888290cs.com 127.0.0.1    www.100888290cs.com 127.0.0.1    www.100sexlinks.com 127.0.0.1    100sexlinks.com 127.0.0.1    www.10sek.com 127.0.0.1    10sek.com 127.0.0.1    www.1-2005-search.com 127.0.0.1    1-2005-search.com 127.0.0.1    www.123fporn.info 127.0.0.1    123fporn.info 127.0.0.1    123haustiereundmehr.com 127.0.0.1    www.123haustiereundmehr.com 127.0.0.1    123moviedownload.com

There are 1000 more lines.



==================== Scheduled Tasks
(whitelisted) =============

(If an entry is included in the fixlist, it will
be removed from registry. Any associated file could be listed
separately to be moved.)

Task: {167850C0-7BFB-4410-8DCE-602FB6F6EAFE} -
System32\Tasks\ShouldIRemoveIt => C:\Program Files
(x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-02-13]
(Reason Software Company Inc.) Task: {1806695A-1236-43B5-A313-4E74C6F1C1B5} -
System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh
immunization => C:\Program Files (x86)\Spybot - Search &amp;
Destroy 2\SDImmunize.exe Task: {23D35D23-5C50-4DB7-8CE1-8F94E53623C9} -
System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI
Suite II\EasyUpdate\EzUpdt.exe Task: {3FBBA572-B426-4591-8573-A628D72F9E32} -
System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files
(x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-27]
(Siber Systems) Task: {4B4ECBA2-1054-4E0C-AE68-5A1C3B693F5E} -
System32\Tasks\Open URL by RoboForm => Rundll32.exe
url.dll,FileProtocolHandler
"http://www.roboform....IGJKJMIBNKJHIKJ" Task: {737A4413-404C-499B-AF2E-E629F78C4204} -
System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files
(x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
[2012-07-23] (ASUSTeK Computer Inc.) Task: {819A4BC7-9F84-4485-B478-112ABD66CEDD} -
System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for
updates => C:\Program Files (x86)\Spybot - Search &amp;
Destroy 2\SDUpdate.exe Task: {83CC3663-D5E4-4BA7-8D9C-337728AE354F} -
System32\Tasks\Driver Detective-RTMRules => C:\Program Files
(x86)\PC Drivers HeadQuarters\Driver
Detective\DriversHQ.DriverDetective.Client.exe [2013-09-27] (PC
Drivers Headquarters) Task: {92ACF0A1-22A3-4D65-B123-3B9730B1F9C9} -
System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB =>
C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation) Task: {9492702F-E0B4-4593-B70B-4D89681E4ECE} -
System32\Tasks\Peerblock startup => C:\Program
Files\PeerBlock\peerblock.exe [2014-01-14] (PeerBlock, LLC) Task: {9EB8FF60-9292-4E87-86FF-15CBBBB4F1E2} -
System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the
system => C:\Program Files (x86)\Spybot - Search &amp; Destroy
2\SDScan.exe Task: {AD4C08F0-010D-49AA-8083-3CD6024D07C1} -
System32\Tasks\{57789A4A-D031-4F20-ABB5-86D8CE3B8BC7} =>
pcalua.exe -a "F:\Hitman\Crack &amp;
Patch\Patch\hitman_sp1.exe" -d "F:\Hitman\Crack &amp;
Patch\Patch" Task: {BCA83C20-F6B5-4E11-8B73-93C9E601F973} -
System32\Tasks\Opera scheduled Autoupdate 1383541367 => C:\Program
Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software) Task: {C81939FE-DB22-4962-9479-790F182FB66A} -
System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files
(x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe Task: {CBE51C26-1CC2-493C-A253-5C162E09EF4D} -
System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files
(x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK
Computer Inc.) Task: {D63D4B54-4741-405E-80F9-1CFD53D764EF} -
System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files
(x86)\PC Drivers HeadQuarters\Driver
Detective\DriversHQ.DriverDetective.Client.exe [2013-09-27] (PC
Drivers Headquarters) Task: {DC129229-FC48-418B-A384-FB90017B7058} -
System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files
(x86)\National Instruments\Shared\Update Service\NIUpdateService.exe
[2012-08-02] (National Instruments) Task: {E3BA74C2-5D4D-4B52-B0FF-03DF349E1BD3} -
System32\Tasks\DriverToolkit Autorun => C:\Program Files
(x86)\DriverToolkit\DriverToolkit.exe Task: {F14776FF-13CF-4D32-86F9-56E77C4BD451} -
System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI
Afterburner\MSIAfterburner.exe Task: {F157E58E-2B3C-413F-864F-5EE6913D0706} -
System32\Tasks\Driver Detective-RTMScan => C:\Program Files
(x86)\PC Drivers HeadQuarters\Driver
Detective\DriversHQ.DriverDetective.Client.exe [2013-09-27] (PC
Drivers Headquarters) Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job
=> C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Loaded Modules
(whitelisted) =============

2013-03-11 10:26 - 2013-03-11 10:26 - 00920736
____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2013-12-09 12:28 - 2013-12-09 12:28 - 03525687
_____ () C:\Program Files (x86)\PrivaZer\PrivaMenu3.dll 2014-05-12 03:49 - 2014-05-12 03:49 - 00222720
_____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2014-07-28 12:29 - 2014-07-28 12:29 - 00866584
_____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2014-07-28 12:32 - 2014-07-28 12:32 - 01050904
_____ () C:\Program Files\Logitech Gaming
Software\platforms\qwindows.dll 2014-07-28 12:29 - 2014-07-28 12:29 - 00059160
_____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2014-07-28 12:31 - 2014-07-28 12:31 - 00242456
_____ () C:\Program Files\Logitech Gaming
Software\imageformats\qjpeg.dll 2014-05-25 08:18 - 2014-05-25 08:18 - 00036536
_____ () C:\Program Files\Rainmeter\Rainmeter.exe 2014-05-25 08:18 - 2014-05-25 08:18 - 00747192
_____ () C:\Program Files\Rainmeter\Rainmeter.dll 2014-05-25 08:17 - 2014-05-25 08:17 - 00011776
_____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll 2014-05-25 08:17 - 2014-05-25 08:17 - 00026112
_____ () C:\Program Files\Rainmeter\Plugins\iTunesPlugin.dll 2014-05-25 08:17 - 2014-05-25 08:17 - 00056832
_____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll 2014-05-25 08:17 - 2014-05-25 08:17 - 00016896
_____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.dll 2014-05-25 08:17 - 2014-05-25 08:17 - 00019968
_____ () C:\Program Files\Rainmeter\Plugins\SysInfo.dll 2014-10-02 05:17 - 2014-10-02 05:17 - 00528896
_____ () C:\Program
Files\WindowsApps\Microsoft.WordamentTapSnap_1.0.2.0_x86__8wekyb3d8bbwe\SnapAttackWin8.1.exe 2014-12-01 14:17 - 2014-04-15 12:02 - 00524288
_____ () C:\Program Files (x86)\PCPitstop\Super
Shield\SQLiteEncrypt.dll 2014-12-01 14:19 - 2014-06-20 05:08 - 00192376
_____ () C:\ProgramData\PCPitstopDat\datRT\libBase64.dll 2014-12-01 14:19 - 2014-06-20 05:08 - 00180088
_____ () C:\ProgramData\PCPitstopDat\datRT\libMachoUniv.dll 2014-06-04 17:54 - 2014-06-04 17:54 - 00000000
_____ () C:\WINDOWS\SYSTEM32\olepro32.dll 2014-06-04 17:54 - 2014-06-04 17:54 - 00000000
_____ () C:\WINDOWS\SYSTEM32\asio.dll 2014-12-31 09:05 - 2014-12-31 09:05 - 00024064
_____ () C:\Program Files
(x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2013-03-11 10:26 - 2010-06-29 10:58 - 00104448
____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2014-10-18 13:44 - 2014-10-18 13:44 - 00172544
_____ ()
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\8185c49f4eac91d533500c912f516647\IsdiInterop.ni.dll 2013-07-01 09:11 - 2011-04-29 23:28 - 00059904
_____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage
Technology\IsdiInterop.dll 2014-06-04 17:54 - 2014-06-04 17:54 - 00000000
_____ () C:\WINDOWS\SYSTEM32\AsIO.dll 2013-11-02 20:52 - 2012-05-17 17:57 - 00043520
____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV
EVO\HookKey32.dll 2013-11-02 20:52 - 2012-07-05 11:05 - 00253952
_____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll 2013-11-02 20:50 - 2011-07-12 18:14 - 00147456
_____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll 2013-11-02 20:50 - 2010-10-05 07:22 - 00253952
_____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll 2013-11-02 20:50 - 2012-03-21 11:07 - 00972288
_____ () C:\Program Files (x86)\ASUS\AI Suite
II\BarGadget\BarGadget.dll 2013-11-02 20:51 - 2012-06-19 11:56 - 01305600
_____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll 2013-11-02 20:51 - 2012-07-20 08:39 - 01047040
_____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll 2013-11-02 20:50 - 2012-05-25 09:33 - 00883712
_____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll 2013-11-02 20:50 - 2012-05-28 20:27 - 01622528
_____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor
Graph\SensorGraph.dll 2013-11-02 20:50 - 2011-09-19 19:18 - 01243136
_____ () C:\Program Files (x86)\ASUS\AI Suite
II\Settings\Settings.dll 2013-11-02 20:50 - 2011-07-21 08:06 - 00846848
_____ () C:\Program Files (x86)\ASUS\AI Suite
II\Splitter\Splitter.dll 2013-11-02 20:50 - 2011-10-14 19:03 - 00885248
_____ () C:\Program Files (x86)\ASUS\AI Suite
II\TabGadget\TabGadget.dll 2013-03-11 10:26 - 2010-08-23 10:17 - 00662016
_____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll 2013-11-02 20:50 - 2010-10-05 07:22 - 00208896
_____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll 2013-11-02 20:50 - 2009-08-12 19:15 - 00253952
_____ () C:\Program Files (x86)\ASUS\AI Suite
II\Sensor\AlertHelper\pngio.dll 2014-12-20 12:48 - 2014-11-26 10:40 - 03758192
_____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-06-04 17:54 - 2014-06-04 17:54 - 00000000
_____ () C:\WINDOWS\SYSTEM32\nvwgf2um.dll 2014-06-04 17:54 - 2014-06-04 17:54 - 00000000
_____ () C:\WINDOWS\system32\nvspcap.dll 2014-08-18 09:30 - 2014-05-13 11:04 - 00109400
_____ () C:\Program Files (x86)\Spybot - Search & Destroy
2\snlThirdParty150.bpl 2014-08-18 09:30 - 2014-05-13 11:04 - 00167768
_____ () C:\Program Files (x86)\Spybot - Search & Destroy
2\snlFileFormats150.bpl 2014-08-18 09:30 - 2014-05-13 11:04 - 00416600
_____ () C:\Program Files (x86)\Spybot - Search & Destroy
2\DEC150.bpl 2014-12-01 14:17 - 2014-12-01 14:05 - 00184944
_____ () C:\Program Files (x86)\PCPitstop\Super
Shield\PCMaticRTen.dll 2014-10-18 13:50 - 2014-10-18 13:50 - 02089472
_____ ()
C:\Users\Dan's\AppData\Local\Packages\Microsoft.WordamentTapSnap_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\SnapAttackWin8.1\eb30eba2d00e8db38b4d4a5c395c1075\SnapAttackWin8.1.ni.exe 2014-10-19 05:54 - 2014-10-19 05:54 - 03530752
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll 2014-10-19 05:54 - 2014-10-19 05:54 - 01130496
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll 2014-10-19 05:54 - 2014-10-19 05:54 - 00228864
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll 2014-10-18 13:50 - 2014-10-18 13:50 - 00078848
_____ ()
C:\Users\Dan's\AppData\Local\Packages\Microsoft.WordamentTapSnap_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\SnapAttackStrings\642d6f08f45ca7808cecf6c60e558752\SnapAttackStrings.ni.dll 2014-10-19 05:55 - 2014-10-19 05:55 - 00960000
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll 2014-10-19 05:55 - 2014-10-19 05:55 - 00133120
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll 2014-10-19 05:55 - 2014-10-19 05:55 - 00808448
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll 2014-05-07 02:45 - 2014-05-07 02:45 - 00483840
_____ ()
C:\Users\Dan's\AppData\Local\Packages\Microsoft.WordamentTapSnap_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll 2014-10-19 05:55 - 2014-10-19 05:55 - 00402432
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll 2014-10-19 05:55 - 2014-10-19 05:55 - 00797696
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll 2014-04-12 16:49 - 2014-04-12 16:49 - 00304128
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll 2014-10-19 05:55 - 2014-10-19 05:55 - 00337920
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll 2014-04-12 16:49 - 2014-04-12 16:49 - 00238080
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll 2014-04-12 16:49 - 2014-04-12 16:49 - 01282048
_____ ()
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll

==================== Alternate Data Streams
(whitelisted) =========

(If an entry is included in the fixlist, only
the Alternate Data Streams will be removed.)

AlternateDataStreams:
C:\ProgramData\sdpsenv.dat:naughtypirates AlternateDataStreams:
C:\ProgramData\TEMP:AB03533D AlternateDataStreams:
C:\ProgramData\TEMP:D2F2F703 AlternateDataStreams:
C:\Users\Dan's\SkyDrive:ms-properties

==================== Safe Mode (whitelisted)
===================

(If an item is included in the fixlist, it will
be removed from the registry. The "AlternateShell" will be
restored.)



==================== EXE Association
(whitelisted) =============

(If an entry is included in the fixlist, the
default will be restored. None default entries will be removed.)



==================== MSCONFIG/TASK MANAGER
disabled items =========

(Currently there is no automatic fix for this
section.)

HKLM\...\StartupApproved\StartupFolder: =>
"NI Error Reporting.lnk" HKLM\...\StartupApproved\Run: => "Eraser" HKLM\...\StartupApproved\Run: => "Windows
Mobile Device Center" HKLM\...\StartupApproved\Run32: =>
"IAStorIcon" HKLM\...\StartupApproved\Run32: =>
"KiesTrayAgent" HKLM\...\StartupApproved\Run32: => "NI
Update Service" HKLM\...\StartupApproved\Run32: =>
"PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "ACSW17EN" HKLM\...\StartupApproved\Run32: =>
"RazerGameBooster" HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\StartupFolder:
=> "Logitech . Product Registration.lnk" HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run:
=> "" HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run:
=> "Driver Detective" HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run:
=> "KiesPreload" HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run:
=> "LightScribe Control Panel" HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run:
=> "RocketDock"

========================= Accounts:
==========================

Administrator
(S-1-5-21-490156171-3473242110-392294870-500 - Administrator -
Disabled) ASPNET
(S-1-5-21-490156171-3473242110-392294870-1003 - Limited - Enabled) Dan's
(S-1-5-21-490156171-3473242110-392294870-1000 - Administrator -
Enabled) => C:\Users\Dan's Guest
(S-1-5-21-490156171-3473242110-392294870-501 - Limited - Disabled) HomeGroupUser$
(S-1-5-21-490156171-3473242110-392294870-1012 - Limited - Enabled)

==================== Faulty Device Manager
Devices =============



==================== Event log errors:
=========================

Application errors: ================== Error: (12/31/2014 09:43:58 AM) (Source:
Application Error) (EventID: 1000) (User: ) Description: Faulting application name:
OCCT.exe, version: 3.1.0.8, time stamp: 0x2a425e19 Faulting module name: OCCT.exe, version:
3.1.0.8, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x000f900f Faulting process id: 0x1330 Faulting application start time: 0xOCCT.exe0 Faulting application path: OCCT.exe1 Faulting module path: OCCT.exe2 Report Id: OCCT.exe3 Faulting package full name: OCCT.exe4 Faulting package-relative application ID:
OCCT.exe5

Error: (12/31/2014 09:23:13 AM) (Source:
Perflib) (EventID: 1008) (User: ) Description:
BITSC:\Windows\System32\bitsperf.dll4

Error: (12/31/2014 09:06:15 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/31/2014 09:06:15 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/31/2014 00:39:20 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/31/2014 00:39:17 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 09:45:21 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 09:45:20 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 08:49:05 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 08:49:04 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: Failed to start the Windows
Mobile-based device connectivity service due to
EnableRAPIMgr(0x80070005) failure (see data for failure code).



System errors: ============= Error: (12/31/2014 09:06:15 AM) (Source: Service
Control Manager) (EventID: 7024) (User: ) Description: The Windows Mobile-based device
connectivity service terminated with the following service-specific
error:
%%2147942405

Error: (12/31/2014 09:06:15 AM) (Source: Service
Control Manager) (EventID: 7001) (User: ) Description: The Windows Mobile-2003-based
device connectivity service depends on the Windows Mobile-based
device connectivity service which failed to start because of the
following error:
%%0

Error: (12/31/2014 09:06:15 AM) (Source: Service
Control Manager) (EventID: 7024) (User: ) Description: The Windows Mobile-based device
connectivity service terminated with the following service-specific
error:
%%2147942405

Error: (12/31/2014 09:04:12 AM) (Source: Service
Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service
terminated with the following service-specific error:
%%2147500034

Error: (12/31/2014 02:16:12 AM) (Source: disk)
(EventID: 7) (User: ) Description: The device, \Device\Harddisk2\DR2,
has a bad block.

Error: (12/31/2014 02:16:06 AM) (Source: disk)
(EventID: 7) (User: ) Description: The device, \Device\Harddisk2\DR2,
has a bad block.

Error: (12/31/2014 02:16:01 AM) (Source: disk)
(EventID: 7) (User: ) Description: The device, \Device\Harddisk2\DR2,
has a bad block.

Error: (12/31/2014 02:15:54 AM) (Source: disk)
(EventID: 7) (User: ) Description: The device, \Device\Harddisk2\DR2,
has a bad block.

Error: (12/31/2014 02:15:48 AM) (Source: disk)
(EventID: 7) (User: ) Description: The device, \Device\Harddisk2\DR2,
has a bad block.

Error: (12/31/2014 02:15:43 AM) (Source: disk)
(EventID: 7) (User: ) Description: The device, \Device\Harddisk2\DR2,
has a bad block.



Microsoft Office Sessions: ========================= Error: (12/31/2014 09:43:58 AM) (Source:
Application Error) (EventID: 1000) (User: ) Description:
OCCT.exe3.1.0.82a425e19OCCT.exe3.1.0.82a425e19c0000005000f900f133001d0251077840a27C:\Program
Files (x86)\OCCT\OCCT.exeC:\Program Files
(x86)\OCCT\OCCT.exed4ea7cc6-9103-11e4-bfaf-002683146b5b

Error: (12/31/2014 09:23:13 AM) (Source:
Perflib) (EventID: 1008) (User: ) Description:
BITSC:\Windows\System32\bitsperf.dll4

Error: (12/31/2014 09:06:15 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)

Error: (12/31/2014 09:06:15 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)

Error: (12/31/2014 00:39:20 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)

Error: (12/31/2014 00:39:17 AM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 09:45:21 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 09:45:20 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 08:49:05 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 08:49:04 PM) (Source:
RapiMgr) (EventID: 2) (User: ) Description: EnableRAPIMgr(0x80070005)



CodeIntegrity Errors: =================================== Date: 2014-09-13 19:03:54.061 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:53.983 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:53.780 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:53.702 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:53.514 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:53.421 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:15.264 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:15.186 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:14.983 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.

Date: 2014-09-13 19:03:14.905 Description: Code Integrity determined that a
process (\Device\HarddiskVolume1\Program Files\Windows
Defender\MsMpEng.exe) attempted to load
\Device\HarddiskVolume1\Program Files\Microsoft
Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 /
Antimalware signing level requirements.



==================== Memory info
===========================


Processor: Intel® Core™ i5-2500K CPU @
3.30GHz Percentage of memory in use: 39% Total physical RAM: 8159.14 MB Available physical RAM: 4932.02 MB Total Pagefile: 9439.14 MB Available Pagefile: 5518.31 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB

==================== Drives
================================

Drive c: () (Fixed) (Total:931.51 GB)
(Free:161.04 GB) NTFS ==>[Drive with boot components (obtained
from BCD)] Drive d: (Data) (Fixed) (Total:1863.01 GB)
(Free:269.32 GB) NTFS Drive g: (SAMSUNG DANS) (Fixed) (Total:1863.01
GB) (Free:183.47 GB) NTFS Drive h: (FreeAgent Drive) (Fixed) (Total:465.76
GB) (Free:271.09 GB) NTFS

==================== MBR & Partition Table
==================

======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5
GB) (Disk ID: 2F2500A8) Partition 1: (Active) - (Size=931.5 GB) -
(Type=07 NTFS)

======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863
GB) (Disk ID: 2F2500D0) Partition 1: (Not Active) - (Size=1863 GB) -
(Type=OF Extended)

======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB)
(Disk ID: 2077703C) Partition 1: (Active) - (Size=1863 GB) -
(Type=07 NTFS)

======================================================== Disk: 4 (Size: 465.8 GB) (Disk ID: A4B57300) Partition 1: (Not Active) - (Size=465.8 GB) -
(Type=07 NTFS)

==================== End Of Log
============================


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 December 2014 - 08:51 PM

Hi MrKez,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

You need to remove WordWrap in Notepad and then re-post the logs.

bullseye_zpse9eaf36e.gif Remove Word Wrap in Notepad
  • Click the Windows Start button.
  • Enter Notepad into the search box and double-click the application from the list of search results that appears. The Notepad application opens.
  • Click Format from the main menu in Notepad to display the formatting drop-down menu. You will see a check mark next to the words Word Wrap, which indicates that the Word Wrap feature is currently inserting line endings into your Notepad files.
  • Click Word Wrap to remove line endings. The check mark that used to appear next to Word Wrap disappears, indicating that you have successfully disabled this feature and removed all line endings from your document.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 31 December 2014 - 09:36 PM

Okay. Sorry about the original post. Here is non word wrapped post.

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-31 10:21:05
-----------------------------
10:21:05.351    OS Version: Windows x64 6.2.9200
10:21:05.351    Number of processors: 4 586 0x2A07
10:21:05.352    ComputerName: DANS-PC  UserName: Dan's
10:21:06.573    Initialize success
10:21:06.636    VM: initialized successfully
10:21:06.636    VM: Intel CPU supported
10:21:12.805    VM: disk I/O iaStor.sys
10:23:00.079    AVAST engine defs: 14123100
10:24:04.487    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:24:04.487    Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
10:24:04.487    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:24:04.487    Disk 1 Vendor: SAMSUNG_ 1AQ1 Size: 1907729MB BusType: 3
10:24:04.675    Disk 0 MBR read successfully
10:24:04.675    Disk 0 MBR scan
10:24:04.690    Disk 0 Windows 7 default MBR code
10:24:04.690    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       953867 MB offset 2048
10:24:04.706    Disk 0 scanning C:\WINDOWS\system32\drivers
10:24:16.144    Service scanning
10:24:37.676    Modules scanning
10:24:37.676    Disk 0 trace - called modules:
10:24:37.676    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:24:37.692    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000d67cd360]
10:24:37.692    3 CLASSPNP.SYS[fffff8002d491170] -> nt!IofCallDriver -> [0xffffe000d515adc0]
10:24:37.707    5 ACPI.sys[fffff8002d2fdc21] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffe000d5155050]
10:24:38.707    AVAST engine scan C:\WINDOWS
10:24:41.254    AVAST engine scan C:\WINDOWS\system32
10:27:15.526    AVAST engine scan C:\WINDOWS\system32\drivers
10:27:27.979    AVAST engine scan C:\Users\Dan's
10:56:39.919    File: C:\Users\Dan's\Documents\Rainmeter\Skins\@Backup\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe  **INFECTED** Win32:Dropper-gen [Drp]
10:57:20.749    File: C:\Users\Dan's\Documents\Rainmeter\Skins\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe  **INFECTED** Win32:Dropper-gen [Drp]
11:00:26.568    File: C:\Users\Dan's\Downloads\Richard_Kadrey_-_[Sandman_Slim_06]_-_The_Getaway_God_(epub).epub.exe  **INFECTED** Win32:Adware-gen [Adw]
11:03:22.621    AVAST engine scan C:\ProgramData
11:04:54.828    Disk 0 statistics 5909456/0/0 @ 323.38 MB/s
11:04:54.828    Scan finished successfully
11:20:36.759    Disk 0 MBR has been saved successfully to "C:\Users\Dan's\Desktop\MBR.dat"
11:20:36.759    The log file has been saved successfully to "C:\Users\Dan's\Desktop\aswMBR.txt"


----

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Dan's (administrator) on DANS-PC on 31-12-2014 11:22:42
Running from C:\Users\Dan's\Desktop
Loaded Profile: Dan's (Available profiles: Dan's)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.WordamentTapSnap_1.0.2.0_x86__8wekyb3d8bbwe\SnapAttackWin8.1.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [27328 2012-08-31] (PC Pitstop LLC)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-05-30] (Power Software Ltd)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1728624 2014-12-01] (PC Pitstop LLC)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [Driver Detective] => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [3988888 2013-09-27] (PC Drivers Headquarters)
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-27] (Siber Systems)
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: I - "I:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: J - "J:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {49ae9a59-728c-11e4-bf99-002683146b5b} - "J:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {5fadc030-fca3-11e3-bf62-002683146b5b} - "I:\LG_PC_Programs.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {829b14fe-ed42-11e3-bf52-bcaec57615fd} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {958b714d-f737-11e3-bf60-002683146b5b} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {ce37d1d1-ef88-11e3-bf53-bcaec57615fd} - "I:\LGAutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-490156171-3473242110-392294870-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} -> C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {4DB74D06-491C-440D-305E-012400990F3E} -> C:\WINDOWS\SysWOW64\api-ms--win-service-management-l1-1-0.dll ()
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKU\S-1-5-21-490156171-3473242110-392294870-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default
FF NewTab: https://privatelee.qrobe.it/
FF DefaultSearchEngine: qrobe.it (HTTPS)
FF SelectedSearchEngine: qrobe.it (HTTPS)
FF Homepage: privatelee.qrobe.it
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin HKU\S-1-5-21-490156171-3473242110-392294870-1000: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKU\S-1-5-21-490156171-3473242110-392294870-1000: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll No File
FF user.js: detected! => C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National Instruments)
FF SearchPlugin: C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\searchplugins\qrobeit-https.xml
FF Extension: Fire IE - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\fireie@fireie.org [2014-12-19]
FF Extension: HTTPS-Everywhere - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\https-everywhere@eff.org [2014-10-15]
FF Extension: Hola Better Internet - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-12-30]
FF Extension: NetVideoHunter - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\netvideohunter@netvideohunter.com [2014-07-28]
FF Extension: ColorfulTabs - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-12-17]
FF Extension: Empty Cache Button - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-09-13]
FF Extension: Default Full Zoom Level - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-26]
FF Extension: Disconnect - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\2.0@disconnect.me.xpi [2014-05-13]
FF Extension: Add-on Compatibility Reporter - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\compatibility@addons.mozilla.org.xpi [2014-05-22]
FF Extension: YouTube HTML5 Switch - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-coCUQ7NySNPcj72dA3557kKXGZU@jetpack.xpi [2013-06-18]
FF Extension: AdF.ly Skipper ★WORKING★ - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2014-07-29]
FF Extension: Enhanced Steam - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-03-07]
FF Extension: Honey - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2014-12-19]
FF Extension: YouTube Center - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-29]
FF Extension: Lazarus: Form Recovery - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazarus@interclue.com.xpi [2013-03-11]
FF Extension: Lazy Click - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazyclick@tmarki.com.xpi [2013-03-11]
FF Extension: Long URL Please - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\longurlplease@darragh.curran.xpi [2013-11-15]
FF Extension: Masking Agent - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\maskingagent@basa.nl.xpi [2013-03-21]
FF Extension: No Small Text - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\nosmalltext@pjs.nl.xpi [2014-11-06]
FF Extension: Stealthy - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\stealthyextension@gmail.com.xpi [2014-07-10]
FF Extension: Google Translator for Firefox - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\translator@zoli.bod.xpi [2013-03-11]
FF Extension: imagiris - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\user@imagiris.txt.xpi [2013-03-11]
FF Extension: Resurrect Pages - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-03-11]
FF Extension: URL Fixer - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2013-03-11]
FF Extension: Easy YouTube Video Downloader - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-08-12]
FF Extension: Adblock Plus - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2014-11-10]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.com [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-03-11]
FF HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-11] ()
R3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-11] (ASUSTeK Computer Inc.)
S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-11] (ASUSTeK Computer Inc.)
S3 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2013-11-02] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-04-23] (BioWare)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S3 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
S3 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
S3 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
S3 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
S3 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S3 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
S3 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [605808 2014-12-01] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-05-30] (PC Pitstop LLC)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S3 GingerUpdateService; "C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\system32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R3 arusb_win7x; C:\Windows\system32\DRIVERS\arusb_win7x.sys [769024 2010-02-23] (Atheros Communications, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 PTQHBUS; C:\Windows\System32\drivers\PTQHBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
U3 DfSdkS; No ImagePath
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
U3 aswMBR; \??\C:\Users\Dan's\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Dan's\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 11:22 - 2014-12-31 11:23 - 00028270 _____ () C:\Users\Dan's\Desktop\FRST.txt
2014-12-31 11:21 - 2014-12-31 11:22 - 00000000 ____D () C:\FRST
2014-12-31 11:21 - 2014-12-31 11:21 - 02123264 _____ (Farbar) C:\Users\Dan's\Desktop\FRST64.exe
2014-12-31 11:20 - 2014-12-31 11:20 - 00002622 _____ () C:\Users\Dan's\Desktop\aswMBR.txt
2014-12-31 11:20 - 2014-12-31 11:20 - 00000512 _____ () C:\Users\Dan's\Desktop\MBR.dat
2014-12-31 10:20 - 2014-12-31 10:20 - 05198336 _____ (AVAST Software) C:\Users\Dan's\Desktop\aswMBR.exe
2014-12-31 09:44 - 2014-12-31 09:44 - 00000000 ____D () C:\Users\Dan's\Documents\PassMark
2014-12-31 09:32 - 2014-12-31 10:27 - 00031832 _____ () C:\Users\Dan's\AppData\Local\Temp\Dan's.bmp
2014-12-30 23:43 - 2014-12-30 23:43 - 00006002 _____ () C:\WINDOWS\system32\PTHQsetup_20141230.log
2014-12-30 23:38 - 2014-12-30 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-30 22:15 - 2014-12-30 22:14 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221533.backup
2014-12-30 22:14 - 2014-12-14 12:39 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221456.backup
2014-12-30 21:34 - 2014-12-30 21:34 - 00001343 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-12-30 21:34 - 2014-12-30 21:34 - 00000000 ____D () C:\WINDOWS\LastGood
2014-12-30 21:34 - 2014-12-30 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-30 21:34 - 2014-12-13 02:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 32099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 25460552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 24764232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 20465808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 18594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 17264312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 16040184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 14128496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 13288360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 13202520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10770120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10710160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10345280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-12-30 21:33 - 2014-12-13 04:08 - 03610440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 03293136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 03248968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 02897824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00994384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00968336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00942400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00928072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00906560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00876976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00834880 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00306328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00178632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00165760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00027983 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-12-30 21:33 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-30 21:33 - 2014-11-22 04:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-12-30 21:33 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-30 21:28 - 2014-12-30 21:30 - 307606328 _____ (NVIDIA Corporation) C:\Users\Dan's\Downloads\347.09-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-12-30 19:57 - 2014-12-13 02:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-12-30 19:55 - 2014-12-30 19:55 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-12-30 18:20 - 2014-12-30 18:20 - 00000008 _____ () C:\Users\Dan's\Documents\oliveranch order.txt
2014-12-30 10:24 - 2014-12-30 10:41 - 341142420 _____ () C:\Users\Dan's\Downloads\Sting - Live 60th birthday concert NY Beacon Theatre 1 october 2011.mp4
2014-12-30 09:04 - 2014-12-30 09:04 - 00000902 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-12-30 08:56 - 2014-12-30 08:56 - 68653056 _____ () C:\Users\Dan's\Downloads\calibre-64bit-2.14.0.msi
2014-12-28 18:18 - 2014-12-28 18:20 - 34305058 _____ () C:\Users\Dan's\Downloads\torbrowser-install-4.0.2_en-US.exe
2014-12-28 14:40 - 2014-12-28 14:48 - 443555719 _____ () C:\Users\Dan's\Downloads\N7_2013_tools20140228.zip
2014-12-28 14:40 - 2014-12-28 14:40 - 23590680 _____ (深圳瓶子科技有限公司) C:\Users\Dan's\Downloads\ShuameSetup_2.0.3.exe
2014-12-28 14:39 - 2014-12-28 14:43 - 281012968 _____ () C:\Users\Dan's\Downloads\miui_Nexus7_4.8.22_396a8fe8f5_4.4.zip
2014-12-27 20:25 - 2014-12-27 20:25 - 04551776 _____ (Krzysztof Kowalczyk) C:\Users\Dan's\Downloads\SumatraPDF-3.0-install.exe
2014-12-27 19:36 - 2014-12-27 19:36 - 00000951 _____ () C:\Users\Public\Desktop\Tagman.lnk
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Abelssoft
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tagman
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\Program Files (x86)\Tagman
2014-12-27 19:35 - 2014-12-27 19:35 - 00001090 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 19:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-27 19:35 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-27 19:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-27 17:38 - 2014-12-27 17:39 - 26498368 _____ (Abelssoft ) C:\Users\Dan's\Downloads\TAGMAN_2015.exe
2014-12-26 23:26 - 2014-12-26 23:26 - 00000000 ____D () C:\Users\Dan's\Documents\My Cheat Tables
2014-12-24 20:57 - 2014-12-24 20:57 - 17102864 _____ (Electronic Arts, Inc.) C:\Users\Dan's\Downloads\OriginThinSetup.exe
2014-12-24 19:35 - 2014-12-24 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition
2014-12-24 19:24 - 2014-12-24 19:24 - 00001330 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-24 19:24 - 2014-12-24 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-24 14:58 - 2014-12-24 19:34 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-24 14:57 - 2014-12-24 15:22 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Origin
2014-12-24 14:55 - 2014-12-30 21:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-24 14:55 - 2014-12-24 14:55 - 00000951 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-24 14:55 - 2014-12-24 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-22 11:23 - 2014-11-10 18:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-12-22 11:22 - 2014-11-17 14:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-12-22 11:22 - 2014-11-17 14:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-12-22 11:22 - 2014-11-15 13:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-12-22 11:22 - 2014-11-15 00:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-12-22 11:22 - 2014-11-14 08:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-12-22 11:22 - 2014-11-14 01:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-12-22 11:22 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2014-12-22 11:22 - 2014-11-14 00:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-12-22 11:22 - 2014-11-14 00:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-12-22 11:22 - 2014-11-14 00:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-12-22 11:22 - 2014-11-14 00:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-12-22 11:22 - 2014-11-14 00:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-12-22 11:22 - 2014-11-14 00:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-12-22 11:22 - 2014-11-14 00:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-22 11:22 - 2014-11-14 00:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-12-22 11:22 - 2014-11-13 23:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-12-22 11:22 - 2014-11-13 23:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-12-22 11:22 - 2014-11-13 23:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-12-22 11:22 - 2014-11-13 23:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-12-22 11:22 - 2014-11-13 23:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-12-22 11:22 - 2014-11-13 22:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-22 11:22 - 2014-11-10 18:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-12-22 11:22 - 2014-11-10 12:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-12-22 11:22 - 2014-11-10 12:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-12-22 11:22 - 2014-11-10 12:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-12-22 11:22 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-12-22 11:22 - 2014-11-09 20:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-12-22 11:22 - 2014-11-09 19:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-12-22 11:22 - 2014-11-09 19:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-12-22 11:22 - 2014-11-09 19:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-12-22 11:22 - 2014-11-09 19:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-12-22 11:22 - 2014-11-09 19:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-12-22 11:22 - 2014-11-09 19:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-12-22 11:22 - 2014-11-09 19:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-12-22 11:22 - 2014-11-09 18:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-12-22 11:22 - 2014-11-09 18:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-12-22 11:22 - 2014-11-08 04:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2014-12-22 11:22 - 2014-11-08 04:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2014-12-22 11:22 - 2014-11-07 22:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2014-12-22 11:22 - 2014-11-07 22:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2014-12-22 11:22 - 2014-11-07 21:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2014-12-22 11:22 - 2014-11-07 21:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2014-12-22 11:22 - 2014-11-07 21:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2014-12-22 11:22 - 2014-11-07 21:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2014-12-22 11:22 - 2014-11-07 21:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2014-12-22 11:22 - 2014-11-07 21:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2014-12-22 11:22 - 2014-11-07 21:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2014-12-22 11:22 - 2014-11-07 21:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2014-12-22 11:22 - 2014-11-07 21:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2014-12-22 11:22 - 2014-11-07 20:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2014-12-22 11:22 - 2014-11-07 20:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-12-22 11:22 - 2014-11-07 20:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-12-22 11:22 - 2014-11-07 20:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2014-12-22 11:22 - 2014-11-07 20:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-12-22 11:22 - 2014-11-07 19:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2014-12-22 11:22 - 2014-11-07 19:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-12-22 11:22 - 2014-11-07 19:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-12-22 11:22 - 2014-11-06 21:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-12-22 11:22 - 2014-11-06 21:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-12-22 11:22 - 2014-11-04 20:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2014-12-22 11:22 - 2014-11-04 20:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2014-12-22 11:22 - 2014-11-04 20:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2014-12-22 11:22 - 2014-11-04 19:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-12-22 11:22 - 2014-11-04 19:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-12-22 11:22 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-12-22 11:22 - 2014-11-04 19:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2014-12-22 11:22 - 2014-11-04 19:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2014-12-22 11:22 - 2014-11-04 19:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2014-12-22 11:22 - 2014-11-04 19:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2014-12-22 11:22 - 2014-11-04 19:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-12-22 11:22 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-12-22 11:22 - 2014-11-04 19:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-12-22 11:22 - 2014-11-04 19:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2014-12-22 11:22 - 2014-11-04 13:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2014-12-22 11:22 - 2014-11-04 13:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2014-12-22 11:22 - 2014-11-04 13:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2014-12-22 11:22 - 2014-11-04 00:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-12-22 11:22 - 2014-11-04 00:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2014-12-22 11:22 - 2014-11-03 23:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-12-22 11:22 - 2014-10-30 18:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-12-22 11:22 - 2014-10-30 18:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-12-22 11:22 - 2014-10-29 23:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-12-22 11:22 - 2014-10-29 23:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-12-22 11:22 - 2014-10-29 23:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-12-22 11:22 - 2014-10-28 21:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2014-12-22 11:22 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2014-12-22 11:22 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2014-12-22 11:22 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2014-12-22 11:22 - 2014-10-28 19:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2014-12-22 11:22 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2014-12-22 11:22 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2014-12-22 11:22 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2014-12-22 11:22 - 2014-10-28 19:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2014-12-22 11:22 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2014-12-22 11:22 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2014-12-22 11:22 - 2014-10-26 16:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-12-22 11:22 - 2014-10-20 19:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2014-12-22 11:22 - 2014-10-20 19:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2014-12-22 11:22 - 2014-10-20 18:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2014-12-22 11:22 - 2014-10-20 18:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2014-12-22 11:22 - 2014-10-20 18:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2014-12-22 11:22 - 2014-10-20 18:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-12-22 11:22 - 2014-10-20 18:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2014-12-22 11:22 - 2014-10-16 22:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-22 11:22 - 2014-10-16 22:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-22 11:22 - 2014-10-16 22:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-22 11:22 - 2014-10-16 21:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-20 12:47 - 2014-12-20 12:47 - 00244104 _____ () C:\Users\Dan's\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-17 19:29 - 2014-12-17 19:29 - 00003828 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1383541367
2014-12-17 19:29 - 2014-12-17 19:29 - 00001017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-16 20:42 - 2014-12-16 20:42 - 00000000 ____D () C:\Users\Dan's\Downloads\Dragon Age Inquisition V1.01 Trainer +15 MrAntiFun
2014-12-15 16:48 - 2014-12-15 16:48 - 00001704 _____ () C:\Users\Dan's\Desktop\Play FINAL FANTASY XIII.lnk
2014-12-15 11:23 - 2014-12-15 11:23 - 00000045 _____ () C:\Users\Dan's\Documents\blood test numbers 121614.txt
2014-12-14 16:40 - 2014-12-14 16:40 - 00001116 _____ () C:\Users\Dan's\Desktop\Final Fantasy XIII-2.lnk
2014-12-14 16:40 - 2014-12-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII-2
2014-12-14 16:30 - 2014-12-14 16:57 - 00000000 ____D () C:\Program Files (x86)\Final Fantasy XIII-2
2014-12-14 12:39 - 2014-12-14 12:39 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123928.backup
2014-12-14 12:39 - 2014-12-01 00:45 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123903.backup
2014-12-13 18:38 - 2014-12-30 21:35 - 00000000 ____D () C:\ProgramData\Origin
2014-12-13 18:38 - 2014-12-24 14:55 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-13 11:20 - 2014-11-26 15:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-13 11:20 - 2014-11-26 15:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 11:17 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-13 11:17 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-13 11:17 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-13 11:17 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-13 11:17 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-13 11:17 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-13 11:17 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-13 11:17 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-13 11:17 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-13 11:17 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-13 11:17 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-13 11:17 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-13 11:17 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-13 11:17 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-13 11:17 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-13 11:17 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-13 11:17 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-13 11:17 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-13 11:17 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-13 11:17 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-13 11:17 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-13 11:17 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-13 11:17 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-13 11:17 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-13 11:17 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-13 11:17 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-13 11:17 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-13 11:17 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-13 11:17 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-13 11:17 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-13 11:17 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-13 11:17 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-13 11:17 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-13 11:17 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-13 11:17 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-13 11:17 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-13 11:17 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-13 11:17 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-13 11:17 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-13 11:17 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 11:17 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-13 11:17 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-13 11:17 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 11:16 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 11:16 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 11:16 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-13 11:16 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-12 20:51 - 2014-12-12 20:51 - 00000000 ____D () C:\Users\Dan's\Documents\Egosoft
2014-12-12 20:48 - 2014-12-12 20:50 - 00000000 ____D () C:\editing
2014-12-12 20:40 - 2014-12-12 20:40 - 00001219 _____ () C:\Users\Dan's\Desktop\X Rebirth The Teladi Outpost.lnk
2014-12-12 20:40 - 2014-12-12 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2014-12-12 20:33 - 2014-12-12 20:51 - 00000000 ____D () C:\Program Files (x86)\X Rebirth The Teladi Outpost
2014-12-12 10:14 - 2014-12-12 10:14 - 18119856 _____ (Adobe Systems Incorporated) C:\Users\Dan's\Downloads\install_flash_player.exe
2014-12-06 00:35 - 2014-12-06 00:35 - 00190428 _____ () C:\Users\Dan's\Downloads\UIT_IphStich.zip
2014-12-04 21:01 - 2014-12-04 21:01 - 30134887 _____ () C:\Users\Dan's\Downloads\Episode 63 Billy Gibbons  Live From Daryl's House with Daryl Hall  Current Episode.mp4
2014-12-01 14:17 - 2014-04-15 12:02 - 00082872 _____ (GFI Software) C:\WINDOWS\system32\Drivers\sbapifs.sys
2014-12-01 00:45 - 2014-12-01 00:45 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141201-004531.backup
2014-12-01 00:45 - 2014-12-01 00:37 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141201-004500.backup
2014-12-01 00:37 - 2014-08-18 09:43 - 00450770 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141201-003756.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 11:23 - 2014-05-04 13:40 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\Temp
2014-12-31 11:22 - 2013-03-11 14:11 - 00000000 ____D () C:\ProgramData\PCPitstopDat
2014-12-31 11:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-31 11:11 - 2013-03-11 09:43 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-490156171-3473242110-392294870-1000
2014-12-31 11:06 - 2014-06-06 00:23 - 01960707 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-31 11:02 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-31 10:27 - 2013-12-17 10:13 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\ClassicShell
2014-12-31 09:57 - 2014-06-18 16:25 - 00000374 _____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2014-12-31 09:57 - 2013-12-31 08:52 - 00000000 ___DO () C:\Users\Dan's\SkyDrive
2014-12-31 09:57 - 2013-03-11 14:30 - 00000000 ____D () C:\Program Files\PeerBlock
2014-12-31 09:55 - 2014-08-01 12:58 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Tropico 4
2014-12-31 09:55 - 2013-03-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-31 09:43 - 2013-10-22 17:54 - 00000000 ____D () C:\Program Files (x86)\OCCT
2014-12-31 09:31 - 2013-03-11 14:01 - 00000000 ____D () C:\ProgramData\PCPitstop
2014-12-31 09:29 - 2013-03-11 09:56 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2014-12-31 09:04 - 2014-11-24 14:05 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-12-31 09:04 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-31 09:03 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-31 00:47 - 2014-07-15 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 00:34 - 2013-03-11 16:56 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\uTorrent
2014-12-30 23:45 - 2014-08-07 17:27 - 00000000 ____D () C:\Program Files (x86)\Maxis
2014-12-30 23:44 - 2013-08-12 21:57 - 00000000 _____ () C:\conmgr.log
2014-12-30 23:44 - 2013-03-11 10:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-30 23:39 - 2014-01-15 13:58 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-30 21:36 - 2013-12-31 01:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-30 21:34 - 2014-06-09 04:30 - 00004979 _____ () C:\WINDOWS\setupact.log
2014-12-30 21:34 - 2013-12-31 01:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 21:34 - 2013-12-31 01:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-30 21:34 - 2013-12-31 01:13 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-30 20:46 - 2014-06-08 21:47 - 00208890 _____ () C:\WINDOWS\PFRO.log
2014-12-30 20:45 - 2013-12-31 01:22 - 00000000 ____D () C:\Users\Dan's
2014-12-30 09:07 - 2014-06-07 16:14 - 00000000 ____D () C:\Users\Dan's\Documents\Calibre Library
2014-12-30 09:04 - 2014-06-07 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-12-30 09:04 - 2014-06-07 16:11 - 00000000 ____D () C:\Program Files\Calibre2
2014-12-28 18:24 - 2014-06-07 20:11 - 00000000 ____D () C:\Users\Dan's\Desktop\Tor Browser
2014-12-28 17:16 - 2013-03-12 10:44 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\MediaMonkey
2014-12-28 00:53 - 2014-01-19 14:38 - 00409904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 00:52 - 2014-07-15 23:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:25 - 2013-03-11 16:09 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-12-27 19:36 - 2014-09-18 21:30 - 00092160 ___SH () C:\Users\Dan's\Desktop\Thumbs.db
2014-12-27 19:35 - 2014-07-15 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 19:24 - 2013-03-11 15:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-24 15:09 - 2013-02-01 11:59 - 00000000 ____D () C:\Temp
2014-12-22 12:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-22 11:33 - 2013-03-11 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-12-22 11:23 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-20 18:38 - 2014-10-23 18:35 - 00001787 _____ () C:\Users\Dan's\Desktop\Play Civilization Beyond Earth.lnk
2014-12-20 18:38 - 2014-10-23 18:35 - 00000966 _____ () C:\Users\Dan's\Desktop\visit www.nosteam.ro.lnk
2014-12-20 18:36 - 2013-01-15 20:52 - 00000000 ____D () C:\Games
2014-12-20 12:48 - 2014-11-10 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-20 12:48 - 2013-03-11 10:56 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-20 12:48 - 2013-03-11 10:56 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-17 19:29 - 2013-11-03 23:02 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-14 13:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-14 13:09 - 2014-03-28 10:43 - 00004438 _____ () C:\WINDOWS\wininit.ini
2014-12-14 13:09 - 2013-03-11 12:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-14 12:46 - 2013-06-28 10:47 - 00000000 ____D () C:\GOG Games
2014-12-13 19:22 - 2013-12-11 19:06 - 00000000 ____D () C:\Users\Dan's\Documents\BioWare
2014-12-13 11:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 11:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 11:23 - 2013-08-13 12:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 11:20 - 2013-03-11 11:34 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 04:08 - 2014-09-19 23:37 - 00074056 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-12-13 04:08 - 2014-09-19 23:37 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2014-12-13 02:03 - 2014-09-19 23:37 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-12-13 02:03 - 2014-09-19 23:37 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-12-13 02:03 - 2014-09-19 23:37 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-12-13 02:03 - 2013-03-11 11:27 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-12-12 20:48 - 2014-11-23 10:35 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Notepad++
2014-12-12 20:44 - 2014-01-19 11:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-12 17:11 - 2014-09-19 23:37 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-12-11 22:07 - 2014-05-13 00:12 - 00000000 ____D () C:\Users\Dan's\Documents\theRenamer
2014-12-07 18:43 - 2014-11-25 16:38 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-12-07 18:43 - 2013-10-31 13:07 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-12-05 00:09 - 2013-09-29 22:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-04 19:34 - 2014-06-06 16:33 - 00000000 ____D () C:\Users\Dan's\Documents\LG OSP
2014-12-04 18:10 - 2013-10-13 07:10 - 00000000 ____D () C:\Users\Dan's\Documents\Telltale Games
2014-12-02 22:18 - 2014-11-29 01:21 - 191933275 _____ () C:\Users\Dan's\Downloads\Lynyrd Skynyrd - complete concert from Winterland 1975.mp4
2014-12-01 00:31 - 2014-08-18 09:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-31 09:29

==================== End Of Log ============================

 

-------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Dan's at 2014-12-31 11:23:35
Running from C:\Users\Dan's\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Matic Super Shield (Enabled - Up to date) {A75D148F-9EA0-5C05-DCC3-E2888D63FFEC}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: PC Matic Super Shield (Enabled - Up to date) {1C3CF56B-B89A-538B-E673-D9FAF6E4B551}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACBL Convention Card Editor (HKLM-x32\...\Product_Name) (Version:  - )
ACDSee 17 (HKLM-x32\...\{A47900DC-2011-46C8-8E07-5BDD9D83DE47}) (Version: 17.0.42 - ACD Systems International Inc.)
Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{7FA52B15-7FC2-46E7-8791-5F46F069CC7C}) (Version: 1.0.541 - Eyeo GmbH)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
Ashampoo WinOptimizer 11 v.11.0.1 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.0.1 - Ashampoo GmbH & Co. KG)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.4.0 - Asmedia Technology)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Bridge Baron 22 (HKLM-x32\...\{B0C3F9C3-225A-4AA0-8A6E-28C7C116599E}) (Version: 22.00.01 - Great Game Products, Inc.)
BVS Solitaire Collection version 7.6 (HKLM-x32\...\BVSSOL_is1) (Version: 7.6 - BVS Development Corporation)
calibre 64bit (HKLM\...\{4D3E3E3F-5AE9-4D5A-AE74-9A979FC71F8E}) (Version: 2.14.0 - Kovid Goyal)
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
Character Control - Planescape Torment v1.0.3 (HKLM-x32\...\Character Control - Planescape Torment v1.0.3) (Version:  - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
CyberPower PowerPanel Personal Edition 1.3.3 (HKLM-x32\...\{972F23F4-F293-4074-853D-125A59EB356D}) (Version: 1.3.3 - Cyber Power Systems, Inc.)
Daum PotPlayer 1.5.37776 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Driver Detective (HKLM-x32\...\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}) (Version: 8.1 - PC Drivers HeadQuarters)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Electric Sheep 2.7b34c (HKLM-x32\...\Electric Sheep) (Version: 2.7b34c - Electricsheep)
EPSON WorkForce 500 Series Printer Uninstall (HKLM\...\EPSON WorkForce 500 Series) (Version:  - SEIKO EPSON Corporation)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA OC Scanner X 3.3.0 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
FastStone Capture 7.4 (HKLM-x32\...\FastStone Capture) (Version: 7.4 - FastStone Soft)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FileBot (HKLM\...\{15003E45-BBE8-4CAE-AA60-A56E3FC4E9BB}) (Version: 4.2 - Reinhard Pointner)
Final Fantasy XIII-2 (HKLM-x32\...\Final Fantasy XIII-2_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Full Combat Rebalance v1.6a (HKLM-x32\...\Full Combat Rebalance_is1) (Version: 1.6a - Andrzej Kwiatkowski)
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0 (HKLM-x32\...\PICC 9.82) (Version: 9.82 - HI-TECH Software)
HI-TECH C51-lite V9.60PL0 (HKLM-x32\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)
I-Doser Premium (HKLM-x32\...\I-Doser) (Version: 5.0 - I-Doser.com)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
jv16 PowerTools 2014 (HKLM-x32\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG On-Screen Phone (HKLM-x32\...\LG On-Screen Phone) (Version: 4.2.001.140114 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
LGNPST Components (HKLM-x32\...\{A2A9AF56-6ED2-436A-ADAF-9CAAFC9F7A6D}) (Version: 5.0.20.0 - LG Electronics)
LGNPST for ACG (HKLM-x32\...\{177AEA1B-2C52-4661-B120-F9CC66554615}) (Version: 2.2.3 - LG Electronics)
LGNPST GenericModels (HKLM-x32\...\{BAD75632-C312-4DBD-8A45-D70E1807C353}) (Version: 5.0.12.0 - LG Electronics)
LibreOffice 4.0 Help Pack (English) (HKLM-x32\...\{6B80B041-06E7-4EDB-B523-9397D1DF3684}) (Version: 4.0.1.2 - The Document Foundation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LightScribe Diagnostic Utility (HKLM-x32\...\{8FE019AA-8C1C-46D3-A6CA-E45C5E332736}) (Version: 1.18.27.10 - LightScribe)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.1.0.6 - Marvell)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Math Kernel Libraries (64-bit) (Version: 1.0.23.0 - National Instruments) Hidden
Math Kernel Libraries (x32 Version: 1.0.23.0 - National Instruments) Hidden
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Movie Collector (HKLM-x32\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
Neverwinter Nights 2 Complete (HKLM-x32\...\GOGPACKNWN2COMPLETE_is1) (Version: 2.1.0.6 - GOG.com)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.47.3 - Black Tree Gaming)
NFOPad 1.66 (HKLM-x32\...\NFOPad) (Version: 1.66 - True Human Design)
NI .NET Framework 4.0 (x32 Version: 4.01.49152 - National Instruments) Hidden
NI ActiveX Container (64-bit) (Version: 12.0.14.0 - National Instruments) Hidden
NI ActiveX Container (x32 Version: 12.0.14.0 - National Instruments) Hidden
NI Authentication 12.0.0 (64-bit) (Version: 12.0.367.0 - National Instruments) Hidden
NI Authentication 12.0.0 (x32 Version: 12.0.367.0 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Core (x32 Version: 12.0.923 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Pro (x32 Version: 12.0.923 - National Instruments) Hidden
NI Circuit Design Suite 12.0.1 Pro Licenses (x32 Version: 12.0.923 - National Instruments) Hidden
NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0 - National Instruments) Hidden
NI Curl 12.0.0 (x32 Version: 12.0.412.0 - National Instruments) Hidden
NI Error Reporting 2012 (x32 Version: 12.0.172.0 - National Instruments) Hidden
NI EulaDepot (x32 Version: 3.10.392 - National Instruments) Hidden
NI Example Finder 12.0 (x32 Version: 12.0.291.0 - National Instruments) Hidden
NI GMP Windows 32-bit Installer 12.0.0 (x32 Version: 12.0.46.0 - National Instruments) Hidden
NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0 - National Instruments) Hidden
NI Help Assistant (64bit) (Version: 1.0.11 - National Instruments) Hidden
NI Help Assistant (x32 Version: 1.0.11 - National Instruments) Hidden
NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
NI LabVIEW 2012 Deployment Framework (x32 Version: 12.0.369.0 - National Instruments) Hidden
NI LabVIEW 2012 Real-Time NBFifo (x32 Version: 12.0.219.0 - National Instruments) Hidden
NI LabVIEW 2012 Run-Time Engine Web Server (x32 Version: 12.0.406.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.448.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2012 (x32 Version: 12.0.381.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.449.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2012 (x32 Version: 12.0.150.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Analysis Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Network Variable Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
NI LabWindows/CVI Run-Time Engine 2010 SP1 (x32 Version: 10.0.1434 - National Instruments) Hidden
NI License Manager (x32 Version: 3.7.44 - National Instruments) Hidden
NI Logos 5.4 (64-bit) (Version: 5.4.303.0 - National Instruments) Hidden
NI Logos 5.4 (x32 Version: 5.4.303.0 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.4.295.0 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.4.295.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 5.0 (Version: 5.00.49153 - National Instruments) Hidden
NI MAX Remote Configuration Installer 5.0 (x32 Version: 5.00.49153 - National Instruments) Hidden
NI MDF Support (x32 Version: 3.10.392 - National Instruments) Hidden
NI mDNS Responder 2.1 for Windows 64-bit (Version: 2.10.49152 - National Instruments) Hidden
NI mDNS Responder 2.1.0 (x32 Version: 2.10.49152 - National Instruments) Hidden
NI MetaSuite Installer (x32 Version: 3.10.393 - National Instruments) Hidden
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden
NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (x32 Version: 12.0.363.0 - National Instruments) Hidden
NI SSL LabVIEW RTE 2012 Support (x32 Version: 12.0.125.0 - National Instruments) Hidden
NI SSL Support (64-bit) (Version: 12.0.408.0 - National Instruments) Hidden
NI SSL Support (x32 Version: 12.0.408.0 - National Instruments) Hidden
NI System State Publisher (64-bit) (Version: 12.0.218.0 - National Instruments) Hidden
NI System State Publisher (x32 Version: 12.0.358.0 - National Instruments) Hidden
NI System Web Server 12.0 (x32 Version: 12.0.414.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (64-bit) (Version: 12.0.407.0 - National Instruments) Hidden
NI System Web Server Base 12.0.0 (x32 Version: 12.0.407.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0 - National Instruments) Hidden
NI TDM Streaming 2.4 (x32 Version: 2.4.55.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 12.0.401.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 12.0.401.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 3.10.392 - National Instruments) Hidden
NI Update Service 2.2.1 (x32 Version: 2.21.7.0 - National Instruments) Hidden
NI USI 2.0.0 (x32 Version: 2.0.04901 - National Instruments) Hidden
NI USI 2.0.0 64-Bit (Version: 2.0.04901 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.05.0 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.05.0 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.401 - National Instruments) Hidden
NI VC2010MSMs x64 (Version: 10.0.001 - National Instruments) Hidden
NI VC2010MSMs x86 (x32 Version: 10.0.001 - National Instruments) Hidden
NI Web Application Server 12.0 (64-bit) (Version: 12.0.422.0 - National Instruments) Hidden
NI Web Application Server 12.0 (x32 Version: 12.0.422.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden
NI-Mesa (Version: 11.0.11.0 - National Instruments) Hidden
NI-Mesa (x32 Version: 11.0.11.0 - National Instruments) Hidden
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OCCT Perestroika 3.1.0 (HKLM-x32\...\OCCT_is1) (Version:  - Tetedeiench)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Overseer (HKLM-x32\...\Overseer_is1) (Version:  - GOG.com)
PC Matic 1.1.0.50 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.50 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.51 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.51 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.16 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.16 - PC Pitstop LLC.)
PCMark 8 (HKLM-x32\...\{2e7be30e-4525-4b8d-94c1-abb05bbd6d30}) (Version: 2.0.204.0 - Futuremark)
PCMark 8 (Version: 2.0.204.0 - Futuremark) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1018.0 - Passmark Software)
Planescape Torment (HKLM-x32\...\Planescape Torment_is1) (Version:  - GOG.com)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.2 - Power Software Ltd)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.11.0.0 - Goversoft LLC)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realms of Arkania - Blade of Destiny For the Gods DLC (HKLM-x32\...\UmVhbG1zb2ZBcmthbmlhQmxhZGVvZkRlc3Rpbnk=_is1) (Version: 1 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.0.0 (HKLM-x32\...\RTSS) (Version: 6.0.0 - Unwinder)
RoboForm 7-9-11-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-11-1 - Siber Systems)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RotWW FCR ENG (HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\RotWW FCR ENG) (Version:  - )
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublight (HKLM\...\Sublight_is1) (Version: 4 - Sublight Labs)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
System Ninja version 2.4.5 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 2.4.5 - SingularLabs)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{75AFA48E-C2C3-480A-8356-69006BCA8004}) (Version: 2.2.3.0 - Husdawg, LLC)
Tagman (HKLM-x32\...\Tagman_is1) (Version: 1.34 - Abelssoft)
Tesla Effect: A Tex Murphy Adventure (HKLM-x32\...\VGVzbGFFZmZlY3RBVGV4TXVycGh5QWR2ZW50dXJl_is1) (Version: 1 - )
Tex Murphy 1 and 2 (HKLM-x32\...\GOGPACKTEX1AND2_is1) (Version: 2.0.0.70 - GOG.com)
The Pandora Directive (HKLM-x32\...\GOGPACKTEX4_is1) (Version: 2.0.0.12 - GOG.com)
The Ultimate Troubleshooter (HKLM-x32\...\The Ultimate Troubleshooter) (Version:  - AnswersThatWork.com)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version:  - GOG.com)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\The Witcher Enhanced Edition Director's Cut_is1) (Version:  - GOG.com)
theRenamer 7.69 (HKLM-x32\...\{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1) (Version:  - theRenamer)
TP-LINK Wireless Client Utility (x32 Version: 2.0 - TP-LINK) Hidden
Tropico (HKLM-x32\...\Steam App 33520) (Version:  - PopTop Software)
Tropico 2: Pirate Cove (HKLM-x32\...\Steam App 33530) (Version:  - PopTop Software)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Tropico 3: Absolute Power (HKLM-x32\...\Steam App 57600) (Version:  - Haemimont Games)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Tropico 5  v1.04 (Special Steam Edition)(3 DLC) (HKLM-x32\...\Tropico 5  v1.04 (Special Steam Edition)(3 DLC)1.04) (Version: 1.04 - Friends in War)
Under a Killing Moon (HKLM-x32\...\GOGPACKTEX3_is1) (Version: 2.0.0.10 - GOG.com)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Wasteland 2 (HKLM-x32\...\1207665783_is1) (Version: 2.0.0.8 - GOG.com)
Watch Dogs (HKLM-x32\...\Watch Dogs_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Wise Disk Cleaner 7.97 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 7.97 - WiseCleaner.com, Inc.)
X Rebirth The Teladi Outpost v.3.0.0.0 (HKLM-x32\...\X Rebirth The Teladi Outpost_is1) (Version:  - )
XBMC (HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\XBMC) (Version:  - Team XBMC)
Xenonauts (HKLM-x32\...\Xenonauts_is1) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{070057DA-0223-4D7E-B886-7CF38806F044}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{11FFBFC4-F659-4B0C-9AE5-F303D6388DE2}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{50816FB8-F732-4619-9AF6-1DE9BE6935AA}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{617D20C6-66F6-44E2-9029-5676DA09DF95}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{65530C01-AC04-408F-AC64-DF190D9C0A89}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{7321CFC2-9DBE-447D-95F9-6FB5DF021A83}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{77205869-4901-44E3-8294-2C9224A67FDF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{7AD308AA-5926-43FA-859E-233559367132}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{8D8C3FC1-38EA-4376-B746-9F6D7E6326FF}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{9D786B21-D481-4737-8D7B-81662CEC5B64}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{9F06FCDF-2113-449D-B6CC-183EF2FE390F}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File
CustomCLSID: HKU\S-1-5-21-490156171-3473242110-392294870-1000_Classes\CLSID\{DED1C6B0-D833-4AE1-91A3-0AAE902D515E}\InprocServer32 -> C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll No File

==================== Restore Points  =========================

30-12-2014 09:04:12 Installed calibre 64bit
31-12-2014 09:31:34 PC Pitstop Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 23:26 - 2014-12-30 22:15 - 00450892 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {167850C0-7BFB-4410-8DCE-602FB6F6EAFE} - System32\Tasks\ShouldIRemoveIt => C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-02-13] (Reason Software Company Inc.)
Task: {1806695A-1236-43B5-A313-4E74C6F1C1B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {23D35D23-5C50-4DB7-8CE1-8F94E53623C9} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
Task: {3FBBA572-B426-4591-8573-A628D72F9E32} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-27] (Siber Systems)
Task: {4B4ECBA2-1054-4E0C-AE68-5A1C3B693F5E} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {737A4413-404C-499B-AF2E-E629F78C4204} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {819A4BC7-9F84-4485-B478-112ABD66CEDD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {83CC3663-D5E4-4BA7-8D9C-337728AE354F} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-09-27] (PC Drivers Headquarters)
Task: {92ACF0A1-22A3-4D65-B123-3B9730B1F9C9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation)
Task: {9492702F-E0B4-4593-B70B-4D89681E4ECE} - System32\Tasks\Peerblock startup => C:\Program Files\PeerBlock\peerblock.exe [2014-01-14] (PeerBlock, LLC)
Task: {9EB8FF60-9292-4E87-86FF-15CBBBB4F1E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AD4C08F0-010D-49AA-8083-3CD6024D07C1} - System32\Tasks\{57789A4A-D031-4F20-ABB5-86D8CE3B8BC7} => pcalua.exe -a "F:\Hitman\Crack &amp; Patch\Patch\hitman_sp1.exe" -d "F:\Hitman\Crack &amp; Patch\Patch"
Task: {BCA83C20-F6B5-4E11-8B73-93C9E601F973} - System32\Tasks\Opera scheduled Autoupdate 1383541367 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {C81939FE-DB22-4962-9479-790F182FB66A} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe
Task: {CBE51C26-1CC2-493C-A253-5C162E09EF4D} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {D63D4B54-4741-405E-80F9-1CFD53D764EF} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-09-27] (PC Drivers Headquarters)
Task: {DC129229-FC48-418B-A384-FB90017B7058} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2012-08-02] (National Instruments)
Task: {E3BA74C2-5D4D-4B52-B0FF-03DF349E1BD3} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {F14776FF-13CF-4D32-86F9-56E77C4BD451} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {F157E58E-2B3C-413F-864F-5EE6913D0706} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [2013-09-27] (PC Drivers Headquarters)
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Loaded Modules (whitelisted) =============

2013-03-11 10:26 - 2013-03-11 10:26 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-12-09 12:28 - 2013-12-09 12:28 - 03525687 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu3.dll
2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-28 12:29 - 2014-07-28 12:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 12:32 - 2014-07-28 12:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 12:29 - 2014-07-28 12:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 12:31 - 2014-07-28 12:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-05-25 08:18 - 2014-05-25 08:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 08:18 - 2014-05-25 08:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-05-25 08:17 - 2014-05-25 08:17 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2014-05-25 08:17 - 2014-05-25 08:17 - 00026112 _____ () C:\Program Files\Rainmeter\Plugins\iTunesPlugin.dll
2014-05-25 08:17 - 2014-05-25 08:17 - 00056832 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2014-05-25 08:17 - 2014-05-25 08:17 - 00016896 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.dll
2014-05-25 08:17 - 2014-05-25 08:17 - 00019968 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.dll
2014-10-02 05:17 - 2014-10-02 05:17 - 00528896 _____ () C:\Program Files\WindowsApps\Microsoft.WordamentTapSnap_1.0.2.0_x86__8wekyb3d8bbwe\SnapAttackWin8.1.exe
2014-12-01 14:17 - 2014-04-15 12:02 - 00524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2014-12-01 14:19 - 2014-06-20 05:08 - 00192376 _____ () C:\ProgramData\PCPitstopDat\datRT\libBase64.dll
2014-12-01 14:19 - 2014-06-20 05:08 - 00180088 _____ () C:\ProgramData\PCPitstopDat\datRT\libMachoUniv.dll
2014-06-04 17:54 - 2014-06-04 17:54 - 00000000 _____ () C:\WINDOWS\SYSTEM32\olepro32.dll
2014-06-04 17:54 - 2014-06-04 17:54 - 00000000 _____ () C:\WINDOWS\SYSTEM32\asio.dll
2014-12-31 09:05 - 2014-12-31 09:05 - 00024064 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-03-11 10:26 - 2010-06-29 10:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-10-18 13:44 - 2014-10-18 13:44 - 00172544 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\8185c49f4eac91d533500c912f516647\IsdiInterop.ni.dll
2013-07-01 09:11 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-06-04 17:54 - 2014-06-04 17:54 - 00000000 _____ () C:\WINDOWS\SYSTEM32\AsIO.dll
2013-11-02 20:52 - 2012-05-17 17:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2013-11-02 20:52 - 2012-07-05 11:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-11-02 20:50 - 2011-07-12 18:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-11-02 20:50 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-11-02 20:50 - 2012-03-21 11:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-11-02 20:51 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-11-02 20:51 - 2012-07-20 08:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-11-02 20:50 - 2012-05-25 09:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-11-02 20:50 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-11-02 20:50 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-11-02 20:50 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-11-02 20:50 - 2011-10-14 19:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-03-11 10:26 - 2010-08-23 10:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-11-02 20:50 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-11-02 20:50 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-12-20 12:48 - 2014-11-26 10:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-04 17:54 - 2014-06-04 17:54 - 00000000 _____ () C:\WINDOWS\SYSTEM32\nvwgf2um.dll
2014-06-04 17:54 - 2014-06-04 17:54 - 00000000 _____ () C:\WINDOWS\system32\nvspcap.dll
2014-08-18 09:30 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-18 09:30 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-18 09:30 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-01 14:17 - 2014-12-01 14:05 - 00184944 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2014-10-18 13:50 - 2014-10-18 13:50 - 02089472 _____ () C:\Users\Dan's\AppData\Local\Packages\Microsoft.WordamentTapSnap_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\SnapAttackWin8.1\eb30eba2d00e8db38b4d4a5c395c1075\SnapAttackWin8.1.ni.exe
2014-10-19 05:54 - 2014-10-19 05:54 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2014-10-19 05:54 - 2014-10-19 05:54 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2014-10-19 05:54 - 2014-10-19 05:54 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-10-18 13:50 - 2014-10-18 13:50 - 00078848 _____ () C:\Users\Dan's\AppData\Local\Packages\Microsoft.WordamentTapSnap_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\SnapAttackStrings\642d6f08f45ca7808cecf6c60e558752\SnapAttackStrings.ni.dll
2014-10-19 05:55 - 2014-10-19 05:55 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2014-10-19 05:55 - 2014-10-19 05:55 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2014-10-19 05:55 - 2014-10-19 05:55 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2014-05-07 02:45 - 2014-05-07 02:45 - 00483840 _____ () C:\Users\Dan's\AppData\Local\Packages\Microsoft.WordamentTapSnap_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
2014-10-19 05:55 - 2014-10-19 05:55 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\ade4f25e9d8384f190ede9eb090281cb\Windows.Security.ni.dll
2014-10-19 05:55 - 2014-10-19 05:55 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2014-04-12 16:49 - 2014-04-12 16:49 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-10-19 05:55 - 2014-10-19 05:55 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2014-04-12 16:49 - 2014-04-12 16:49 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2014-04-12 16:49 - 2014-04-12 16:49 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates
AlternateDataStreams: C:\ProgramData\TEMP:AB03533D
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703
AlternateDataStreams: C:\Users\Dan's\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "NI Update Service"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "ACSW17EN"
HKLM\...\StartupApproved\Run32: => "RazerGameBooster"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run: => ""
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run: => "Driver Detective"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run: => "LightScribe Control Panel"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\StartupApproved\Run: => "RocketDock"

========================= Accounts: ==========================

Administrator (S-1-5-21-490156171-3473242110-392294870-500 - Administrator - Disabled)
ASPNET (S-1-5-21-490156171-3473242110-392294870-1003 - Limited - Enabled)
Dan's (S-1-5-21-490156171-3473242110-392294870-1000 - Administrator - Enabled) => C:\Users\Dan's
Guest (S-1-5-21-490156171-3473242110-392294870-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-490156171-3473242110-392294870-1012 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 09:43:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OCCT.exe, version: 3.1.0.8, time stamp: 0x2a425e19
Faulting module name: OCCT.exe, version: 3.1.0.8, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x000f900f
Faulting process id: 0x1330
Faulting application start time: 0xOCCT.exe0
Faulting application path: OCCT.exe1
Faulting module path: OCCT.exe2
Report Id: OCCT.exe3
Faulting package full name: OCCT.exe4
Faulting package-relative application ID: OCCT.exe5

Error: (12/31/2014 09:23:13 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/31/2014 09:06:15 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/31/2014 09:06:15 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/31/2014 00:39:20 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/31/2014 00:39:17 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 09:45:21 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 09:45:20 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 08:49:05 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).

Error: (12/30/2014 08:49:04 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: Failed to start the Windows Mobile-based device connectivity service due to EnableRAPIMgr(0x80070005) failure (see data for failure code).


System errors:
=============
Error: (12/31/2014 09:06:15 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Mobile-based device connectivity service terminated with the following service-specific error:
%%2147942405

Error: (12/31/2014 09:06:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Mobile-2003-based device connectivity service depends on the Windows Mobile-based device connectivity service which failed to start because of the following error:
%%0

Error: (12/31/2014 09:06:15 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Mobile-based device connectivity service terminated with the following service-specific error:
%%2147942405

Error: (12/31/2014 09:04:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with the following service-specific error:
%%2147500034

Error: (12/31/2014 02:16:12 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (12/31/2014 02:16:06 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (12/31/2014 02:16:01 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (12/31/2014 02:15:54 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (12/31/2014 02:15:48 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (12/31/2014 02:15:43 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.


Microsoft Office Sessions:
=========================
Error: (12/31/2014 09:43:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OCCT.exe3.1.0.82a425e19OCCT.exe3.1.0.82a425e19c0000005000f900f133001d0251077840a27C:\Program Files (x86)\OCCT\OCCT.exeC:\Program Files (x86)\OCCT\OCCT.exed4ea7cc6-9103-11e4-bfaf-002683146b5b

Error: (12/31/2014 09:23:13 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (12/31/2014 09:06:15 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)

Error: (12/31/2014 09:06:15 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)

Error: (12/31/2014 00:39:20 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)

Error: (12/31/2014 00:39:17 AM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 09:45:21 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 09:45:20 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 08:49:05 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)

Error: (12/30/2014 08:49:04 PM) (Source: RapiMgr) (EventID: 2) (User: )
Description: EnableRAPIMgr(0x80070005)


CodeIntegrity Errors:
===================================
  Date: 2014-09-13 19:03:54.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:53.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:53.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:53.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:53.514
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:53.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:15.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:15.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:14.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-13 19:03:14.905
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 39%
Total physical RAM: 8159.14 MB
Available physical RAM: 4932.02 MB
Total Pagefile: 9439.14 MB
Available Pagefile: 5518.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:161.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:269.32 GB) NTFS
Drive g: (SAMSUNG DANS) (Fixed) (Total:1863.01 GB) (Free:183.47 GB) NTFS
Drive h: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:271.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2F2500A8)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2F2500D0)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 2077703C)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 31 December 2014 - 10:13 PM

Hi MrKez,

Thank you. The logs are much easier to read in that format.

Did you boot to the Last Known Good Configuration on 12/30/2014?

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
CloseProcesses:
C:\Users\Dan's\Documents\Rainmeter\Skins\@Backup\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe
C:\Users\Dan's\Documents\Rainmeter\Skins\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe 
C:\Users\Dan's\Downloads\Richard_Kadrey_-_[Sandman_Slim_06]_-_The_Getaway_God_(epub).epub.exe 
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} -> C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll No File
U3 DfSdkS; No ImagePath
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates
AlternateDataStreams: C:\ProgramData\TEMP:AB03533D
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703
AlternateDataStreams: C:\Users\Dan's\SkyDrive:ms-properties
EmptyTemp:
CMD: ipconfig /flushdns
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • checkup.txt
  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 01 January 2015 - 10:46 AM

Okay. Thank you so much for your help so far. After running those scans and fixes, my computer is booting a lot faster. It also does not popup with the gamersinfo page. I do not know what happened and I do not have the checkup.txt nor the ADW log. When I tried to re-run that program I get unsupported OS. Here are the log that I do have. I thought that they saved automatically and clicked okay to reboot.

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Dan's at 2015-01-01 10:05:23 Run:1
Running from C:\Users\Dan's\Desktop
Loaded Profile: Dan's (Available profiles: Dan's)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
C:\Users\Dan's\Documents\Rainmeter\Skins\@Backup\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe
C:\Users\Dan's\Documents\Rainmeter\Skins\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe
C:\Users\Dan's\Downloads\Richard_Kadrey_-_[Sandman_Slim_06]_-_The_Getaway_God_(epub).epub.exe
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} -> C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll No File
U3 DfSdkS; No ImagePath
AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates
AlternateDataStreams: C:\ProgramData\TEMP:AB03533D
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703
AlternateDataStreams: C:\Users\Dan's\SkyDrive:ms-properties
EmptyTemp:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
C:\Users\Dan's\Documents\Rainmeter\Skins\@Backup\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe => Moved successfully.
C:\Users\Dan's\Documents\Rainmeter\Skins\Kotoko 4.0\Launcher\Tools\RunOrMaximizeProgram\RMdock.exe => Moved successfully.
C:\Users\Dan's\Downloads\Richard_Kadrey_-_[Sandman_Slim_06]_-_The_Getaway_God_(epub).epub.exe => Moved successfully.
HKU\S-1-5-21-490156171-3473242110-392294870-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key deleted successfully.
"HKCR\CLSID\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key deleted successfully.
DfSdkS => Service deleted successfully.
C:\ProgramData\sdpsenv.dat => ":naughtypirates" ADS removed successfully.
C:\ProgramData\TEMP => ":AB03533D" ADS removed successfully.
C:\ProgramData\TEMP => ":D2F2F703" ADS removed successfully.
C:\Users\Dan's\SkyDrive => ":ms-properties" ADS removed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 655.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:05:31 ====

 

--------

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by Dan's on Thu 01/01/2015 at 10:20:26.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\DriverToolkit Autorun.job
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dan's\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Dan's\AppData\Roaming\mozilla\firefox\profiles\1yc4fj06.default\prefs.js

user_pref("extensions.addonfox.addit.localInstallItems", "{ \"software\": {\r\n    \"3682\":{\r\n        \"id\":\"3682\",\r\n        \"type\": \"XPI\",\r\n        \"url\": \"\",\r\n        \"xpi euid\":
user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"94\": {\"id\": \"94\",\"title\": \"DoNotTrackMe\",\"type\": \"XPI\",\"url\": \"hxxp://www.abine.c
Emptied folder: C:\Users\Dan's\AppData\Roaming\mozilla\firefox\profiles\1yc4fj06.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/01/2015 at 10:21:47.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

-----

New FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Dan's (administrator) on DANS-PC on 01-01-2015 10:23:58
Running from C:\Users\Dan's\Desktop
Loaded Profile: Dan's (Available profiles: Dan's)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(Beepa P/L) C:\Fraps\fraps.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [27328 2012-08-31] (PC Pitstop LLC)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-05-30] (Power Software Ltd)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1728624 2014-12-01] (PC Pitstop LLC)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-27] (Siber Systems)
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: I - "I:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: J - "J:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {49ae9a59-728c-11e4-bf99-002683146b5b} - "J:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {5fadc030-fca3-11e3-bf62-002683146b5b} - "I:\LG_PC_Programs.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {829b14fe-ed42-11e3-bf52-bcaec57615fd} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {958b714d-f737-11e3-bf60-002683146b5b} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {ce37d1d1-ef88-11e3-bf53-bcaec57615fd} - "I:\LGAutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-490156171-3473242110-392294870-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {4DB74D06-491C-440D-305E-012400990F3E} -> C:\WINDOWS\SysWOW64\api-ms--win-service-management-l1-1-0.dll ()
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKU\S-1-5-21-490156171-3473242110-392294870-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default
FF NewTab: https://privatelee.qrobe.it/
FF DefaultSearchEngine: qrobe.it (HTTPS)
FF SelectedSearchEngine: qrobe.it (HTTPS)
FF Homepage: privatelee.qrobe.it
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin HKU\S-1-5-21-490156171-3473242110-392294870-1000: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKU\S-1-5-21-490156171-3473242110-392294870-1000: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2011win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll (National Instruments)
FF SearchPlugin: C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\searchplugins\qrobeit-https.xml
FF Extension: Fire IE - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\fireie@fireie.org [2014-12-19]
FF Extension: HTTPS-Everywhere - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\https-everywhere@eff.org [2014-10-15]
FF Extension: Hola Better Internet - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-12-30]
FF Extension: NetVideoHunter - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\netvideohunter@netvideohunter.com [2014-07-28]
FF Extension: ColorfulTabs - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-12-17]
FF Extension: Empty Cache Button - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-09-13]
FF Extension: Default Full Zoom Level - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-26]
FF Extension: Disconnect - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\2.0@disconnect.me.xpi [2014-05-13]
FF Extension: Add-on Compatibility Reporter - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\compatibility@addons.mozilla.org.xpi [2014-12-31]
FF Extension: YouTube HTML5 Switch - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-coCUQ7NySNPcj72dA3557kKXGZU@jetpack.xpi [2013-06-18]
FF Extension: AdF.ly Skipper ★WORKING★ - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2014-07-29]
FF Extension: Enhanced Steam - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-03-07]
FF Extension: YouTube Center - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-29]
FF Extension: Lazarus: Form Recovery - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazarus@interclue.com.xpi [2013-03-11]
FF Extension: Lazy Click - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazyclick@tmarki.com.xpi [2013-03-11]
FF Extension: Long URL Please - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\longurlplease@darragh.curran.xpi [2013-11-15]
FF Extension: Masking Agent - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\maskingagent@basa.nl.xpi [2013-03-21]
FF Extension: No Small Text - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\nosmalltext@pjs.nl.xpi [2014-11-06]
FF Extension: Stealthy - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\stealthyextension@gmail.com.xpi [2014-07-10]
FF Extension: Google Translator for Firefox - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\translator@zoli.bod.xpi [2013-03-11]
FF Extension: imagiris - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\user@imagiris.txt.xpi [2013-03-11]
FF Extension: Resurrect Pages - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-03-11]
FF Extension: URL Fixer - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2013-03-11]
FF Extension: Adblock Plus - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2014-11-10]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.com [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-03-11]
FF HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-11] ()
R3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-11] (ASUSTeK Computer Inc.)
S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-11] (ASUSTeK Computer Inc.)
S3 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2013-11-02] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-04-23] (BioWare)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S3 LkCitadelServer; C:\WINDOWS\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
S3 lkClassAds; C:\WINDOWS\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
S3 lkTimeSync; C:\WINDOWS\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
S3 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
S3 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S3 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
S3 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [605808 2014-12-01] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-05-30] (PC Pitstop LLC)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S3 GingerUpdateService; "C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\system32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R3 arusb_win7x; C:\Windows\system32\DRIVERS\arusb_win7x.sys [769024 2010-02-23] (Atheros Communications, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 PTQHBUS; C:\Windows\System32\drivers\PTQHBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 10:23 - 2015-01-01 10:23 - 00027098 _____ () C:\Users\Dan's\Desktop\FRST.txt
2015-01-01 10:21 - 2015-01-01 10:21 - 00001523 _____ () C:\Users\Dan's\Desktop\JRT.txt
2015-01-01 10:21 - 2015-01-01 10:21 - 00001523 _____ () C:\Users\Dan's\AppData\Local\Temp\JRT.txt
2015-01-01 10:20 - 2015-01-01 10:20 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-01 10:20 - 2015-01-01 10:20 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\jrt
2015-01-01 10:19 - 2015-01-01 10:19 - 01707939 _____ (Thisisu) C:\Users\Dan's\Desktop\JRT.exe
2015-01-01 10:17 - 2015-01-01 10:17 - 00003136 _____ () C:\WINDOWS\System32\Tasks\FRAPS
2015-01-01 10:10 - 2015-01-01 10:16 - 00000000 ____D () C:\AdwCleaner
2015-01-01 10:09 - 2015-01-01 10:09 - 02173952 _____ () C:\Users\Dan's\Desktop\AdwCleaner.exe
2015-01-01 10:07 - 2015-01-01 10:07 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-01 09:58 - 2015-01-01 09:58 - 00852504 _____ () C:\Users\Dan's\Desktop\SecurityCheck.exe
2014-12-31 19:51 - 2014-12-31 19:51 - 01689384 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Dan's\Downloads\GPU-Z.0.8.0.exe
2014-12-31 19:51 - 2014-12-31 19:51 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-12-31 19:51 - 2014-12-31 19:51 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-12-31 19:08 - 2014-12-31 19:34 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\Cheat Engine
2014-12-31 16:55 - 2014-12-31 16:55 - 00000000 ____D () C:\ProgramData\Apple
2014-12-31 16:54 - 2014-12-31 16:55 - 00000762 _____ () C:\Users\Dan's\AppData\Local\Temp\MSetup_2014-12-31_165426.log
2014-12-31 16:43 - 2014-12-31 16:43 - 00000020 _____ () C:\Users\Dan's\Documents\seresto.txt
2014-12-31 15:19 - 2014-12-31 15:19 - 00000000 _____ () C:\Users\Dan's\AppData\Local\Temp\LuUpdater.log
2014-12-31 11:39 - 2014-12-31 11:39 - 00000000 ____D () C:\Users\Dan's\Downloads\NV-Inspector-[Guru3D.com]
2014-12-31 11:38 - 2014-12-31 11:38 - 00228175 _____ () C:\Users\Dan's\Downloads\NV-Inspector-[Guru3D.com].rar
2014-12-31 11:23 - 2014-12-31 11:24 - 00057453 _____ () C:\Users\Dan's\Desktop\Addition.txt
2014-12-31 11:21 - 2015-01-01 10:24 - 00000000 ____D () C:\FRST
2014-12-31 11:21 - 2014-12-31 11:21 - 02123264 _____ (Farbar) C:\Users\Dan's\Desktop\FRST64.exe
2014-12-31 11:20 - 2014-12-31 11:20 - 00002622 _____ () C:\Users\Dan's\Desktop\aswMBR.txt
2014-12-31 11:20 - 2014-12-31 11:20 - 00000512 _____ () C:\Users\Dan's\Desktop\MBR.dat
2014-12-31 10:20 - 2014-12-31 10:20 - 05198336 _____ (AVAST Software) C:\Users\Dan's\Desktop\aswMBR.exe
2014-12-31 09:44 - 2014-12-31 09:44 - 00000000 ____D () C:\Users\Dan's\Documents\PassMark
2014-12-31 09:32 - 2015-01-01 10:18 - 00031832 _____ () C:\Users\Dan's\AppData\Local\Temp\Dan's.bmp
2014-12-30 23:43 - 2014-12-30 23:43 - 00006002 _____ () C:\WINDOWS\system32\PTHQsetup_20141230.log
2014-12-30 23:38 - 2014-12-30 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-30 22:15 - 2014-12-30 22:14 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221533.backup
2014-12-30 22:14 - 2014-12-14 12:39 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221456.backup
2014-12-30 21:34 - 2014-12-30 21:34 - 00001343 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-12-30 21:34 - 2014-12-30 21:34 - 00000000 ____D () C:\WINDOWS\LastGood
2014-12-30 21:34 - 2014-12-30 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-30 21:34 - 2014-12-13 02:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 32099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 25460552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 24764232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 20465808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 18594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 17264312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 16040184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 14128496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 13288360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 13202520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10770120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10710160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10345280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-12-30 21:33 - 2014-12-13 04:08 - 03610440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 03293136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 03248968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 02897824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00994384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00968336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00942400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00928072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00906560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00876976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00834880 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00306328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00178632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00165760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00027983 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-12-30 21:33 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-30 21:33 - 2014-11-22 04:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-12-30 21:33 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-30 21:28 - 2014-12-30 21:30 - 307606328 _____ (NVIDIA Corporation) C:\Users\Dan's\Downloads\347.09-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-12-30 19:57 - 2014-12-13 02:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-12-30 19:55 - 2014-12-30 19:55 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-12-30 18:20 - 2014-12-30 18:20 - 00000008 _____ () C:\Users\Dan's\Documents\oliveranch order.txt
2014-12-30 10:24 - 2014-12-30 10:41 - 341142420 _____ () C:\Users\Dan's\Downloads\Sting - Live 60th birthday concert NY Beacon Theatre 1 october 2011.mp4
2014-12-30 09:04 - 2014-12-30 09:04 - 00000902 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-12-30 08:56 - 2014-12-30 08:56 - 68653056 _____ () C:\Users\Dan's\Downloads\calibre-64bit-2.14.0.msi
2014-12-28 18:18 - 2014-12-28 18:20 - 34305058 _____ () C:\Users\Dan's\Downloads\torbrowser-install-4.0.2_en-US.exe
2014-12-28 14:40 - 2014-12-28 14:48 - 443555719 _____ () C:\Users\Dan's\Downloads\N7_2013_tools20140228.zip
2014-12-28 14:40 - 2014-12-28 14:40 - 23590680 _____ (深圳瓶子科技有限公司) C:\Users\Dan's\Downloads\ShuameSetup_2.0.3.exe
2014-12-28 14:39 - 2014-12-28 14:43 - 281012968 _____ () C:\Users\Dan's\Downloads\miui_Nexus7_4.8.22_396a8fe8f5_4.4.zip
2014-12-27 20:25 - 2014-12-27 20:25 - 04551776 _____ (Krzysztof Kowalczyk) C:\Users\Dan's\Downloads\SumatraPDF-3.0-install.exe
2014-12-27 19:36 - 2014-12-27 19:36 - 00000951 _____ () C:\Users\Public\Desktop\Tagman.lnk
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Abelssoft
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tagman
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\Program Files (x86)\Tagman
2014-12-27 19:35 - 2014-12-27 19:35 - 00001090 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 19:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-27 19:35 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-27 19:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-27 17:38 - 2014-12-27 17:39 - 26498368 _____ (Abelssoft ) C:\Users\Dan's\Downloads\TAGMAN_2015.exe
2014-12-26 23:26 - 2014-12-26 23:26 - 00000000 ____D () C:\Users\Dan's\Documents\My Cheat Tables
2014-12-24 20:57 - 2014-12-24 20:57 - 17102864 _____ (Electronic Arts, Inc.) C:\Users\Dan's\Downloads\OriginThinSetup.exe
2014-12-24 19:35 - 2014-12-24 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity 2000 Special Edition
2014-12-24 19:24 - 2014-12-24 19:24 - 00001330 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-24 19:24 - 2014-12-24 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-24 14:58 - 2014-12-24 19:34 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-24 14:57 - 2014-12-24 15:22 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Origin
2014-12-24 14:55 - 2014-12-31 14:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-24 14:55 - 2014-12-24 14:55 - 00000951 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-24 14:55 - 2014-12-24 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-22 11:23 - 2014-11-10 18:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-12-22 11:22 - 2014-11-17 14:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-12-22 11:22 - 2014-11-17 14:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-12-22 11:22 - 2014-11-15 13:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-12-22 11:22 - 2014-11-15 00:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-12-22 11:22 - 2014-11-14 08:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-12-22 11:22 - 2014-11-14 01:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-12-22 11:22 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2014-12-22 11:22 - 2014-11-14 00:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-12-22 11:22 - 2014-11-14 00:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-12-22 11:22 - 2014-11-14 00:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-12-22 11:22 - 2014-11-14 00:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-12-22 11:22 - 2014-11-14 00:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-12-22 11:22 - 2014-11-14 00:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-12-22 11:22 - 2014-11-14 00:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-22 11:22 - 2014-11-14 00:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-12-22 11:22 - 2014-11-13 23:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-12-22 11:22 - 2014-11-13 23:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-12-22 11:22 - 2014-11-13 23:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-12-22 11:22 - 2014-11-13 23:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-12-22 11:22 - 2014-11-13 23:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-12-22 11:22 - 2014-11-13 22:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-22 11:22 - 2014-11-10 18:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-12-22 11:22 - 2014-11-10 12:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-12-22 11:22 - 2014-11-10 12:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-12-22 11:22 - 2014-11-10 12:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-12-22 11:22 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-12-22 11:22 - 2014-11-09 20:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-12-22 11:22 - 2014-11-09 19:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-12-22 11:22 - 2014-11-09 19:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-12-22 11:22 - 2014-11-09 19:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-12-22 11:22 - 2014-11-09 19:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-12-22 11:22 - 2014-11-09 19:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-12-22 11:22 - 2014-11-09 19:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-12-22 11:22 - 2014-11-09 19:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-12-22 11:22 - 2014-11-09 18:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-12-22 11:22 - 2014-11-09 18:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-12-22 11:22 - 2014-11-08 04:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2014-12-22 11:22 - 2014-11-08 04:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2014-12-22 11:22 - 2014-11-07 22:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2014-12-22 11:22 - 2014-11-07 22:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2014-12-22 11:22 - 2014-11-07 21:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2014-12-22 11:22 - 2014-11-07 21:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2014-12-22 11:22 - 2014-11-07 21:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2014-12-22 11:22 - 2014-11-07 21:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2014-12-22 11:22 - 2014-11-07 21:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2014-12-22 11:22 - 2014-11-07 21:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2014-12-22 11:22 - 2014-11-07 21:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2014-12-22 11:22 - 2014-11-07 21:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2014-12-22 11:22 - 2014-11-07 21:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2014-12-22 11:22 - 2014-11-07 20:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2014-12-22 11:22 - 2014-11-07 20:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-12-22 11:22 - 2014-11-07 20:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-12-22 11:22 - 2014-11-07 20:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2014-12-22 11:22 - 2014-11-07 20:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-12-22 11:22 - 2014-11-07 19:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2014-12-22 11:22 - 2014-11-07 19:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-12-22 11:22 - 2014-11-07 19:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-12-22 11:22 - 2014-11-06 21:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-12-22 11:22 - 2014-11-06 21:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-12-22 11:22 - 2014-11-04 20:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2014-12-22 11:22 - 2014-11-04 20:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2014-12-22 11:22 - 2014-11-04 20:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2014-12-22 11:22 - 2014-11-04 19:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-12-22 11:22 - 2014-11-04 19:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-12-22 11:22 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-12-22 11:22 - 2014-11-04 19:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2014-12-22 11:22 - 2014-11-04 19:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2014-12-22 11:22 - 2014-11-04 19:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2014-12-22 11:22 - 2014-11-04 19:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2014-12-22 11:22 - 2014-11-04 19:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-12-22 11:22 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-12-22 11:22 - 2014-11-04 19:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-12-22 11:22 - 2014-11-04 19:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2014-12-22 11:22 - 2014-11-04 13:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2014-12-22 11:22 - 2014-11-04 13:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2014-12-22 11:22 - 2014-11-04 13:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2014-12-22 11:22 - 2014-11-04 00:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-12-22 11:22 - 2014-11-04 00:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2014-12-22 11:22 - 2014-11-03 23:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-12-22 11:22 - 2014-10-30 18:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-12-22 11:22 - 2014-10-30 18:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-12-22 11:22 - 2014-10-29 23:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-12-22 11:22 - 2014-10-29 23:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-12-22 11:22 - 2014-10-29 23:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-12-22 11:22 - 2014-10-28 21:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2014-12-22 11:22 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2014-12-22 11:22 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2014-12-22 11:22 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2014-12-22 11:22 - 2014-10-28 19:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2014-12-22 11:22 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2014-12-22 11:22 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2014-12-22 11:22 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2014-12-22 11:22 - 2014-10-28 19:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2014-12-22 11:22 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2014-12-22 11:22 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2014-12-22 11:22 - 2014-10-26 16:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-12-22 11:22 - 2014-10-20 19:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2014-12-22 11:22 - 2014-10-20 19:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2014-12-22 11:22 - 2014-10-20 18:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2014-12-22 11:22 - 2014-10-20 18:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2014-12-22 11:22 - 2014-10-20 18:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2014-12-22 11:22 - 2014-10-20 18:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-12-22 11:22 - 2014-10-20 18:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2014-12-22 11:22 - 2014-10-16 22:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-22 11:22 - 2014-10-16 22:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-22 11:22 - 2014-10-16 22:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-22 11:22 - 2014-10-16 21:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-20 12:47 - 2014-12-20 12:47 - 00244104 _____ () C:\Users\Dan's\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-17 19:29 - 2014-12-17 19:29 - 00003828 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1383541367
2014-12-17 19:29 - 2014-12-17 19:29 - 00001017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-16 20:42 - 2014-12-16 20:42 - 00000000 ____D () C:\Users\Dan's\Downloads\Dragon Age Inquisition V1.01 Trainer +15 MrAntiFun
2014-12-15 16:48 - 2014-12-15 16:48 - 00001704 _____ () C:\Users\Dan's\Desktop\Play FINAL FANTASY XIII.lnk
2014-12-15 11:23 - 2014-12-15 11:23 - 00000045 _____ () C:\Users\Dan's\Documents\blood test numbers 121614.txt
2014-12-14 16:40 - 2014-12-14 16:40 - 00001116 _____ () C:\Users\Dan's\Desktop\Final Fantasy XIII-2.lnk
2014-12-14 16:40 - 2014-12-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy XIII-2
2014-12-14 16:30 - 2014-12-14 16:57 - 00000000 ____D () C:\Program Files (x86)\Final Fantasy XIII-2
2014-12-14 12:39 - 2014-12-14 12:39 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123928.backup
2014-12-14 12:39 - 2014-12-01 00:45 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123903.backup
2014-12-13 18:38 - 2014-12-31 12:41 - 00000000 ____D () C:\ProgramData\Origin
2014-12-13 18:38 - 2014-12-24 14:55 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-13 11:20 - 2014-11-26 15:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-13 11:20 - 2014-11-26 15:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 11:17 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-13 11:17 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-13 11:17 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-13 11:17 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-13 11:17 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-13 11:17 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-13 11:17 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-13 11:17 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-13 11:17 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-13 11:17 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-13 11:17 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-13 11:17 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-13 11:17 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-13 11:17 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-13 11:17 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-13 11:17 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-13 11:17 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-13 11:17 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-13 11:17 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-13 11:17 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-13 11:17 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-13 11:17 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-13 11:17 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-13 11:17 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-13 11:17 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-13 11:17 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-13 11:17 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-13 11:17 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-13 11:17 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-13 11:17 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-13 11:17 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-13 11:17 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-13 11:17 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-13 11:17 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-13 11:17 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-13 11:17 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-13 11:17 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-13 11:17 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-13 11:17 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-13 11:17 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 11:17 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-13 11:17 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-13 11:17 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 11:16 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 11:16 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 11:16 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-13 11:16 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-12 20:51 - 2014-12-12 20:51 - 00000000 ____D () C:\Users\Dan's\Documents\Egosoft
2014-12-12 20:48 - 2014-12-12 20:50 - 00000000 ____D () C:\editing
2014-12-12 20:40 - 2014-12-12 20:40 - 00001219 _____ () C:\Users\Dan's\Desktop\X Rebirth The Teladi Outpost.lnk
2014-12-12 20:40 - 2014-12-12 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2014-12-12 20:33 - 2014-12-12 20:51 - 00000000 ____D () C:\Program Files (x86)\X Rebirth The Teladi Outpost
2014-12-12 10:14 - 2014-12-12 10:14 - 18119856 _____ (Adobe Systems Incorporated) C:\Users\Dan's\Downloads\install_flash_player.exe
2014-12-06 00:35 - 2014-12-06 00:35 - 00190428 _____ () C:\Users\Dan's\Downloads\UIT_IphStich.zip
2014-12-04 21:01 - 2014-12-04 21:01 - 30134887 _____ () C:\Users\Dan's\Downloads\Episode 63 Billy Gibbons  Live From Daryl's House with Daryl Hall  Current Episode.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 10:24 - 2014-05-04 13:40 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\Temp
2015-01-01 10:20 - 2013-03-11 09:43 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-490156171-3473242110-392294870-1000
2015-01-01 10:18 - 2013-12-17 10:13 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\ClassicShell
2015-01-01 10:17 - 2013-03-11 14:30 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-01 10:17 - 2013-03-11 14:11 - 00000000 ____D () C:\ProgramData\PCPitstopDat
2015-01-01 10:17 - 2012-10-18 19:34 - 00000000 ____D () C:\Fraps
2015-01-01 10:16 - 2013-12-31 08:52 - 00000000 ___DO () C:\Users\Dan's\SkyDrive
2015-01-01 10:15 - 2014-11-24 14:05 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-01-01 10:15 - 2014-06-08 21:47 - 00210030 _____ () C:\WINDOWS\PFRO.log
2015-01-01 10:15 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-01 10:15 - 2013-03-11 09:56 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-01-01 10:14 - 2014-06-06 00:23 - 01123895 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-01 10:14 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-01 10:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-01 10:08 - 2013-03-11 14:01 - 00000000 ____D () C:\ProgramData\PCPitstop
2015-01-01 10:07 - 2013-03-11 13:24 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2015-01-01 10:05 - 2013-08-22 09:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-01 10:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-01 00:57 - 2013-03-11 16:56 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\uTorrent
2014-12-31 19:51 - 2014-10-04 23:44 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\NVIDIA
2014-12-31 16:56 - 2014-06-09 04:30 - 00005018 _____ () C:\WINDOWS\setupact.log
2014-12-31 16:55 - 2014-06-17 12:50 - 00001964 _____ () C:\WINDOWS\LkmdfCoInst.log
2014-12-31 16:55 - 2013-12-31 01:13 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-12-31 16:55 - 2013-09-06 19:14 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-31 16:55 - 2013-09-06 19:14 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-31 16:55 - 2013-03-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-31 09:55 - 2014-08-01 12:58 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Tropico 4
2014-12-31 09:55 - 2013-03-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-31 09:43 - 2013-10-22 17:54 - 00000000 ____D () C:\Program Files (x86)\OCCT
2014-12-31 00:47 - 2014-07-15 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-30 23:45 - 2014-08-07 17:27 - 00000000 ____D () C:\Program Files (x86)\Maxis
2014-12-30 23:44 - 2013-08-12 21:57 - 00000000 _____ () C:\conmgr.log
2014-12-30 23:44 - 2013-03-11 10:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-30 23:39 - 2014-01-15 13:58 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-30 21:36 - 2013-12-31 01:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-30 21:34 - 2013-12-31 01:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 21:34 - 2013-12-31 01:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-30 21:34 - 2013-12-31 01:13 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-30 20:45 - 2013-12-31 01:22 - 00000000 ____D () C:\Users\Dan's
2014-12-30 09:07 - 2014-06-07 16:14 - 00000000 ____D () C:\Users\Dan's\Documents\Calibre Library
2014-12-30 09:04 - 2014-06-07 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-12-30 09:04 - 2014-06-07 16:11 - 00000000 ____D () C:\Program Files\Calibre2
2014-12-28 18:24 - 2014-06-07 20:11 - 00000000 ____D () C:\Users\Dan's\Desktop\Tor Browser
2014-12-28 17:16 - 2013-03-12 10:44 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\MediaMonkey
2014-12-28 00:53 - 2014-01-19 14:38 - 00409904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 00:52 - 2014-07-15 23:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:25 - 2013-03-11 16:09 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-12-27 19:36 - 2014-09-18 21:30 - 00092160 ___SH () C:\Users\Dan's\Desktop\Thumbs.db
2014-12-27 19:35 - 2014-07-15 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 19:24 - 2013-03-11 15:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-24 15:09 - 2013-02-01 11:59 - 00000000 ____D () C:\Temp
2014-12-22 12:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-22 11:33 - 2013-03-11 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-12-22 11:23 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-20 18:38 - 2014-10-23 18:35 - 00001787 _____ () C:\Users\Dan's\Desktop\Play Civilization Beyond Earth.lnk
2014-12-20 18:38 - 2014-10-23 18:35 - 00000966 _____ () C:\Users\Dan's\Desktop\visit www.nosteam.ro.lnk
2014-12-20 18:36 - 2013-01-15 20:52 - 00000000 ____D () C:\Games
2014-12-20 12:48 - 2014-11-10 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-20 12:48 - 2013-03-11 10:56 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-20 12:48 - 2013-03-11 10:56 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-17 19:29 - 2013-11-03 23:02 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-14 13:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-14 13:09 - 2013-03-11 12:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-14 12:46 - 2013-06-28 10:47 - 00000000 ____D () C:\GOG Games
2014-12-13 19:22 - 2013-12-11 19:06 - 00000000 ____D () C:\Users\Dan's\Documents\BioWare
2014-12-13 11:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 11:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 11:23 - 2013-08-13 12:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 11:20 - 2013-03-11 11:34 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 04:08 - 2014-09-19 23:37 - 00074056 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-12-13 04:08 - 2014-09-19 23:37 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2014-12-13 02:03 - 2014-09-19 23:37 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-12-13 02:03 - 2014-09-19 23:37 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-12-13 02:03 - 2014-09-19 23:37 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-12-13 02:03 - 2013-03-11 11:27 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-12-12 20:48 - 2014-11-23 10:35 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Notepad++
2014-12-12 20:44 - 2014-01-19 11:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-12 17:11 - 2014-09-19 23:37 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-12-11 22:07 - 2014-05-13 00:12 - 00000000 ____D () C:\Users\Dan's\Documents\theRenamer
2014-12-07 18:43 - 2014-11-25 16:38 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-12-07 18:43 - 2013-10-31 13:07 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-12-05 00:09 - 2013-09-29 22:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-04 19:34 - 2014-06-06 16:33 - 00000000 ____D () C:\Users\Dan's\Documents\LG OSP
2014-12-04 18:10 - 2013-10-13 07:10 - 00000000 ____D () C:\Users\Dan's\Documents\Telltale Games
2014-12-02 22:18 - 2014-11-29 01:21 - 191933275 _____ () C:\Users\Dan's\Downloads\Lynyrd Skynyrd - complete concert from Winterland 1975.mp4

Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat


Some content of TEMP:
====================
C:\Users\Dan's\AppData\Local\Temp\Temp\Quarantine.exe
C:\Users\Dan's\AppData\Local\Temp\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-31 09:29

==================== End Of Log ============================



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 January 2015 - 11:51 PM

Hi MrKez ,

Go to the Start menu, type "checkup.txt" in the search box and try and locate the log. If you cannot locate the log just run the scan again.

AdwCleaner log should be located here: C:\AdwCleaner.

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • checkup.txt
  • AdwCleaner[S0].txt
  • MBAM log
  • ESET's log.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 02 January 2015 - 05:16 PM

Okay, here they are.

 

checkup

-----------

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
PC Matic Super Shield   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Secunia PSI (3.0.0.7011)   
 Wise Disk Cleaner 7.97  
 Java 7 Update 72  
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player     16.0.0.235  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

---------

ADWCleaner[SO]

# AdwCleaner v4.106 - Report created 01/01/2015 at 10:13:43
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Dan's - DANS-PC
# Running from : C:\Users\Dan's\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Store
Folder Deleted : C:\ProgramData\SuperbApp
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\3e5c91322a5f2c2f
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
Folder Deleted : C:\Users\Dan's\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Dan's\AppData\Roaming\NCH Software
[!] Folder Deleted : C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[!] Folder Deleted : C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi
File Deleted : C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Detective-RTMUpdater
Task Deleted : Driver Detective-RTMScan
Task Deleted : Driver Detective-RTMRules

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Driver Detective]
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[1yc4fj06.default\prefs.js] - Line Deleted : user_pref("extensions.linkextend.defaultsearchengine", "ixquick");
[1yc4fj06.default\prefs.js] - Line Deleted : user_pref("extensions.tweakmdb.addit.remoteInstallItems", "{ \"software\": {\"39\": {\"id\": \"39\",\"title\": \"LuckySavings\",\"type\": \"EXE\",\"url\": \"hxxp://cdn.outbrowse.com/components/LuckySa[...]
[1yc4fj06.default\prefs.js] - Line Deleted : user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"39\": {\"id\": \"39\",\"title\": \"LuckySavings\",\"type\": \"EXE\",\"url\": \"hxxp://cdn.outbrowse.com/components/LuckyS[...]

-\\ Comodo Dragon v


-\\ Opera v26.0.1656.60

[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe

*************************

AdwCleaner[R0].txt - [5003 octets] - [01/01/2015 10:12:23]
AdwCleaner[S0].txt - [4970 octets] - [01/01/2015 10:13:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5030 octets] ##########
 

------------

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/2/2015
Scan Time: 10:10:22 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.02.04
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Dan's

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404661
Time Elapsed: 9 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.TorchMedia, C:\Users\Dan's\Downloads\TorchSetup-r0-n-bf.exe, Quarantined, [aaf20ce638518fa739b30bd3d22f31cf],

Physical Sectors: 0
(No malicious items detected)


(end)

----------------

ESET

C:\Users\Dan's\Downloads\Dragon Age Inquisition V1.01 Trainer +15 MrAntiFun\Dragon Age Inquisition V1.01 Trainer +15 MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    
C:\Users\Dan's\Downloads\Shadowrun Returns Dragonfall V1.2.5 Trainer +5\Shadowrun Returns Dragonfall V1.2.5 Trainer +5  MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    
C:\Users\Dan's\Downloads\Shadowrun_Returns_Dragonfall_V1.2.5_Trainer_plus5\Shadowrun Returns Dragonfall V1.2.5 Trainer +5  MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    
C:\Users\Dan's\Downloads\wirelesskeyview-x64\WirelessKeyView.exe    a variant of Win64/WirelessKeyView.B potentially unsafe application    
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    
D:\GAmes\Assassins.Creed.III The Tyranny of King Washington The Betrayal DLC-P2P\Crack\ubiorbitapi_r2_loader.dll    a variant of Win32/Packed.VMProtect.AAD trojan    
D:\GAmes\Assassins.Creed.III.Update.v1.02.Proper-RELOADED\Crack\ubiorbitapi_r2_loader.dll    a variant of Win32/Packed.VMProtect.AAD trojan    
D:\GAmes\Assassins.Creed.III.Update.v1.03-RELOADED\Crack\ubiorbitapi_r2_loader.dll    a variant of Win32/Packed.VMProtect.AAD trojan    
G:\saints row stuff\Saints Row 2 Trainer.exe    a variant of Win32/GameHack.F potentially unsafe application    
G:\saints row stuff\Sarow2v12+14trn\Saints Row 2 1.2 + 14 Trainer.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application    
G:\skyrim stuff\Add_Perk_Points_Trainer_NEW_UPDATE-745\TytanisAddPerkPoints32bit.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    
G:\skyrim stuff\Add_Perk_Points_Trainer_NEW_UPDATE-745\TytanisAddPerkPoints64bit.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    
G:\torrents\ACDsystem ACDSee 17.0.42+Keymaker-CORE\Keygen\cr-acdsystems.exe    a variant of Win32/Keygen.AU potentially unsafe application    
G:\torrents\MGQ Parts 1-3 100% Translated\MGQ Parts 1-3 100% Translated\mod\Spirits\Setup-MsgPlus-511.exe    a variant of Win32/MessengerPlus.A potentially unwanted application    
G:\torrents\Privacy_Safeguard-BitTorrent-d\Privacy_Safeguard.exe    a variant of Win32/Bunndle potentially unsafe application    
G:\Witcher 2 AOK mods\CheatEngine62.exe    Win32/OpenCandy potentially unsafe application    
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\PCD-G\APNIC.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASPNET\AppData\Local\torch\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Dan's\Downloads\Richard_Kadrey_-_[Sandman_Slim_06]_-_The_Getaway_God_(epub).epub.exe.xBAD    Win32/OutBrowse.AN potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Dan's\Downloads\CheatEngine64.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
C:\Users\Dan's\Downloads\freeocr.exe    Win32/InstallMonetizer.AF potentially unwanted application    deleted - quarantined
C:\Users\Dan's\Downloads\PSeMu3_Setup.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Dan's\Downloads\switchsetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
 

 

 

 

 

 



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 January 2015 - 10:36 PM

Hi MrKez,

I have noticed in your ESET log some questionable software. Please review the information I have provided and confirm the status of the software in question.

We do not support the use of illegal Pirated/Warez/Cracked software .

  • Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime.
  • Therefore you will be asked to remove any cracked programs and in the case of your operating system, to obtain a valid licensed copy.
  • You will be asked to remove any such software before receiving any help.

D:\GAmes\Assassins.Creed.III The Tyranny of King Washington The Betrayal DLC-P2P\Crack\ubiorbitapi_r2_loader.dll
D:\GAmes\Assassins.Creed.III.Update.v1.02.Proper-RELOADED\Crack\ubiorbitapi_r2_loader.dll
D:\GAmes\Assassins.Creed.III.Update.v1.03-RELOADED\Crack\ubiorbitapi_r2_loader.dll
G:\torrents\ACDsystem ACDSee 17.0.42+Keymaker-CORE\Keygen\cr-acdsystems.exe


You must remove these and any other illegal software installed on your computer or any external hard drives or flash drives before we can continue.

Please address these areas of concern otherwise we cannot proceed.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 02 January 2015 - 11:44 PM

I think that I got rid of it all. I am somewhat disorganized, but I think that it is all gone. Do you need anything to continue?



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 January 2015 - 12:47 AM

Hi MrKez,

Thank you.

Please re-run the ESET scan, then reboot and run a fresh scan with FRST

In your next reply please provide the following:
ESET.txt
FRST.txt
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 03 January 2015 - 09:18 PM

ESET

C:\Users\Dan's\AppData\Local\Temp\Temp\uttC77B.tmp    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
C:\Users\Dan's\Downloads\Dragon Age Inquisition V1.01 Trainer +15 MrAntiFun\Dragon Age Inquisition V1.01 Trainer +15 MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted - quarantined
C:\Users\Dan's\Downloads\Shadowrun Returns Dragonfall V1.2.5 Trainer +5\Shadowrun Returns Dragonfall V1.2.5 Trainer +5  MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted - quarantined
C:\Users\Dan's\Downloads\Shadowrun_Returns_Dragonfall_V1.2.5_Trainer_plus5\Shadowrun Returns Dragonfall V1.2.5 Trainer +5  MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted - quarantined
C:\Users\Dan's\Downloads\wirelesskeyview-x64\WirelessKeyView.exe    a variant of Win64/WirelessKeyView.B potentially unsafe application    deleted - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\213\spdDYAlex.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\iIMXxa.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmnakhiognchpbnoloekckhffggkfmil\5.14\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\lsdb.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ngggjbgdcbdebilpooicmaeefdbdabmi\1.0\wCl.js    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
G:\skyrim stuff\Add_Perk_Points_Trainer_NEW_UPDATE-745\TytanisAddPerkPoints32bit.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted - quarantined
G:\skyrim stuff\Add_Perk_Points_Trainer_NEW_UPDATE-745\TytanisAddPerkPoints64bit.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    deleted - quarantined
G:\Witcher 2 AOK mods\CheatEngine62.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
 

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Dan's (administrator) on DANS-PC on 03-01-2015 21:16:02
Running from C:\Users\Dan's\Desktop
Loaded Profile: Dan's (Available profiles: Dan's)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Beepa P/L) C:\Fraps\fraps.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(NVIDIA Corporation) C:\Users\Dan's\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [Info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [27328 2012-08-31] (PC Pitstop LLC)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-05-30] (Power Software Ltd)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [1728624 2014-12-01] (PC Pitstop LLC)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2014-11-27] (Siber Systems)
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: F - "F:\Setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: I - "I:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: J - "J:\setup.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {49ae9a59-728c-11e4-bf99-002683146b5b} - "J:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {5fadc030-fca3-11e3-bf62-002683146b5b} - "I:\LG_PC_Programs.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {829b14fe-ed42-11e3-bf52-bcaec57615fd} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {958b714d-f737-11e3-bf60-002683146b5b} - "I:\LGAutoRun.exe"
HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\MountPoints2: {ce37d1d1-ef88-11e3-bf53-bcaec57615fd} - "I:\LGAutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-490156171-3473242110-392294870-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {4DB74D06-491C-440D-305E-012400990F3E} -> C:\WINDOWS\SysWOW64\api-ms--win-service-management-l1-1-0.dll ()
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKU\S-1-5-21-490156171-3473242110-392294870-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default
FF NewTab: https://privatelee.qrobe.it/
FF DefaultSearchEngine: qrobe.it (HTTPS)
FF SelectedSearchEngine: qrobe.it (HTTPS)
FF Homepage: privatelee.qrobe.it
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin HKU\S-1-5-21-490156171-3473242110-392294870-1000: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin HKU\S-1-5-21-490156171-3473242110-392294870-1000: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll No File
FF SearchPlugin: C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\searchplugins\qrobeit-https.xml
FF Extension: Fire IE - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\fireie@fireie.org [2014-12-19]
FF Extension: HTTPS-Everywhere - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\https-everywhere@eff.org [2014-10-15]
FF Extension: Hola Better Internet - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-01-01]
FF Extension: NetVideoHunter - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\netvideohunter@netvideohunter.com [2014-07-28]
FF Extension: ColorfulTabs - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-12-17]
FF Extension: Empty Cache Button - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f} [2014-09-13]
FF Extension: Default Full Zoom Level - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2014-10-26]
FF Extension: Disconnect - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\2.0@disconnect.me.xpi [2014-05-13]
FF Extension: Add-on Compatibility Reporter - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\compatibility@addons.mozilla.org.xpi [2014-12-31]
FF Extension: YouTube HTML5 Switch - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-coCUQ7NySNPcj72dA3557kKXGZU@jetpack.xpi [2013-06-18]
FF Extension: AdF.ly Skipper ★WORKING★ - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2014-07-29]
FF Extension: Enhanced Steam - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-03-07]
FF Extension: YouTube Center - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-29]
FF Extension: Lazarus: Form Recovery - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazarus@interclue.com.xpi [2013-03-11]
FF Extension: Lazy Click - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\lazyclick@tmarki.com.xpi [2013-03-11]
FF Extension: Long URL Please - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\longurlplease@darragh.curran.xpi [2013-11-15]
FF Extension: Masking Agent - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\maskingagent@basa.nl.xpi [2013-03-21]
FF Extension: No Small Text - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\nosmalltext@pjs.nl.xpi [2014-11-06]
FF Extension: Stealthy - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\stealthyextension@gmail.com.xpi [2014-07-10]
FF Extension: Google Translator for Firefox - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\translator@zoli.bod.xpi [2013-03-11]
FF Extension: imagiris - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\user@imagiris.txt.xpi [2013-03-11]
FF Extension: Resurrect Pages - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-03-11]
FF Extension: URL Fixer - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2013-03-11]
FF Extension: Adblock Plus - C:\Users\Dan's\AppData\Roaming\Mozilla\Firefox\Profiles\1yc4fj06.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2014-11-10]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.com [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2013-03-11]
FF HKU\S-1-5-21-490156171-3473242110-392294870-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-11] ()
R3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-11] (ASUSTeK Computer Inc.)
S3 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-11] (ASUSTeK Computer Inc.)
S3 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2013-11-02] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [605808 2014-12-01] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-05-30] (PC Pitstop LLC)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 GingerUpdateService; "C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe" [X]
S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 AndNetDiag2; C:\Windows\system32\DRIVERS\lgandnetdiag264.sys [29696 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R3 arusb_win7x; C:\Windows\system32\DRIVERS\arusb_win7x.sys [769024 2010-02-23] (Atheros Communications, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2014-11-18] (Intel  Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 PTQHBUS; C:\Windows\System32\drivers\PTQHBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 21:16 - 2015-01-03 21:16 - 00025669 _____ () C:\Users\Dan's\Desktop\FRST.txt
2015-01-03 21:14 - 2015-01-03 21:14 - 02123776 _____ (Farbar) C:\Users\Dan's\Desktop\FRST64.exe
2015-01-03 21:14 - 2015-01-03 21:14 - 00000000 ____D () C:\Users\Dan's\Desktop\FRST-OlderVersion
2015-01-03 21:13 - 2015-01-03 21:13 - 00003136 _____ () C:\WINDOWS\System32\Tasks\FRAPS
2015-01-03 19:25 - 2015-01-03 19:25 - 00007981 _____ () C:\Users\Dan's\Desktop\ESET2.txt
2015-01-03 17:56 - 2015-01-03 18:06 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\Cheat Engine
2015-01-03 17:44 - 2015-01-03 17:44 - 00000000 ____D () C:\Users\Dan's\Documents\My Cheat Tables
2015-01-03 16:38 - 2015-01-03 20:46 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\MMCache896493620_1
2015-01-03 15:26 - 2015-01-03 15:26 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\temp-android-tool
2015-01-03 14:49 - 2015-01-03 14:49 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\JetBrains
2015-01-03 14:48 - 2015-01-03 14:48 - 00335722 _____ () C:\Users\Dan's\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20150103_144837581-Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219-MSP0.txt
2015-01-03 14:48 - 2015-01-03 14:48 - 00307400 _____ () C:\Users\Dan's\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20150103_144841625-Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219-MSP0.txt
2015-01-03 14:48 - 2015-01-03 14:48 - 00225992 _____ () C:\Users\Dan's\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20150103_144841625-MSI_vc_red.msi.txt
2015-01-03 14:48 - 2015-01-03 14:48 - 00193562 _____ () C:\Users\Dan's\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20150103_144837581-MSI_vc_red.msi.txt
2015-01-03 14:48 - 2015-01-03 14:48 - 00095512 _____ () C:\Users\Dan's\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20150103_144841625.html
2015-01-03 14:48 - 2015-01-03 14:48 - 00091352 _____ () C:\Users\Dan's\AppData\Local\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20150103_144837581.html
2015-01-03 14:48 - 2015-01-03 14:48 - 00000000 ____D () C:\Users\Dan's\.AndroidStudio
2015-01-03 14:48 - 2015-01-03 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2015-01-03 14:48 - 2014-11-18 15:02 - 00084992 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelHaxm.sys
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\Program Files\Android
2015-01-03 14:32 - 2015-01-03 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-01-03 14:27 - 2015-01-03 14:28 - 135815584 _____ (Oracle Corporation) C:\Users\Dan's\Downloads\jdk-7u71-windows-x64.exe
2015-01-03 14:25 - 2015-01-03 14:25 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\intel
2015-01-03 14:08 - 2015-01-03 14:17 - 868344232 _____ (Google Inc.) C:\Users\Dan's\Downloads\android-studio-bundle-135.1641136.exe
2015-01-02 23:43 - 2015-01-03 21:03 - 00031832 _____ () C:\Users\Dan's\AppData\Local\Temp\Dan's.bmp
2015-01-02 17:10 - 2015-01-02 17:10 - 00000942 _____ () C:\Users\Dan's\Desktop\checkup.txt
2015-01-02 17:05 - 2015-01-02 17:05 - 00019681 _____ () C:\Users\Dan's\Desktop\ESETscan.txt
2015-01-02 10:25 - 2015-01-02 10:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-02 10:23 - 2015-01-02 10:23 - 00001134 _____ () C:\Users\Dan's\Desktop\MBAM.txt
2015-01-01 21:10 - 2015-01-01 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-01 21:08 - 2015-01-01 21:08 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-01-01 10:21 - 2015-01-01 10:21 - 00001523 _____ () C:\Users\Dan's\Desktop\JRT.txt
2015-01-01 10:20 - 2015-01-01 10:20 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-01 10:19 - 2015-01-01 10:19 - 01707939 _____ (Thisisu) C:\Users\Dan's\Desktop\JRT.exe
2015-01-01 10:10 - 2015-01-01 10:19 - 00000000 ____D () C:\AdwCleaner
2015-01-01 10:09 - 2015-01-01 10:09 - 02173952 _____ () C:\Users\Dan's\Desktop\AdwCleaner.exe
2015-01-01 10:07 - 2015-01-01 10:07 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-01 09:58 - 2015-01-01 09:58 - 00852504 _____ () C:\Users\Dan's\Desktop\SecurityCheck.exe
2014-12-31 16:55 - 2014-12-31 16:55 - 00000000 ____D () C:\ProgramData\Apple
2014-12-31 16:43 - 2014-12-31 16:43 - 00000020 _____ () C:\Users\Dan's\Documents\seresto.txt
2014-12-31 11:39 - 2014-12-31 11:39 - 00000000 ____D () C:\Users\Dan's\Downloads\NV-Inspector-[Guru3D.com]
2014-12-31 11:23 - 2014-12-31 11:24 - 00057453 _____ () C:\Users\Dan's\Desktop\Addition.txt
2014-12-31 11:21 - 2015-01-03 21:16 - 00000000 ____D () C:\FRST
2014-12-31 11:20 - 2014-12-31 11:20 - 00002622 _____ () C:\Users\Dan's\Desktop\aswMBR.txt
2014-12-31 11:20 - 2014-12-31 11:20 - 00000512 _____ () C:\Users\Dan's\Desktop\MBR.dat
2014-12-31 10:20 - 2014-12-31 10:20 - 05198336 _____ (AVAST Software) C:\Users\Dan's\Desktop\aswMBR.exe
2014-12-30 23:43 - 2014-12-30 23:43 - 00006002 _____ () C:\WINDOWS\system32\PTHQsetup_20141230.log
2014-12-30 22:15 - 2014-12-30 22:14 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221533.backup
2014-12-30 22:14 - 2014-12-14 12:39 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141230-221456.backup
2014-12-30 21:34 - 2014-12-30 21:34 - 00001343 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-12-30 21:34 - 2014-12-30 21:34 - 00000000 ____D () C:\WINDOWS\LastGood
2014-12-30 21:34 - 2014-12-30 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-30 21:34 - 2014-12-13 02:03 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 02210040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-12-30 21:34 - 2014-12-12 18:11 - 01291464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 32099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 25460552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 24764232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 20465808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 18594432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 17264312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 16040184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 14128496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 13288360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 13202520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10770120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10710160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 10345280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-12-30 21:33 - 2014-12-13 04:08 - 03610440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 03293136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 03248968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 02897824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 01895056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434709.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 01556624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434709.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00994384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00968336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00942400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00928072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00906560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00876976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00834880 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00306328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00178632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00165760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-12-30 21:33 - 2014-12-13 04:08 - 00027983 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-12-30 21:33 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-12-30 21:33 - 2014-11-22 04:46 - 00035472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-12-30 21:33 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-12-30 21:28 - 2014-12-30 21:30 - 307606328 _____ (NVIDIA Corporation) C:\Users\Dan's\Downloads\347.09-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-12-30 19:57 - 2014-12-13 02:03 - 06859408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-12-30 19:55 - 2014-12-30 19:55 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-12-30 18:20 - 2014-12-30 18:20 - 00000008 _____ () C:\Users\Dan's\Documents\oliveranch order.txt
2014-12-30 10:24 - 2014-12-30 10:41 - 341142420 _____ () C:\Users\Dan's\Downloads\Sting - Live 60th birthday concert NY Beacon Theatre 1 october 2011.mp4
2014-12-30 09:04 - 2014-12-30 09:04 - 00000902 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-12-30 08:56 - 2014-12-30 08:56 - 68653056 _____ () C:\Users\Dan's\Downloads\calibre-64bit-2.14.0.msi
2014-12-28 18:18 - 2014-12-28 18:20 - 34305058 _____ () C:\Users\Dan's\Downloads\torbrowser-install-4.0.2_en-US.exe
2014-12-28 14:40 - 2014-12-28 14:48 - 443555719 _____ () C:\Users\Dan's\Downloads\N7_2013_tools20140228.zip
2014-12-28 14:40 - 2014-12-28 14:40 - 23590680 _____ (深圳瓶子科技有限公司) C:\Users\Dan's\Downloads\ShuameSetup_2.0.3.exe
2014-12-28 14:39 - 2014-12-28 14:43 - 281012968 _____ () C:\Users\Dan's\Downloads\miui_Nexus7_4.8.22_396a8fe8f5_4.4.zip
2014-12-27 20:25 - 2014-12-27 20:25 - 04551776 _____ (Krzysztof Kowalczyk) C:\Users\Dan's\Downloads\SumatraPDF-3.0-install.exe
2014-12-27 19:36 - 2014-12-27 19:36 - 00000951 _____ () C:\Users\Public\Desktop\Tagman.lnk
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Abelssoft
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tagman
2014-12-27 19:36 - 2014-12-27 19:36 - 00000000 ____D () C:\Program Files (x86)\Tagman
2014-12-27 19:35 - 2014-12-27 19:35 - 00001090 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 19:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-27 19:35 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-27 19:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-27 17:38 - 2014-12-27 17:39 - 26498368 _____ (Abelssoft ) C:\Users\Dan's\Downloads\TAGMAN_2015.exe
2014-12-24 20:57 - 2014-12-24 20:57 - 17102864 _____ (Electronic Arts, Inc.) C:\Users\Dan's\Downloads\OriginThinSetup.exe
2014-12-24 19:24 - 2014-12-24 19:24 - 00001330 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-24 19:24 - 2014-12-24 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-24 14:58 - 2014-12-24 19:34 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-24 14:57 - 2014-12-24 15:22 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Origin
2014-12-24 14:55 - 2015-01-03 10:48 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-24 14:55 - 2014-12-24 14:55 - 00000951 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-12-24 14:55 - 2014-12-24 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-22 11:23 - 2014-11-10 18:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-12-22 11:22 - 2014-12-22 11:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-12-22 11:22 - 2014-11-17 14:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-12-22 11:22 - 2014-11-17 14:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-12-22 11:22 - 2014-11-15 13:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-12-22 11:22 - 2014-11-15 00:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-12-22 11:22 - 2014-11-14 08:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-12-22 11:22 - 2014-11-14 01:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-12-22 11:22 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2014-12-22 11:22 - 2014-11-14 00:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-12-22 11:22 - 2014-11-14 00:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-12-22 11:22 - 2014-11-14 00:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-12-22 11:22 - 2014-11-14 00:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-12-22 11:22 - 2014-11-14 00:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-12-22 11:22 - 2014-11-14 00:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-12-22 11:22 - 2014-11-14 00:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-12-22 11:22 - 2014-11-14 00:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-22 11:22 - 2014-11-14 00:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-12-22 11:22 - 2014-11-13 23:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-12-22 11:22 - 2014-11-13 23:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-12-22 11:22 - 2014-11-13 23:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-12-22 11:22 - 2014-11-13 23:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-12-22 11:22 - 2014-11-13 23:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-12-22 11:22 - 2014-11-13 22:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-22 11:22 - 2014-11-10 18:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-12-22 11:22 - 2014-11-10 12:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-12-22 11:22 - 2014-11-10 12:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-12-22 11:22 - 2014-11-10 12:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-12-22 11:22 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-12-22 11:22 - 2014-11-09 20:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-12-22 11:22 - 2014-11-09 19:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-12-22 11:22 - 2014-11-09 19:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-12-22 11:22 - 2014-11-09 19:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-12-22 11:22 - 2014-11-09 19:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-12-22 11:22 - 2014-11-09 19:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-12-22 11:22 - 2014-11-09 19:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-12-22 11:22 - 2014-11-09 19:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-12-22 11:22 - 2014-11-09 18:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-12-22 11:22 - 2014-11-09 18:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-12-22 11:22 - 2014-11-08 04:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2014-12-22 11:22 - 2014-11-08 04:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2014-12-22 11:22 - 2014-11-07 22:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2014-12-22 11:22 - 2014-11-07 22:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2014-12-22 11:22 - 2014-11-07 21:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2014-12-22 11:22 - 2014-11-07 21:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2014-12-22 11:22 - 2014-11-07 21:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2014-12-22 11:22 - 2014-11-07 21:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2014-12-22 11:22 - 2014-11-07 21:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2014-12-22 11:22 - 2014-11-07 21:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2014-12-22 11:22 - 2014-11-07 21:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2014-12-22 11:22 - 2014-11-07 21:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2014-12-22 11:22 - 2014-11-07 21:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2014-12-22 11:22 - 2014-11-07 20:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2014-12-22 11:22 - 2014-11-07 20:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-12-22 11:22 - 2014-11-07 20:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-12-22 11:22 - 2014-11-07 20:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2014-12-22 11:22 - 2014-11-07 20:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-12-22 11:22 - 2014-11-07 19:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2014-12-22 11:22 - 2014-11-07 19:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-12-22 11:22 - 2014-11-07 19:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-12-22 11:22 - 2014-11-06 21:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-12-22 11:22 - 2014-11-06 21:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-12-22 11:22 - 2014-11-04 20:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2014-12-22 11:22 - 2014-11-04 20:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2014-12-22 11:22 - 2014-11-04 20:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2014-12-22 11:22 - 2014-11-04 19:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-12-22 11:22 - 2014-11-04 19:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-12-22 11:22 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-12-22 11:22 - 2014-11-04 19:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2014-12-22 11:22 - 2014-11-04 19:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2014-12-22 11:22 - 2014-11-04 19:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2014-12-22 11:22 - 2014-11-04 19:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2014-12-22 11:22 - 2014-11-04 19:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-12-22 11:22 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-12-22 11:22 - 2014-11-04 19:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-12-22 11:22 - 2014-11-04 19:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2014-12-22 11:22 - 2014-11-04 13:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2014-12-22 11:22 - 2014-11-04 13:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2014-12-22 11:22 - 2014-11-04 13:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2014-12-22 11:22 - 2014-11-04 00:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-12-22 11:22 - 2014-11-04 00:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-12-22 11:22 - 2014-11-04 00:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2014-12-22 11:22 - 2014-11-03 23:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-12-22 11:22 - 2014-10-30 18:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-12-22 11:22 - 2014-10-30 18:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-12-22 11:22 - 2014-10-29 23:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-12-22 11:22 - 2014-10-29 23:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-12-22 11:22 - 2014-10-29 23:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-12-22 11:22 - 2014-10-28 21:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2014-12-22 11:22 - 2014-10-28 20:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2014-12-22 11:22 - 2014-10-28 20:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2014-12-22 11:22 - 2014-10-28 19:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2014-12-22 11:22 - 2014-10-28 19:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2014-12-22 11:22 - 2014-10-28 19:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2014-12-22 11:22 - 2014-10-28 19:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2014-12-22 11:22 - 2014-10-28 19:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2014-12-22 11:22 - 2014-10-28 19:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2014-12-22 11:22 - 2014-10-28 19:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2014-12-22 11:22 - 2014-10-28 19:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2014-12-22 11:22 - 2014-10-26 16:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-12-22 11:22 - 2014-10-20 19:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2014-12-22 11:22 - 2014-10-20 19:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2014-12-22 11:22 - 2014-10-20 18:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2014-12-22 11:22 - 2014-10-20 18:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2014-12-22 11:22 - 2014-10-20 18:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2014-12-22 11:22 - 2014-10-20 18:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-12-22 11:22 - 2014-10-20 18:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2014-12-22 11:22 - 2014-10-16 22:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-22 11:22 - 2014-10-16 22:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-22 11:22 - 2014-10-16 22:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-22 11:22 - 2014-10-16 21:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-20 12:47 - 2014-12-20 12:47 - 00244104 _____ () C:\Users\Dan's\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-17 19:29 - 2014-12-17 19:29 - 00003828 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1383541367
2014-12-17 19:29 - 2014-12-17 19:29 - 00001017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-12-16 20:42 - 2015-01-03 19:22 - 00000000 ____D () C:\Users\Dan's\Downloads\Dragon Age Inquisition V1.01 Trainer +15 MrAntiFun
2014-12-15 11:23 - 2014-12-15 11:23 - 00000045 _____ () C:\Users\Dan's\Documents\blood test numbers 121614.txt
2014-12-14 12:39 - 2014-12-14 12:39 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123928.backup
2014-12-14 12:39 - 2014-12-01 00:45 - 00450892 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141214-123903.backup
2014-12-13 18:38 - 2015-01-03 18:41 - 00000000 ____D () C:\ProgramData\Origin
2014-12-13 18:38 - 2014-12-24 14:55 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-13 11:20 - 2014-11-26 15:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-13 11:20 - 2014-11-26 15:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-13 11:17 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-13 11:17 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-13 11:17 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-13 11:17 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-13 11:17 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-13 11:17 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-13 11:17 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-13 11:17 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-13 11:17 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-13 11:17 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-13 11:17 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-13 11:17 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-13 11:17 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-13 11:17 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-13 11:17 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-13 11:17 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-13 11:17 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-13 11:17 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-13 11:17 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-13 11:17 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-13 11:17 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-13 11:17 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-13 11:17 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-13 11:17 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-13 11:17 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-13 11:17 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-13 11:17 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-13 11:17 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-13 11:17 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-13 11:17 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-13 11:17 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-13 11:17 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-13 11:17 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-13 11:17 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-13 11:17 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-13 11:17 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-13 11:17 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-13 11:17 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-13 11:17 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-13 11:17 - 2014-10-30 17:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-13 11:17 - 2014-10-30 17:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-13 11:17 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-13 11:17 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-13 11:16 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-13 11:16 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-13 11:16 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-13 11:16 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-12 20:51 - 2014-12-12 20:51 - 00000000 ____D () C:\Users\Dan's\Documents\Egosoft
2014-12-12 20:48 - 2014-12-12 20:50 - 00000000 ____D () C:\editing
2014-12-12 10:14 - 2014-12-12 10:14 - 18119856 _____ (Adobe Systems Incorporated) C:\Users\Dan's\Downloads\install_flash_player.exe
2014-12-06 00:35 - 2014-12-06 00:35 - 00190428 _____ () C:\Users\Dan's\Downloads\UIT_IphStich.zip
2014-12-04 21:01 - 2014-12-04 21:01 - 30134887 _____ () C:\Users\Dan's\Downloads\Episode 63 Billy Gibbons  Live From Daryl's House with Daryl Hall  Current Episode.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 21:16 - 2014-05-04 13:40 - 00000000 ____D () C:\Users\Dan's\AppData\Local\Temp\Temp
2015-01-03 21:13 - 2013-12-31 08:52 - 00000000 ___DO () C:\Users\Dan's\SkyDrive
2015-01-03 21:13 - 2013-03-11 14:30 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-03 21:13 - 2013-03-11 14:01 - 00000000 ____D () C:\ProgramData\PCPitstop
2015-01-03 21:13 - 2012-10-18 19:34 - 00000000 ____D () C:\Fraps
2015-01-03 21:04 - 2014-11-24 14:05 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-01-03 21:04 - 2014-06-08 21:47 - 00212874 _____ () C:\WINDOWS\PFRO.log
2015-01-03 21:04 - 2014-06-06 00:23 - 02073044 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-03 21:04 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-03 21:04 - 2013-03-11 09:56 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-01-03 21:03 - 2013-12-17 10:13 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\ClassicShell
2015-01-03 21:03 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-03 21:03 - 2013-03-12 10:44 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\MediaMonkey
2015-01-03 21:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-03 20:28 - 2013-03-11 14:11 - 00000000 ____D () C:\ProgramData\PCPitstopDat
2015-01-03 19:24 - 2013-03-11 09:43 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-490156171-3473242110-392294870-1000
2015-01-03 19:22 - 2014-06-06 15:05 - 00000000 ____D () C:\Users\Dan's\Downloads\wirelesskeyview-x64
2015-01-03 19:22 - 2014-03-11 17:59 - 00000000 ____D () C:\Users\Dan's\Downloads\Shadowrun_Returns_Dragonfall_V1.2.5_Trainer_plus5
2015-01-03 19:22 - 2014-03-09 11:13 - 00000000 ____D () C:\Users\Dan's\Downloads\Shadowrun Returns Dragonfall V1.2.5 Trainer +5
2015-01-03 16:04 - 2014-06-07 16:14 - 00000000 ____D () C:\Users\Dan's\Documents\Calibre Library
2015-01-03 15:59 - 2014-06-19 20:23 - 00000000 ____D () C:\Users\Dan's\.android
2015-01-03 15:51 - 2014-06-09 04:30 - 00006976 _____ () C:\WINDOWS\setupact.log
2015-01-03 14:48 - 2013-12-31 01:22 - 00000000 ____D () C:\Users\Dan's
2015-01-03 14:48 - 2013-11-02 20:51 - 00000000 ____D () C:\Program Files\Intel
2015-01-03 14:30 - 2013-06-02 20:58 - 00000000 ____D () C:\Program Files\Java
2015-01-03 12:37 - 2013-03-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-03 11:55 - 2014-01-15 13:58 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-02 23:11 - 2013-06-01 22:03 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamBG's Planescape Torment Editors
2015-01-02 23:10 - 2013-01-15 20:52 - 00000000 ____D () C:\Games
2015-01-02 17:03 - 2014-09-10 10:26 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-01-02 10:34 - 2012-07-26 02:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-02 10:29 - 2013-06-28 10:47 - 00000000 ____D () C:\GOG Games
2015-01-02 10:10 - 2014-07-15 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 21:20 - 2014-06-06 15:37 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2015-01-01 21:18 - 2013-03-11 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-01-01 21:18 - 2013-03-11 17:23 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2015-01-01 21:14 - 2013-03-26 16:57 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2015-01-01 21:14 - 2013-03-26 16:55 - 00000000 ____D () C:\ProgramData\National Instruments
2015-01-01 21:12 - 2014-11-10 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-01 20:36 - 2014-06-17 12:50 - 00002352 _____ () C:\WINDOWS\LkmdfCoInst.log
2015-01-01 20:36 - 2013-12-31 01:13 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-01-01 13:43 - 2014-09-18 21:30 - 00091136 ___SH () C:\Users\Dan's\Desktop\Thumbs.db
2015-01-01 11:05 - 2014-05-28 16:31 - 00000000 ____D () C:\ProgramData\Orbit
2015-01-01 11:05 - 2012-08-21 17:59 - 00000000 ____D () C:\Users\Dan's\Documents\My Games
2015-01-01 10:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-01 10:07 - 2013-03-11 13:24 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2015-01-01 10:05 - 2013-08-22 09:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-31 19:51 - 2014-10-04 23:44 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\NVIDIA
2014-12-31 16:55 - 2013-09-06 19:14 - 00000000 ____D () C:\Program Files\Bonjour
2014-12-31 16:55 - 2013-09-06 19:14 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-12-31 16:55 - 2013-03-11 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-12-31 09:55 - 2014-08-01 12:58 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Tropico 4
2014-12-31 09:43 - 2013-10-22 17:54 - 00000000 ____D () C:\Program Files (x86)\OCCT
2014-12-30 23:45 - 2014-08-07 17:27 - 00000000 ____D () C:\Program Files (x86)\Maxis
2014-12-30 23:44 - 2013-08-12 21:57 - 00000000 _____ () C:\conmgr.log
2014-12-30 23:44 - 2013-03-11 10:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-30 21:36 - 2013-12-31 01:14 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-30 21:34 - 2013-12-31 01:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-30 21:34 - 2013-12-31 01:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-30 21:34 - 2013-12-31 01:13 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-30 09:04 - 2014-06-07 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-12-30 09:04 - 2014-06-07 16:11 - 00000000 ____D () C:\Program Files\Calibre2
2014-12-28 18:24 - 2014-06-07 20:11 - 00000000 ____D () C:\Users\Dan's\Desktop\Tor Browser
2014-12-28 00:53 - 2014-01-19 14:38 - 00409904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-28 00:52 - 2014-07-15 23:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:25 - 2013-03-11 16:09 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-12-27 19:35 - 2014-07-15 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 19:24 - 2013-03-11 15:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-24 15:09 - 2013-02-01 11:59 - 00000000 ____D () C:\Temp
2014-12-22 12:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-22 11:33 - 2013-03-11 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-12-22 11:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-12-22 11:23 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-20 12:48 - 2013-03-11 10:56 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-20 12:48 - 2013-03-11 10:56 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-17 19:29 - 2013-11-03 23:02 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-14 13:10 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-14 13:09 - 2013-03-11 12:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-13 19:22 - 2013-12-11 19:06 - 00000000 ____D () C:\Users\Dan's\Documents\BioWare
2014-12-13 11:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-13 11:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-13 11:23 - 2013-08-13 12:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-13 11:20 - 2013-03-11 11:34 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-13 04:08 - 2014-09-19 23:37 - 00074056 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-12-13 04:08 - 2014-09-19 23:37 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2014-12-13 02:03 - 2014-09-19 23:37 - 03513488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-12-13 02:03 - 2014-09-19 23:37 - 00935240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-12-13 02:03 - 2014-09-19 23:37 - 00386368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-12-13 02:03 - 2013-03-11 11:27 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-12-12 20:48 - 2014-11-23 10:35 - 00000000 ____D () C:\Users\Dan's\AppData\Roaming\Notepad++
2014-12-12 20:44 - 2014-01-19 11:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-12 17:11 - 2014-09-19 23:37 - 04151176 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-12-11 22:07 - 2014-05-13 00:12 - 00000000 ____D () C:\Users\Dan's\Documents\theRenamer
2014-12-07 18:43 - 2014-11-25 16:38 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-12-07 18:43 - 2013-10-31 13:07 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-12-05 00:09 - 2013-09-29 22:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-04 19:34 - 2014-06-06 16:33 - 00000000 ____D () C:\Users\Dan's\Documents\LG OSP
2014-12-04 18:10 - 2013-10-13 07:10 - 00000000 ____D () C:\Users\Dan's\Documents\Telltale Games

Files to move or delete:
====================
C:\ProgramData\sdpsenv.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-03 04:02

==================== End Of Log ============================



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 January 2015 - 09:16 AM

Hi MrKez ,

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

In your next post please provide the following:
  • AdwCleaner[S1].txt
  • How is the computer running, what issues still remain?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 04 January 2015 - 10:38 AM

It seems to be running better now. No more popups whenever I reboot. thank you so much.

 

# AdwCleaner v2.305 - Logfile created 07/14/2013 at 13:43:26
# Updated 11/07/2013 by Xplode
# Operating system : Windows 8 Pro  (64 bits)
# User : Dan's - DANS-PC
# Boot Mode : Normal
# Running from : C:\Users\Dan's\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****
 



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 05 January 2015 - 12:52 AM

Hi MrKez,

Your AdwCleaner log is not complete. Please move AdwCleaner to your desktop and run a fresh scan.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 MrKez

MrKez

    Authentic Member

  • Authentic Member
  • PipPip
  • 37 posts

Posted 05 January 2015 - 10:31 AM

# AdwCleaner v4.106 - Report created 05/01/2015 at 10:12:23
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Dan's - DANS-PC
# Running from : C:\Users\Dan's\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Dan's\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Dan's\AppData\Roaming\RHEng

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Comodo Dragon v


-\\ Opera v26.0.1656.60

[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\Dan's\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe

*************************

AdwCleaner[R0].txt - [5003 octets] - [01/01/2015 10:12:23]
AdwCleaner[R1].txt - [958 octets] - [04/01/2015 10:31:18]
AdwCleaner[R2].txt - [1393 octets] - [05/01/2015 10:08:31]
AdwCleaner[S0].txt - [5110 octets] - [01/01/2015 10:13:45]
AdwCleaner[S1].txt - [1020 octets] - [04/01/2015 10:32:09]
AdwCleaner[S2].txt - [1322 octets] - [05/01/2015 10:12:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1382 octets] ##########
 


Related Topics




Also tagged with one or more of these keywords: malware, popups

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users