Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FRST Log uploaded. Computer loads right into recovery [Closed]

frst64 frst

  • This topic is locked This topic is locked

#1
brandus

brandus

    New Member

  • Member
  • Pip
  • 9 posts

I found this site and tool trying to save my computer.

 

Thanks for even looking into this

 

Running from d:\
Platform: WIN_7 (X64) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Winlogon: [Userinit] 
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\Brandus\...\Run: [Akamai NetSession Interface] => "C:\Users\Brandus\AppData\Local\Akamai\netsession_win.exe"
HKU\Brandus\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\Brandus\...\Run: [GoogleChromeAutoLaunch_608DC4D237EEAEB08E86F56C53DE0025] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\Mcx1-BRANDUS-PC\...\Run: [Akamai NetSession Interface] => "C:\Users\Brandus\AppData\Local\Akamai\netsession_win.exe"
HKU\Mcx1-BRANDUS-PC\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\Mcx1-BRANDUS-PC\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\Mcx1-BRANDUS-PC\...\Run: [Pinnacle Game Profiler] => "C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" -atboottime
HKU\Mcx1-BRANDUS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Brandus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 22:32 - 2014-09-02 22:33 - 00000000 ____D () C:\FRST
2014-09-02 16:38 - 2014-09-02 16:39 - 00000000 ____D () C:\Windows\Windows
2014-09-02 06:39 - 2014-09-02 06:39 - 00000000 __SHD () C:\found.000
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieUserList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieSiteList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Macromedia
2014-08-27 21:16 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 21:16 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:16 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-27 08:08 - 2014-08-27 08:08 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Intel Corporation
2014-08-27 08:07 - 2014-08-28 10:45 - 00000000 ____D () C:\Users\Ebony\lucidlogix
2014-08-27 08:07 - 2014-08-27 08:07 - 00109680 _____ () C:\Users\Ebony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ___RD () C:\Users\Ebony\Podcasts
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Canon
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Apple Computer
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Adobe
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Local\Google
2014-08-27 08:06 - 2014-08-27 08:07 - 00000000 ____D () C:\users\Ebony
2014-08-27 08:06 - 2014-08-27 08:06 - 00000020 ___SH () C:\Users\Ebony\ntuser.ini
2014-08-27 08:06 - 2014-08-27 08:06 - 00000000 ____D () C:\Users\Ebony\AppData\Local\VirtualStore
2014-08-25 20:07 - 2014-08-25 20:09 - 00000000 ____D () C:\Users\Brandus\Desktop\Madden.NFL.15.XBOX360-COMPLEX
2014-08-18 02:37 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-18 02:37 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-18 02:37 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 02:37 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-18 02:37 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-18 02:37 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-18 02:37 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-18 02:37 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 18:45 - 2014-07-31 15:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-16 18:45 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 18:45 - 2014-07-25 06:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-16 18:45 - 2014-07-25 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-16 18:45 - 2014-07-25 06:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-16 18:45 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 18:45 - 2014-07-25 05:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-16 18:45 - 2014-07-25 05:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-16 18:45 - 2014-07-25 05:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-16 18:45 - 2014-07-25 05:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-16 18:45 - 2014-07-25 05:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-16 18:45 - 2014-07-25 05:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-16 18:45 - 2014-07-25 05:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-16 18:45 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 18:45 - 2014-07-25 05:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-16 18:45 - 2014-07-25 05:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-16 18:45 - 2014-07-25 05:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-16 18:45 - 2014-07-25 04:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-16 18:45 - 2014-07-25 04:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-16 18:45 - 2014-07-25 04:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-16 18:45 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 18:45 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 18:45 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 18:45 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 18:45 - 2014-07-25 04:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-16 18:45 - 2014-07-25 04:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-16 18:45 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 18:45 - 2014-07-25 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-16 18:45 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 18:45 - 2014-07-25 04:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-16 18:45 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 18:45 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 18:45 - 2014-07-25 04:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-16 18:45 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 18:45 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 18:45 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 18:45 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 18:45 - 2014-07-25 03:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-16 18:45 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 18:45 - 2014-07-25 03:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-16 18:45 - 2014-07-25 03:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-16 18:45 - 2014-07-25 03:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-16 18:45 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 18:45 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 18:45 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 18:45 - 2014-07-25 03:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-16 18:45 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 18:45 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 18:45 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 18:45 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 18:45 - 2014-07-25 02:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-16 18:45 - 2014-07-25 02:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-16 18:45 - 2014-07-25 02:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-16 18:45 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 18:45 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 18:45 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 18:44 - 2014-08-16 18:44 - 00931328 _____ () C:\Users\Brandus\Downloads\Chapter 1.ppt
2014-08-16 18:41 - 2014-07-15 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-16 18:41 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 18:41 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-16 18:41 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 18:41 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-16 18:41 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-16 18:41 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-16 18:41 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-16 18:41 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-16 18:41 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 18:41 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 18:41 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 18:36 - 2014-08-06 18:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-16 18:36 - 2014-08-06 18:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-16 18:36 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-16 18:36 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-03 17:43 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-03 17:43 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-03 17:43 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 17:43 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-03 17:43 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-03 17:43 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-03 17:43 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 17:43 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-03 17:43 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-03 17:43 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 17:43 - 2014-05-14 05:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-03 17:43 - 2014-05-14 05:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 17:43 - 2014-05-14 05:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-03 17:43 - 2014-05-14 05:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 22:33 - 2014-09-02 22:32 - 00000000 ____D () C:\FRST
2014-09-02 18:34 - 2012-11-19 19:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-02 17:14 - 2013-08-19 03:20 - 00000000 ____D () C:\5a9d64c2c26642a26d2b57
2014-09-02 16:52 - 2014-01-06 10:00 - 00001429 _____ () C:\Users\Brandus\Desktop\pcsx2 - Shortcut.lnk
2014-09-02 16:52 - 2012-08-19 06:33 - 00001290 _____ () C:\Users\Brandus\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk
2014-09-02 16:52 - 2012-08-04 21:51 - 00001949 _____ () C:\Users\Brandus\Desktop\Play COD MW3.lnk
2014-09-02 16:52 - 2012-08-04 20:55 - 00000909 _____ () C:\Users\Brandus\Desktop\MagicDisc.lnk
2014-09-02 16:51 - 2013-10-18 09:43 - 00000987 _____ () C:\Users\Brandus\Desktop\Democracy 2.lnk
2014-09-02 16:51 - 2013-09-03 05:44 - 00000939 _____ () C:\Users\Brandus\Desktop\DVD Shrink 3.2.lnk
2014-09-02 16:51 - 2012-08-24 15:27 - 00001193 _____ () C:\Users\Brandus\Desktop\AVS Video Converter.lnk
2014-09-02 16:45 - 2014-03-05 14:27 - 00000994 _____ () C:\Users\Brandus\Desktop\µTorrent.lnk
2014-09-02 16:45 - 2012-08-04 21:01 - 00000000 ____D () C:\Users\Brandus\AppData\Roaming\uTorrent
2014-09-02 16:39 - 2014-09-02 16:38 - 00000000 ____D () C:\Windows\Windows
2014-09-02 06:39 - 2014-09-02 06:39 - 00000000 __SHD () C:\found.000
2014-09-02 02:12 - 2012-08-05 05:47 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-02 02:11 - 2013-10-09 13:03 - 00000000 ____D () C:\ProgramData\Intel
2014-09-02 02:09 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 02:09 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 02:05 - 2013-11-19 20:54 - 00000000 ____D () C:\Users\Brandus\Lucidlogix
2014-09-02 02:04 - 2012-08-04 21:27 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 02:04 - 2012-08-04 21:27 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 02:01 - 2013-03-03 09:33 - 00000204 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-02 02:01 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 14:40 - 2012-08-06 16:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieUserList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieSiteList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Macromedia
2014-08-28 10:45 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\lucidlogix
2014-08-28 10:45 - 2013-07-15 09:07 - 00000067 _____ () C:\Windows\System32\VpnService.log
2014-08-28 03:56 - 2013-08-31 14:10 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-08-28 03:56 - 2009-07-13 20:45 - 00409576 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-28 03:55 - 2012-08-05 00:07 - 00347202 _____ () C:\Windows\PFRO.log
2014-08-27 21:34 - 2012-08-07 19:20 - 00000000 ____D () C:\Users\Brandus\Documents\Outlook Files
2014-08-27 20:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-08-27 08:09 - 2012-08-19 14:24 - 00000000 ____D () C:\Users\Brandus\Documents\RCT3
2014-08-27 08:09 - 2012-08-04 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-27 08:08 - 2014-08-27 08:08 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Intel Corporation
2014-08-27 08:08 - 2014-01-07 06:35 - 00000000 ____D () C:\KA
2014-08-27 08:08 - 2014-01-06 07:16 - 00000365 _____ () C:\Windows\ka.ini
2014-08-27 08:07 - 2014-08-27 08:07 - 00109680 _____ () C:\Users\Ebony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ___RD () C:\Users\Ebony\Podcasts
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Canon
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Apple Computer
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Adobe
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Local\Google
2014-08-27 08:07 - 2014-08-27 08:06 - 00000000 ____D () C:\users\Ebony
2014-08-27 08:06 - 2014-08-27 08:06 - 00000020 ___SH () C:\Users\Ebony\ntuser.ini
2014-08-27 08:06 - 2014-08-27 08:06 - 00000000 ____D () C:\Users\Ebony\AppData\Local\VirtualStore
2014-08-25 20:11 - 2014-02-19 08:07 - 00000000 ____D () C:\Users\Brandus\AppData\Roaming\abgx360
2014-08-25 20:09 - 2014-08-25 20:07 - 00000000 ____D () C:\Users\Brandus\Desktop\Madden.NFL.15.XBOX360-COMPLEX
2014-08-22 18:07 - 2014-08-27 21:16 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 17:45 - 2014-08-27 21:16 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 16:59 - 2014-08-27 21:16 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-20 03:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 03:04 - 2014-02-08 06:43 - 00000000 ____D () C:\Users\Brandus\Downloads\Utorrent
2014-08-20 02:32 - 2012-08-25 07:49 - 00000000 ___RD () C:\Users\Brandus\Podcasts
2014-08-18 03:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-18 02:47 - 2012-08-05 09:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-18 02:43 - 2013-08-14 13:16 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-18 02:40 - 2012-08-05 05:24 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-18 02:36 - 2014-05-04 19:05 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-18 02:34 - 2012-08-05 05:51 - 00109680 _____ () C:\Users\Brandus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-16 19:06 - 2012-08-04 21:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-16 18:44 - 2014-08-16 18:44 - 00931328 _____ () C:\Users\Brandus\Downloads\Chapter 1.ppt
2014-08-16 18:10 - 2014-03-09 14:45 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-08-16 17:44 - 2013-07-29 15:39 - 00000000 ____D () C:\Users\Brandus\Heaven
2014-08-15 17:14 - 2012-08-04 21:34 - 00006656 _____ () C:\Windows\System32\lpcio.dll
2014-08-15 17:13 - 2014-07-27 19:44 - 00009742 _____ () C:\Users\Brandus\Documents\bill.xlsx
2014-08-06 18:06 - 2014-08-16 18:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-06 18:01 - 2014-08-16 18:36 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-04 13:41 - 2014-03-02 14:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-04 13:41 - 2014-03-02 14:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
 
Files to move or delete:
====================
C:\Users\Brandus\Democracy2_Win_1370545527.exe
 
 
Some content of TEMP:
====================
C:\Users\Brandus\AppData\Local\Temp\AskSLib.dll
C:\Users\Brandus\AppData\Local\Temp\AutoRun.exe
C:\Users\Brandus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Brandus\AppData\Local\Temp\EAInstall.dll
C:\Users\Brandus\AppData\Local\Temp\htmlayout.dll
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_CR_Downloader_for_ncaa-football-'11.exe
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_halloween.exe
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_ICReinstall_halloween.exe
C:\Users\Brandus\AppData\Local\Temp\installerdll43052171.dll
C:\Users\Brandus\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\madden_inst.exe
C:\Users\Brandus\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Brandus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Brandus\AppData\Local\Temp\nvStInst.exe
C:\Users\Brandus\AppData\Local\Temp\ose00000.exe
C:\Users\Brandus\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Brandus\AppData\Local\Temp\sfextra.dll
C:\Users\Brandus\AppData\Local\Temp\sonarinst.exe
C:\Users\Brandus\AppData\Local\Temp\SRLDetectionLibrary7486045928970420086.dll
C:\Users\Brandus\AppData\Local\Temp\temp.exe
C:\Users\Brandus\AppData\Local\Temp\uninstall.exe
C:\Users\Brandus\AppData\Local\Temp\uninstall8245890.exe
C:\Users\Brandus\AppData\Local\Temp\utt60F5.tmp.exe
C:\Users\Brandus\AppData\Local\Temp\_is4549.exe
C:\Users\Brandus\AppData\Local\Temp\_isA231.exe
C:\Users\Brandus\AppData\Local\Temp\_isB732.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 5080.04 MB
Available physical RAM: 4528.57 MB
Total Pagefile: 5078.19 MB
Available Pagefile: 4512.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:241.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:29.59 GB) (Free:10.79 GB) NTFS
Drive e: (DVD_ROM) (CDROM) (Total:4.36 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7DA726B7)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-08-27 03:53
 
==================== End Of Log ============================

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



Reboot your machine, enter the Recovery Environment and access the Command Prompt again.

Instead of running FRST, type in the following command:
chkdsk c: /r
and press Enter.

Upon completion please try to generate another one FRST report.
  • 0

#3
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Ok thanks I will when I get home. Im at work right now


  • 0

#4
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Ok So I did the chkdsk r and after a few hours it was complete. it did say that something cannot be logged 

 

After that i did frst again 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by SYSTEM on MININT-05LPHJU on 03-09-2014 22:13:29
Running from D:\
Platform: WIN_7 (X64) OS Language: English (United States)
Boot Mode: Recovery
Attention: Could not load system hive.
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Winlogon: [Userinit] 
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\Brandus\...\Run: [Akamai NetSession Interface] => "C:\Users\Brandus\AppData\Local\Akamai\netsession_win.exe"
HKU\Brandus\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\Brandus\...\Run: [GoogleChromeAutoLaunch_608DC4D237EEAEB08E86F56C53DE0025] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-08-06] (Google Inc.)
HKU\Mcx1-BRANDUS-PC\...\Run: [Akamai NetSession Interface] => "C:\Users\Brandus\AppData\Local\Akamai\netsession_win.exe"
HKU\Mcx1-BRANDUS-PC\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\Mcx1-BRANDUS-PC\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\Mcx1-BRANDUS-PC\...\Run: [Pinnacle Game Profiler] => "C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle.exe" -atboottime
HKU\Mcx1-BRANDUS-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Brandus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 22:32 - 2014-09-03 22:13 - 00000000 ____D () C:\FRST
2014-09-02 16:38 - 2014-09-02 16:39 - 00000000 ____D () C:\Windows\Windows
2014-09-02 06:39 - 2014-09-02 06:39 - 00000000 __SHD () C:\found.000
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieUserList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieSiteList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Macromedia
2014-08-27 21:16 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-27 21:16 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:16 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-27 08:08 - 2014-08-27 08:08 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Intel Corporation
2014-08-27 08:07 - 2014-08-28 10:45 - 00000000 ____D () C:\Users\Ebony\lucidlogix
2014-08-27 08:07 - 2014-08-27 08:07 - 00109680 _____ () C:\Users\Ebony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ___RD () C:\Users\Ebony\Podcasts
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Canon
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Apple Computer
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Adobe
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Local\Google
2014-08-27 08:06 - 2014-08-27 08:07 - 00000000 ____D () C:\users\Ebony
2014-08-27 08:06 - 2014-08-27 08:06 - 00000020 ___SH () C:\Users\Ebony\ntuser.ini
2014-08-27 08:06 - 2014-08-27 08:06 - 00000000 ____D () C:\Users\Ebony\AppData\Local\VirtualStore
2014-08-25 20:07 - 2014-08-25 20:09 - 00000000 ____D () C:\Users\Brandus\Desktop\Madden.NFL.15.XBOX360-COMPLEX
2014-08-18 02:37 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-18 02:37 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-18 02:37 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 02:37 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-18 02:37 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-18 02:37 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-18 02:37 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-18 02:37 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 18:45 - 2014-07-31 15:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-16 18:45 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 18:45 - 2014-07-25 06:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-16 18:45 - 2014-07-25 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-16 18:45 - 2014-07-25 06:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-16 18:45 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 18:45 - 2014-07-25 05:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-16 18:45 - 2014-07-25 05:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-16 18:45 - 2014-07-25 05:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-16 18:45 - 2014-07-25 05:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-16 18:45 - 2014-07-25 05:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-16 18:45 - 2014-07-25 05:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-16 18:45 - 2014-07-25 05:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-16 18:45 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 18:45 - 2014-07-25 05:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-16 18:45 - 2014-07-25 05:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-16 18:45 - 2014-07-25 05:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-16 18:45 - 2014-07-25 04:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-16 18:45 - 2014-07-25 04:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-16 18:45 - 2014-07-25 04:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-16 18:45 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 18:45 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 18:45 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 18:45 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 18:45 - 2014-07-25 04:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-16 18:45 - 2014-07-25 04:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-16 18:45 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 18:45 - 2014-07-25 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-16 18:45 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 18:45 - 2014-07-25 04:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-16 18:45 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 18:45 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 18:45 - 2014-07-25 04:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-16 18:45 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 18:45 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 18:45 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 18:45 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 18:45 - 2014-07-25 03:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-16 18:45 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 18:45 - 2014-07-25 03:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-16 18:45 - 2014-07-25 03:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-16 18:45 - 2014-07-25 03:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-16 18:45 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 18:45 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 18:45 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 18:45 - 2014-07-25 03:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-16 18:45 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 18:45 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 18:45 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 18:45 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 18:45 - 2014-07-25 02:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-16 18:45 - 2014-07-25 02:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-16 18:45 - 2014-07-25 02:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-16 18:45 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 18:45 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 18:45 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 18:44 - 2014-08-16 18:44 - 00931328 _____ () C:\Users\Brandus\Downloads\Chapter 1.ppt
2014-08-16 18:41 - 2014-07-15 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-16 18:41 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 18:41 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-16 18:41 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 18:41 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-16 18:41 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-16 18:41 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-16 18:41 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-16 18:41 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-16 18:41 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 18:41 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 18:41 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 18:36 - 2014-08-06 18:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-16 18:36 - 2014-08-06 18:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-16 18:36 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-16 18:36 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-03 22:13 - 2014-09-02 22:32 - 00000000 ____D () C:\FRST
2014-09-02 19:25 - 2013-07-14 11:45 - 00002078 _____ () C:\Users\Brandus\Desktop\Madden NFL 08.lnk
2014-09-02 18:34 - 2012-11-19 19:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-02 16:52 - 2014-01-06 10:00 - 00001429 _____ () C:\Users\Brandus\Desktop\pcsx2 - Shortcut.lnk
2014-09-02 16:52 - 2012-08-19 06:33 - 00001290 _____ () C:\Users\Brandus\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk
2014-09-02 16:52 - 2012-08-04 21:51 - 00001949 _____ () C:\Users\Brandus\Desktop\Play COD MW3.lnk
2014-09-02 16:52 - 2012-08-04 20:55 - 00000909 _____ () C:\Users\Brandus\Desktop\MagicDisc.lnk
2014-09-02 16:51 - 2013-10-18 09:43 - 00000987 _____ () C:\Users\Brandus\Desktop\Democracy 2.lnk
2014-09-02 16:51 - 2013-09-03 05:44 - 00000939 _____ () C:\Users\Brandus\Desktop\DVD Shrink 3.2.lnk
2014-09-02 16:51 - 2012-08-24 15:27 - 00001193 _____ () C:\Users\Brandus\Desktop\AVS Video Converter.lnk
2014-09-02 16:45 - 2014-03-05 14:27 - 00000994 _____ () C:\Users\Brandus\Desktop\µTorrent.lnk
2014-09-02 16:45 - 2012-08-04 21:01 - 00000000 ____D () C:\Users\Brandus\AppData\Roaming\uTorrent
2014-09-02 16:39 - 2014-09-02 16:38 - 00000000 ____D () C:\Windows\Windows
2014-09-02 06:39 - 2014-09-02 06:39 - 00000000 __SHD () C:\found.000
2014-09-02 02:12 - 2012-08-05 05:47 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-02 02:11 - 2013-10-09 13:03 - 00000000 ____D () C:\ProgramData\Intel
2014-09-02 02:09 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 02:09 - 2009-07-13 20:45 - 00028848 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 02:05 - 2013-11-19 20:54 - 00000000 ____D () C:\Users\Brandus\Lucidlogix
2014-09-02 02:04 - 2012-08-04 21:27 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 02:04 - 2012-08-04 21:27 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 02:01 - 2013-03-03 09:33 - 00000204 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-02 02:01 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 14:40 - 2012-08-06 16:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieUserList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieSiteList
2014-08-28 10:59 - 2014-08-28 10:59 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Macromedia
2014-08-28 10:45 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\lucidlogix
2014-08-28 10:45 - 2013-07-15 09:07 - 00000067 _____ () C:\Windows\System32\VpnService.log
2014-08-28 03:56 - 2013-08-31 14:10 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-08-28 03:56 - 2009-07-13 20:45 - 00409576 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-28 03:55 - 2012-08-05 00:07 - 00347202 _____ () C:\Windows\PFRO.log
2014-08-27 21:34 - 2012-08-07 19:20 - 00000000 ____D () C:\Users\Brandus\Documents\Outlook Files
2014-08-27 20:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-08-27 08:09 - 2012-08-19 14:24 - 00000000 ____D () C:\Users\Brandus\Documents\RCT3
2014-08-27 08:09 - 2012-08-04 21:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-27 08:08 - 2014-08-27 08:08 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Intel Corporation
2014-08-27 08:08 - 2014-01-07 06:35 - 00000000 ____D () C:\KA
2014-08-27 08:08 - 2014-01-06 07:16 - 00000365 _____ () C:\Windows\ka.ini
2014-08-27 08:07 - 2014-08-27 08:07 - 00109680 _____ () C:\Users\Ebony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ___RD () C:\Users\Ebony\Podcasts
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Canon
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Apple Computer
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Adobe
2014-08-27 08:07 - 2014-08-27 08:07 - 00000000 ____D () C:\Users\Ebony\AppData\Local\Google
2014-08-27 08:07 - 2014-08-27 08:06 - 00000000 ____D () C:\users\Ebony
2014-08-27 08:06 - 2014-08-27 08:06 - 00000020 ___SH () C:\Users\Ebony\ntuser.ini
2014-08-27 08:06 - 2014-08-27 08:06 - 00000000 ____D () C:\Users\Ebony\AppData\Local\VirtualStore
2014-08-25 20:11 - 2014-02-19 08:07 - 00000000 ____D () C:\Users\Brandus\AppData\Roaming\abgx360
2014-08-25 20:09 - 2014-08-25 20:07 - 00000000 ____D () C:\Users\Brandus\Desktop\Madden.NFL.15.XBOX360-COMPLEX
2014-08-22 18:07 - 2014-08-27 21:16 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-22 17:45 - 2014-08-27 21:16 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 16:59 - 2014-08-27 21:16 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-20 03:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 03:04 - 2014-02-08 06:43 - 00000000 ____D () C:\Users\Brandus\Downloads\Utorrent
2014-08-20 02:32 - 2012-08-25 07:49 - 00000000 ___RD () C:\Users\Brandus\Podcasts
2014-08-18 03:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-18 02:47 - 2012-08-05 09:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-18 02:43 - 2013-08-14 13:16 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-18 02:40 - 2012-08-05 05:24 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-18 02:36 - 2014-05-04 19:05 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-18 02:34 - 2012-08-05 05:51 - 00109680 _____ () C:\Users\Brandus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-16 19:06 - 2012-08-04 21:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-16 18:44 - 2014-08-16 18:44 - 00931328 _____ () C:\Users\Brandus\Downloads\Chapter 1.ppt
2014-08-16 18:10 - 2014-03-09 14:45 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-08-16 17:44 - 2013-07-29 15:39 - 00000000 ____D () C:\Users\Brandus\Heaven
2014-08-15 17:14 - 2012-08-04 21:34 - 00006656 _____ () C:\Windows\System32\lpcio.dll
2014-08-15 17:13 - 2014-07-27 19:44 - 00009742 _____ () C:\Users\Brandus\Documents\bill.xlsx
2014-08-06 18:06 - 2014-08-16 18:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-06 18:01 - 2014-08-16 18:36 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-04 13:41 - 2014-03-02 14:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-04 13:41 - 2014-03-02 14:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
 
Files to move or delete:
====================
C:\Users\Brandus\Democracy2_Win_1370545527.exe
 
 
Some content of TEMP:
====================
C:\Users\Brandus\AppData\Local\Temp\AskSLib.dll
C:\Users\Brandus\AppData\Local\Temp\AutoRun.exe
C:\Users\Brandus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Brandus\AppData\Local\Temp\EAInstall.dll
C:\Users\Brandus\AppData\Local\Temp\htmlayout.dll
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_CR_Downloader_for_ncaa-football-'11.exe
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_halloween.exe
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_ICReinstall_halloween.exe
C:\Users\Brandus\AppData\Local\Temp\installerdll43052171.dll
C:\Users\Brandus\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\madden_inst.exe
C:\Users\Brandus\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Brandus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Brandus\AppData\Local\Temp\nvStInst.exe
C:\Users\Brandus\AppData\Local\Temp\ose00000.exe
C:\Users\Brandus\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Brandus\AppData\Local\Temp\sfextra.dll
C:\Users\Brandus\AppData\Local\Temp\sonarinst.exe
C:\Users\Brandus\AppData\Local\Temp\SRLDetectionLibrary7486045928970420086.dll
C:\Users\Brandus\AppData\Local\Temp\temp.exe
C:\Users\Brandus\AppData\Local\Temp\uninstall.exe
C:\Users\Brandus\AppData\Local\Temp\uninstall8245890.exe
C:\Users\Brandus\AppData\Local\Temp\utt60F5.tmp.exe
C:\Users\Brandus\AppData\Local\Temp\_is4549.exe
C:\Users\Brandus\AppData\Local\Temp\_isA231.exe
C:\Users\Brandus\AppData\Local\Temp\_isB732.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 5080.04 MB
Available physical RAM: 4529.26 MB
Total Pagefile: 5078.19 MB
Available Pagefile: 4514.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:241.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:29.59 GB) (Free:6.85 GB) NTFS
Drive e: (WDO_Media64) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7DA726B7)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-08-27 03:53
 
==================== End Of Log ============================

  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
This is the main problem we need to deal with:

Attention: Could not load system hive.


I am considering rollback, but I need to know the exact date when the issue started.
  • 0

#6
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

september 1


  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK. We're dealing with a borked registry here. The attempts to fix it may or may not be succesful, so before it please make a solid backup of your personal files. Do not backup any executables (software, games, installators).  You may do this using Puppy Linux, instructions below.


Puppy%20Linux.png Backup your data using Puppy Linux

These instructions come courtesy of phillpower2 from our technical section.

===================
***Required Hardware***
CD Burner (CDRW) Drive,
Blank CD,
Extra Storage Device (USB Flash Drive, External Hard Drive)
===================

1. Save these files to your Desktop/Burn Your Live CD:

There are instructions on how to boot from flash drive with puppy here


  • Open BurnCDCC with Windows Explorer
  • Extract All files to a location you can remember
  • Double Click 1BurnCDCCIcon.PNGBurnCDCC
  • Click Browse 2BurnCDCCBrowseButton.PNG and navigate to the Puppy Linux ISO file you just downloaded
  • Open/Double Click that file
    IMPORTANT: Adjust the speed bar to CD: 4x DVD: 1x
  • Click Start 3BurnCDCCStartButton.PNG
  • Your CD Burner Tray will open automatically
  • Insert a blank CD and close the tray
  • Click OK

Puppy Linux Live CD will now be created


2. Set your boot priority in the BIOS to CD-ROM first, Hard Drive Second

  • Start the computer/press the power button
  • Immediately start tapping the appropriate key to enter the BIOS, aka "Setup"
    (Usually shown during the "Dell" screen, or "Gateway" Screen)
  • Once in the BIOS, under Advanced BIOS Options change boot priority to:
    CD-ROM 1st, Hard Drive 2nd
  • Open your ROM drive and insert the disk
  • Press F10 to save and exit
  • Agree with "Y" to continue
  • Your computer will restart and boot from the Puppy Linux Live CD
    4BIOSBootPriorityImage.png

3. Recover Your Data
Once Puppy Linux has loaded, it is actually running in your computer's Memory (RAM). You will see a fully functioning Graphical User Interface similar to what you normally call "your computer". Internet access may or may not be available depending on your machine, so it is recommended you print these instructions before beginning. Also, double clicking is not needed in Puppy. To expand, or open folders/icons, just click once. Puppy is very light on resources, so you will quickly notice it is much speedier than you are used to. This is normal. Ready? Let's get started.

3a. Mount Drives

  • Click the Mount Icon located at the top left of your desktop. 5PuppyLinuxMountIcon.PNG
  • A Window will open. By default, the "drive" tab will be forward/highlighted. Click on Mount for your hard drive.
  • Assuming you only have one hard drive and/or partition, there may be only one selection to mount.
  • USB Flash Drives usually automatically mount upon boot, but click the "usbdrv" tab and make sure it is mounted.
  • If using an external hard drive for the data recovery, do this under the "drive" tab. Mount it now.

3b. Transfer Files.

  • At the bottom left of your desktop a list of all hard drives/partitions, USB Drives, and Optical Drives are listed with a familiar looking hard drive icon.
  • Open your old hard drive i.e. sda1
  • Next, open your USB Flash Drive or External Drive. i.e. sdc or sdb1
  • If you open the wrong drive, simply X out at the top right corner of the window that opens. (Just like in Windows)
  • From your old hard drive, drag and drop whatever files/folders you wish to transfer to your USB Drive's Window.

For The Novice: The common path to your pictures, music, video, and documents folders is: Documents and Settings >> All Users (or each idividual name of each user. CHECK All Names!) >> Documents >> You will now see My Music, My Pictures, and My Videos.
Alternatively search for Main drive >> Users >> Username

Remember to only click once! No double clicking! Once you drag and drop your first folder, you will notice a small menu will appear giving you the option to move or copy. Choose COPY each time you drag and drop.

If you're doing this to recover from a virus or malware infection, (or even if you're not), DO NOT copy executable files (.exe, .scr. etc...) if any of these files are infected you could be copying the corruption over to any new device/computer. Just copy documents, pictures, music, or videos.

YOU ARE DONE!!! Simply click Menu >> Mouse Over Shutdown >> Reboot/Turn Off Computer. Be sure to plug your USB Drive into another working windows machine to verify all data is there and transferred without corruption.
Congratulations!

PuppyLinux528screenshot.png


  • 0

#8
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

OK i already have my personal files backed up


  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

rufus-128.png_FRST.gif Fix with Farbar Recovery Scan Tool from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

PREPARATIONS

notepad.png Prepare the fix on your clean machine



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    LastRegBack: 2014-08-27 03:53
    end
  • Click File, Save As and type fixlist.txt as the File Name.

After that please copy fixlist.txt to the root of your pendrive (where FRST is located).
Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting from one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Fix with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click FIX and wait.

When finished it will produce a logfile named fixlog.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.


Are you able to boot-up?


  • 0

#10
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

thanks I will do this when i get home


  • 0

Advertisements


#11
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I just finished and Now I am able to boot.

 

Here is the fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014
Ran by SYSTEM at 2014-09-04 18:08:26 Run:3
Running from F:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
start
LastRegBack: 2014-08-27 03:53
end
*****************
 
C:\Windows\System32\config\DEFAULT => File not found.
DEFAULT hive was successfully restored from registry back up.
C:\Windows\System32\config\SAM => File not found.
SAM hive was successfully restored from registry back up.
C:\Windows\System32\config\SECURITY => File not found.
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====

  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Glad to hear this :) :thumbsup:
 
Download and run a fresh copy of FRST from the working system.


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#13
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Here is the Two logs

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Brandus at 2014-09-05 07:21:47
Running from C:\Users\Brandus\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
3DMark06 (HKLM-x32\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.0 - Futuremark Corporation)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Alan Wake (HKLM-x32\...\Alan Wake_is1) (Version:  - )
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Batman.Arkham Origins + 1 DLC (HKLM-x32\...\Batman.Arkham Origins + 1 DLC_is1) (Version: Batman.Arkham Origins + 1 DLC - RiP by Fenixx (25.10.2013))
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
Blackboard IM 4.1.0-C (HKLM-x32\...\Blackboard IM) (Version: 4.1.0-C - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version:  - )
Caesars Palace 2000 (HKLM-x32\...\iplaycp2000) (Version:  - )
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - )
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MG5300 series User Registration (HKLM-x32\...\Canon MG5300 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Civilization.V.GOTY.incl.Gods.and.Kings (HKLM-x32\...\Civilization.V.GOTY.incl.Gods.and.Kings_is1) (Version:  - )
COMODO EasyVPN (HKLM\...\{16622757-3724-4DA8-A5CC-3CE75636E8B9}) (Version: 2.3.76.0 - COMODO)
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor Pro 1.14 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
dBASE Plus 8 (With ADO) (HKLM-x32\...\{CF0C2220-37B4-11E1-3D6C-48702A364AE1}) (Version: 8.1.0.0 - dBase, LLC)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Democracy 2 (HKLM-x32\...\Democracy 2_is1) (Version:  - )
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD or CD Sharing (HKLM\...\{471B4067-7A68-4488-854A-6AC999AC08F6}) (Version: 1.4.1.3 - Apple Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
EA SPORTS online 2008 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EZSetup B12.1121.1 (HKLM-x32\...\InstallShield_{6B1DC7A8-0B59-45C4-9836-ACC245161AE1}) (Version: 1.00.0000 - Gigabyte)
EZSetup B12.1121.1 (x32 Version: 1.00.0000 - Gigabyte) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.21.2.1 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hoyle Casino Games 2011 (remove only) (HKLM-x32\...\Hoyle Casino Games 2011) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inno Setup QuickStart Pack version 5.5.3 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.3 - Martijn Laan)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 13.1.0.1058 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JumpStart Advanced Discovery Time (HKLM-x32\...\JumpStart Advanced Discovery Time) (Version:  - )
JumpStart Advanced Play & Learn Time (HKLM-x32\...\JumpStart Advanced Play & Learn Time) (Version:  - )
Madden NFL 08 (HKLM-x32\...\{A3BC1DBD-64D6-4EBC-0091-24C811662D40}) (Version:  - Electronic Arts)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1010 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyITLab (HKLM-x32\...\{58AFFDB8-CA72-45B3-869E-A5F10BC032AC}) (Version: 1.50.1 - Pearson Education)
MyITLab ActiveX Installer 2, 9, 8, 65535 (HKLM-x32\...\MyITLab ActiveX Installer_is1) (Version:  - Pearson Education)
NBA 2K13 (HKLM-x32\...\Steam App 219600) (Version:  - 2K Sports)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
SnapPlayer (HKLM-x32\...\{FF7991D3-7C6D-4C87-A541-545198F52E7D}) (Version: 1.0.4497.25196 - EMCP)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{E77DA909-3532-4C95-AFEB-06310E88462A}) (Version: 6.0.3.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VIRTU MVP 2.1.221 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.221 - Lucidlogix Technologies LTD)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.6678 - Widevine Technologies)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Phone Engineering Flashing Tool (HKLM\...\{47135C88-5123-46AF-B9AF-26F4287A6401}) (Version: 04.08.2134.00 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
04-09-2014 22:30:04 Windows Update
04-09-2014 22:41:59 IIF_MSI
04-09-2014 23:43:58 Windows Update
04-09-2014 23:49:08 Installed EZSetup B12.1121.1
05-09-2014 01:55:46 Windows Update
05-09-2014 02:53:21 Windows Update
05-09-2014 03:51:54 Windows Update
05-09-2014 04:05:41 Windows Update
05-09-2014 04:54:50 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0105A636-29E6-494D-BF21-A9439A27244A} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-BRANDUS-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {225890D5-B40A-4C27-8A61-FAECF126B587} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-16] (Adobe Systems Incorporated)
Task: {64EDA4AF-DA83-484E-B4FA-2E639A516582} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05] (Google Inc.)
Task: {6A389D41-E687-4A50-B440-E6AB77C8E594} - System32\Tasks\MSIAfterburner
Task: {70792606-9640-4B23-A950-5E5DAF84B056} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-05] (Google Inc.)
Task: {7D16E919-6B73-44C7-B5F8-5B86FDB82B8B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {8414AD27-7D05-43CE-A0B0-D5EAA8325847} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {A1537550-3AF0-4ED1-9015-AEE90B452E11} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-13 21:04 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-12-14 15:56 - 2010-12-14 15:56 - 00142640 _____ () C:\Program Files\COMODO\EasyVPN\Vpnservice.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-19 20:39 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-07-14 09:53 - 2013-07-14 17:08 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-09 17:06 - 2012-05-23 03:01 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-10-09 17:06 - 2012-05-23 03:01 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-01 18:34 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-01 18:34 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-01 18:34 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-08-20 18:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 17:52 - 2014-08-28 07:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-01 18:34 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-01 18:34 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-11-19 23:49 - 2014-08-28 07:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-04 19:06 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 19:06 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2012-11-19 23:49 - 2014-08-20 18:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-10-09 17:02 - 2012-05-10 15:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-04 19:06 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 19:06 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 19:06 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-09-04 19:06 - 2014-08-29 22:49 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:ED45A20F
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Comodo EasyVPN Adapter
Description: Comodo EasyVPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Comodo
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/05/2014 06:55:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 13.1.0.1058, time stamp: 0x53642550
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x46c
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3
 
Error: (09/05/2014 06:55:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.MissingMethodException
Stack:
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/05/2014 06:54:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorIcon.exe, version: 13.1.0.1058, time stamp: 0x53642564
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x17dc
Faulting application start time: 0xIAStorIcon.exe0
Faulting application path: IAStorIcon.exe1
Faulting module path: IAStorIcon.exe2
Report Id: IAStorIcon.exe3
 
Error: (09/05/2014 06:54:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
Stack:
   at IAStorIcon.StorageIcon.setUpService()
   at IAStorIcon.StorageIcon..ctor()
   at IAStorIcon.Program.Main()
 
Error: (09/05/2014 00:40:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 13.1.0.1058, time stamp: 0x53642550
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x12ac
Faulting application start time: 0xIAStorDataMgrSvc.exe0
Faulting application path: IAStorDataMgrSvc.exe1
Faulting module path: IAStorDataMgrSvc.exe2
Report Id: IAStorDataMgrSvc.exe3
 
Error: (09/05/2014 00:40:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.MissingMethodException
Stack:
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/05/2014 00:40:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorIcon.exe, version: 13.1.0.1058, time stamp: 0x53642564
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x344
Faulting application start time: 0xIAStorIcon.exe0
Faulting application path: IAStorIcon.exe1
Faulting module path: IAStorIcon.exe2
Report Id: IAStorIcon.exe3
 
Error: (09/05/2014 00:40:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
Stack:
   at IAStorIcon.StorageIcon.setUpService()
   at IAStorIcon.StorageIcon..ctor()
   at IAStorIcon.Program.Main()
 
Error: (09/05/2014 00:06:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (09/05/2014 00:06:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
 
 
System errors:
=============
Error: (09/05/2014 07:03:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Interactive Services Detection service failed to start due to the following error: 
%%1053
 
Error: (09/05/2014 07:03:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Interactive Services Detection service to connect.
 
Error: (09/05/2014 06:55:56 AM) (Source: ZuneNetworkSvc) (EventID: 14344) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d278f'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.
 
Error: (09/05/2014 06:55:56 AM) (Source: ZuneNetworkSvc) (EventID: 14344) (User: )
Description: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d278f'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.
 
Error: (09/05/2014 06:55:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/05/2014 06:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (09/05/2014 06:53:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (09/05/2014 06:53:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (09/05/2014 06:53:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (09/05/2014 06:53:58 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
 
Microsoft Office Sessions:
=========================
Error: (09/05/2014 06:55:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe13.1.0.105853642550KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d46c01cfc8f7e4f75753C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\syswow64\KERNELBASE.dll23ae60e3-34eb-11e4-9dd9-902b3459d8a5
 
Error: (09/05/2014 06:55:25 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.MissingMethodException
Stack:
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/05/2014 06:54:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorIcon.exe13.1.0.105853642564KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d17dc01cfc8f7c2a63381C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Windows\syswow64\KERNELBASE.dll0aa2e102-34eb-11e4-9dd9-902b3459d8a5
 
Error: (09/05/2014 06:54:41 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
Stack:
   at IAStorIcon.StorageIcon.setUpService()
   at IAStorIcon.StorageIcon..ctor()
   at IAStorIcon.Program.Main()
 
Error: (09/05/2014 00:40:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorDataMgrSvc.exe13.1.0.105853642550KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d12ac01cfc8c392a462c7C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\syswow64\KERNELBASE.dlld2a1378c-34b6-11e4-b32f-902b3459d8a5
 
Error: (09/05/2014 00:40:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.MissingMethodException
Stack:
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (09/05/2014 00:40:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IAStorIcon.exe13.1.0.105853642564KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d34401cfc8c37335f756C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Windows\syswow64\KERNELBASE.dllc42a75c5-34b6-11e4-b32f-902b3459d8a5
 
Error: (09/05/2014 00:40:27 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorIcon.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
Stack:
   at IAStorIcon.StorageIcon.setUpService()
   at IAStorIcon.StorageIcon..ctor()
   at IAStorIcon.Program.Main()
 
Error: (09/05/2014 00:06:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000
 
Error: (09/05/2014 00:06:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 45%
Total physical RAM: 5078.43 MB
Available physical RAM: 2763.76 MB
Total Pagefile: 10155.03 MB
Available Pagefile: 7491.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:234.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7DA726B7)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
FRST.TXT
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Brandus (administrator) on BRANDUS-PC on 05-09-2014 07:20:37
Running from C:\Users\Brandus\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\COMODO\EasyVPN\Vpnservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3042816 2012-11-22] ()
HKLM\...\Run: [DVD or CD Sharing] => C:\Program Files\DVD or CD Sharing\ODSAgent.exe [588088 2011-03-28] (Apple Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5120144 2012-05-23] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Brandus\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\Run: [GoogleChromeAutoLaunch_608DC4D237EEAEB08E86F56C53DE0025] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-29] (Google Inc.)
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\MountPoints2: {591ee93e-df0c-11e1-948a-001fbc08e6bf} - F:\LaunchU3.exe -a
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\MountPoints2: {643f9241-3485-11e4-a2cd-806e6f6e6963} - F:\Run.exe
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\MountPoints2: {7b9d9e5d-50a5-11e3-9dc3-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\MountPoints2: {8012bcc4-49ca-11e2-a9e7-001fbc08e6bf} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
HKU\S-1-5-21-64458301-3811412213-3004959275-1001\...\MountPoints2: {d684d064-3128-11e3-b4b0-806e6f6e6963} - D:\Run.exe
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [465408 2012-11-22] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [426496 2012-11-22] (Lucidlogix Inc.)
Startup: C:\Users\Brandus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5B2B89596D47CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://cc.ivytech.edu", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Brandus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brandus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Search) - C:\Users\Brandus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (Google Play Music) - C:\Users\Brandus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-07-29]
CHR Extension: (Discussions button for Google Search™) - C:\Users\Brandus\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjiggoeheaondbmhmilpmbdkpgcjmdn [2014-07-29]
CHR Extension: (Google Wallet) - C:\Users\Brandus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 CrdphService; C:\Program Files\COMODO\EasyVPN\crdphService.exe [559408 2010-11-23] (COMODO)
R2 EasyVpnAdpt; C:\Program Files\COMODO\EasyVPN\Vpnservice.exe [142640 2010-12-14] ()
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-14] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 ATP; C:\Windows\System32\DRIVERS\cmdatp.sys [20888 2010-12-13] (Comodo, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
S3 WinRing0_1_2_0; C:\Users\Brandus\Downloads\RealTemp_370\WinRing0x64.sys [14544 2012-08-06] (OpenLibSys.org)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 cpuz130; \??\C:\Users\Brandus\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: SearchIndexer -> No ServiceDLL Path.
NETSVC: SearchIndexer -> No ServiceDLL Path.
NETSVC: SearchIndexer -> No ServiceDLL Path.
NETSVC: SearchIndexer -> No ServiceDLL Path.
NETSVC: SearchIndexer -> No ServiceDLL Path.
NETSVC: SearchIndexer -> No ServiceDLL Path.
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-05 07:20 - 2014-09-05 07:21 - 00018233 _____ () C:\Users\Brandus\Desktop\FRST.txt
2014-09-05 07:19 - 2014-09-05 07:19 - 02104832 _____ (Farbar) C:\Users\Brandus\Desktop\FRST64.exe
2014-09-04 23:10 - 2014-09-04 23:14 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-04 23:09 - 2014-09-04 23:10 - 00000000 ____D () C:\Windows\GBD
2014-09-04 23:08 - 2014-09-04 23:08 - 00000000 __SHD () C:\Users\Brandus\AppData\Local\EmieUserList
2014-09-04 23:08 - 2014-09-04 23:08 - 00000000 __SHD () C:\Users\Brandus\AppData\Local\EmieSiteList
2014-09-04 22:08 - 2014-09-04 22:08 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-09-04 21:50 - 2014-09-04 21:50 - 00223768 _____ (Intel Corporation) C:\Windows\Raidcfg32.exe
2014-09-04 21:50 - 2014-09-04 21:50 - 00000377 _____ () C:\Windows\Graid.txt
2014-09-04 20:02 - 2014-09-04 21:08 - 00000086 _____ () C:\Windows\ezsr.log
2014-09-04 20:02 - 2014-09-04 20:02 - 00000000 ____D () C:\ProgramData\InstallShield
2014-09-04 20:00 - 2014-09-05 06:55 - 00003228 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-09-04 19:55 - 2012-07-20 17:09 - 00193576 _____ (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
2014-09-04 19:55 - 2012-07-20 17:09 - 00043800 _____ (Intel Corporation) C:\Windows\system32\Drivers\irstrtdv.sys
2014-09-04 19:50 - 2014-09-04 21:08 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2014-09-04 19:50 - 2014-09-04 21:08 - 00000027 ____N () C:\Windows\cli.bat
2014-09-04 19:50 - 2014-09-04 21:08 - 00000000 _____ () C:\Windows\Gcli.txt
2014-09-04 19:49 - 2014-09-04 19:49 - 00002017 _____ () C:\Users\Public\Desktop\EZSetup.lnk
2014-09-04 19:49 - 2014-09-04 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte
2014-09-04 19:48 - 2012-12-06 06:12 - 00000000 ____D () C:\Users\Brandus\Downloads\EZsetup
2014-09-04 19:47 - 2014-09-04 19:48 - 52156849 _____ (Igor Pavlov) C:\Users\Brandus\Downloads\mb_utility_ezsetup.exe
2014-09-04 19:29 - 2014-09-04 19:29 - 01545259 _____ (Igor Pavlov) C:\Users\Brandus\Downloads\mb_utility_intel_irst.exe
2014-09-04 19:29 - 2012-04-13 01:34 - 00000000 ____D () C:\Users\Brandus\Downloads\IRST_SW
2014-09-04 18:43 - 2014-09-04 19:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-04 18:41 - 2014-09-04 18:41 - 11585520 _____ (Intel Corporation) C:\Users\Brandus\Downloads\SetupRST.exe
2014-09-04 18:30 - 2014-09-04 18:30 - 00006362 _____ () C:\Windows\SysWOW64\PerfStringBackup.TMP
2014-09-04 18:22 - 2014-09-05 00:06 - 00006390 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-09-04 18:11 - 2014-09-05 07:21 - 01809089 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 18:10 - 2014-09-05 06:52 - 00001624 _____ () C:\Windows\setupact.log
2014-09-03 02:32 - 2014-09-05 07:20 - 00000000 ____D () C:\FRST
2014-09-02 20:38 - 2014-09-02 20:39 - 00000000 ____D () C:\Windows\Windows
2014-09-02 10:39 - 2014-09-02 10:39 - 00000000 __SHD () C:\found.000
2014-08-28 14:59 - 2014-08-28 14:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieUserList
2014-08-28 14:59 - 2014-08-28 14:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieSiteList
2014-08-28 14:59 - 2014-08-28 14:59 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Macromedia
2014-08-28 01:16 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 01:16 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 01:16 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 12:08 - 2014-08-27 12:08 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Intel Corporation
2014-08-27 12:07 - 2014-08-28 14:45 - 00000000 ____D () C:\Users\Ebony\lucidlogix
2014-08-27 12:07 - 2014-08-27 12:07 - 00109680 _____ () C:\Users\Ebony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 12:07 - 2014-08-27 12:07 - 00001413 _____ () C:\Users\Ebony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ___RD () C:\Users\Ebony\Podcasts
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Canon
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Apple Computer
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Adobe
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Local\Google
2014-08-27 12:06 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony
2014-08-27 12:06 - 2014-08-27 12:06 - 00000020 ___SH () C:\Users\Ebony\ntuser.ini
2014-08-27 12:06 - 2014-08-27 12:06 - 00000000 ____D () C:\Users\Ebony\AppData\Local\VirtualStore
2014-08-27 12:06 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Ebony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-27 12:06 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Ebony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-26 00:07 - 2014-08-26 00:09 - 00000000 ____D () C:\Users\Brandus\Desktop\Madden.NFL.15.XBOX360-COMPLEX
2014-08-18 06:37 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-18 06:37 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-18 06:37 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 06:37 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 06:37 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-18 06:37 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-18 06:37 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-18 06:37 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 22:45 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 22:45 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 22:45 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 22:45 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 22:45 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-16 22:45 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 22:45 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 22:45 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 22:45 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-16 22:45 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 22:45 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-16 22:45 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 22:45 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 22:45 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 22:45 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 22:45 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-16 22:45 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-16 22:45 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-16 22:45 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-16 22:45 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 22:45 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 22:45 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 22:45 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 22:45 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 22:45 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 22:45 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 22:45 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 22:45 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 22:45 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 22:45 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 22:45 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 22:45 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 22:45 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 22:45 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 22:45 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 22:45 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 22:45 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 22:45 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 22:45 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 22:45 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 22:45 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 22:45 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-16 22:45 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 22:45 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 22:45 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 22:45 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 22:45 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 22:45 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 22:45 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 22:45 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 22:45 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 22:45 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 22:45 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 22:45 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 22:45 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 22:45 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 22:44 - 2014-08-16 22:44 - 00931328 _____ () C:\Users\Brandus\Downloads\Chapter 1.ppt
2014-08-16 22:41 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 22:41 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 22:41 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 22:41 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 22:41 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 22:41 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 22:41 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 22:41 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 22:41 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 22:41 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 22:41 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 22:41 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 22:36 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 22:36 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-16 22:36 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 22:36 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-05 07:21 - 2014-09-05 07:20 - 00018233 _____ () C:\Users\Brandus\Desktop\FRST.txt
2014-09-05 07:21 - 2014-09-04 18:11 - 01809089 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 07:20 - 2014-09-03 02:32 - 00000000 ____D () C:\FRST
2014-09-05 07:19 - 2014-09-05 07:19 - 02104832 _____ (Farbar) C:\Users\Brandus\Desktop\FRST64.exe
2014-09-05 07:04 - 2012-08-05 01:27 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 07:00 - 2009-07-14 00:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 07:00 - 2009-07-14 00:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 06:55 - 2014-09-04 20:00 - 00003228 _____ () C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2014-09-05 06:54 - 2013-11-20 00:54 - 00000000 ____D () C:\Users\Brandus\Lucidlogix
2014-09-05 06:53 - 2013-07-15 13:07 - 00000067 _____ () C:\Windows\system32\VpnService.log
2014-09-05 06:53 - 2013-03-03 13:33 - 00000204 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-05 06:53 - 2012-11-19 23:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-05 06:53 - 2012-08-05 01:27 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 06:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 06:52 - 2014-09-04 18:10 - 00001624 _____ () C:\Windows\setupact.log
2014-09-05 00:40 - 2012-08-06 20:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 00:06 - 2014-09-04 18:22 - 00006390 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-09-04 23:14 - 2014-09-04 23:10 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-04 23:10 - 2014-09-04 23:09 - 00000000 ____D () C:\Windows\GBD
2014-09-04 23:08 - 2014-09-04 23:08 - 00000000 __SHD () C:\Users\Brandus\AppData\Local\EmieUserList
2014-09-04 23:08 - 2014-09-04 23:08 - 00000000 __SHD () C:\Users\Brandus\AppData\Local\EmieSiteList
2014-09-04 23:04 - 2013-10-09 17:01 - 00000010 _____ () C:\Windows\GSetup.ini
2014-09-04 22:08 - 2014-09-04 22:08 - 00000000 ____D () C:\Windows\system32\config\HiveBackup
2014-09-04 21:50 - 2014-09-04 21:50 - 00223768 _____ (Intel Corporation) C:\Windows\Raidcfg32.exe
2014-09-04 21:50 - 2014-09-04 21:50 - 00000377 _____ () C:\Windows\Graid.txt
2014-09-04 21:08 - 2014-09-04 20:02 - 00000086 _____ () C:\Windows\ezsr.log
2014-09-04 21:08 - 2014-09-04 19:50 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\etdrv.sys
2014-09-04 21:08 - 2014-09-04 19:50 - 00000027 ____N () C:\Windows\cli.bat
2014-09-04 21:08 - 2014-09-04 19:50 - 00000000 _____ () C:\Windows\Gcli.txt
2014-09-04 21:08 - 2012-09-05 22:08 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-04 20:02 - 2014-09-04 20:02 - 00000000 ____D () C:\ProgramData\InstallShield
2014-09-04 19:55 - 2014-09-04 18:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-04 19:49 - 2014-09-04 19:49 - 00002017 _____ () C:\Users\Public\Desktop\EZSetup.lnk
2014-09-04 19:49 - 2014-09-04 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte
2014-09-04 19:49 - 2013-10-09 17:17 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-09-04 19:49 - 2012-08-05 01:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-04 19:48 - 2014-09-04 19:47 - 52156849 _____ (Igor Pavlov) C:\Users\Brandus\Downloads\mb_utility_ezsetup.exe
2014-09-04 19:29 - 2014-09-04 19:29 - 01545259 _____ (Igor Pavlov) C:\Users\Brandus\Downloads\mb_utility_intel_irst.exe
2014-09-04 19:06 - 2012-08-05 01:27 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-04 18:41 - 2014-09-04 18:41 - 11585520 _____ (Intel Corporation) C:\Users\Brandus\Downloads\SetupRST.exe
2014-09-04 18:33 - 2012-08-05 04:07 - 00436766 _____ () C:\Windows\PFRO.log
2014-09-04 18:30 - 2014-09-04 18:30 - 00006362 _____ () C:\Windows\SysWOW64\PerfStringBackup.TMP
2014-09-02 23:25 - 2013-07-14 15:45 - 00002078 _____ () C:\Users\Brandus\Desktop\Madden NFL 08.lnk
2014-09-02 20:52 - 2014-01-06 14:00 - 00001429 _____ () C:\Users\Brandus\Desktop\pcsx2 - Shortcut.lnk
2014-09-02 20:52 - 2012-08-19 10:33 - 00001290 _____ () C:\Users\Brandus\Desktop\Civilization.V.GOTY.incl.Gods.and.Kings.lnk
2014-09-02 20:52 - 2012-08-05 01:51 - 00001949 _____ () C:\Users\Brandus\Desktop\Play COD MW3.lnk
2014-09-02 20:52 - 2012-08-05 00:55 - 00000909 _____ () C:\Users\Brandus\Desktop\MagicDisc.lnk
2014-09-02 20:51 - 2013-10-18 13:43 - 00000987 _____ () C:\Users\Brandus\Desktop\Democracy 2.lnk
2014-09-02 20:51 - 2013-09-03 09:44 - 00000939 _____ () C:\Users\Brandus\Desktop\DVD Shrink 3.2.lnk
2014-09-02 20:51 - 2012-08-24 19:27 - 00001193 _____ () C:\Users\Brandus\Desktop\AVS Video Converter.lnk
2014-09-02 20:45 - 2014-03-05 18:27 - 00000994 _____ () C:\Users\Brandus\Desktop\µTorrent.lnk
2014-09-02 20:45 - 2012-08-05 01:01 - 00000000 ____D () C:\Users\Brandus\AppData\Roaming\uTorrent
2014-09-02 20:39 - 2014-09-02 20:38 - 00000000 ____D () C:\Windows\Windows
2014-09-02 10:39 - 2014-09-02 10:39 - 00000000 __SHD () C:\found.000
2014-09-02 06:12 - 2012-08-05 09:47 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-02 06:11 - 2013-10-09 17:03 - 00000000 ____D () C:\ProgramData\Intel
2014-08-28 14:59 - 2014-08-28 14:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieUserList
2014-08-28 14:59 - 2014-08-28 14:59 - 00000000 __SHD () C:\Users\Ebony\AppData\Local\EmieSiteList
2014-08-28 14:59 - 2014-08-28 14:59 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Macromedia
2014-08-28 14:45 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\lucidlogix
2014-08-28 07:56 - 2013-08-31 18:10 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-08-28 07:56 - 2009-07-14 00:45 - 00409576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 01:34 - 2012-08-07 23:20 - 00000000 ____D () C:\Users\Brandus\Documents\Outlook Files
2014-08-28 00:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\spool
2014-08-27 12:09 - 2012-08-19 18:24 - 00000000 ____D () C:\Users\Brandus\Documents\RCT3
2014-08-27 12:08 - 2014-08-27 12:08 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Intel Corporation
2014-08-27 12:08 - 2014-01-07 10:35 - 00000000 ____D () C:\KA
2014-08-27 12:08 - 2014-01-06 11:16 - 00000365 _____ () C:\Windows\ka.ini
2014-08-27 12:07 - 2014-08-27 12:07 - 00109680 _____ () C:\Users\Ebony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-27 12:07 - 2014-08-27 12:07 - 00001413 _____ () C:\Users\Ebony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ___RD () C:\Users\Ebony\Podcasts
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Canon
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Apple Computer
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Roaming\Adobe
2014-08-27 12:07 - 2014-08-27 12:07 - 00000000 ____D () C:\Users\Ebony\AppData\Local\Google
2014-08-27 12:07 - 2014-08-27 12:06 - 00000000 ____D () C:\Users\Ebony
2014-08-27 12:06 - 2014-08-27 12:06 - 00000020 ___SH () C:\Users\Ebony\ntuser.ini
2014-08-27 12:06 - 2014-08-27 12:06 - 00000000 ____D () C:\Users\Ebony\AppData\Local\VirtualStore
2014-08-26 00:11 - 2014-02-19 12:07 - 00000000 ____D () C:\Users\Brandus\AppData\Roaming\abgx360
2014-08-26 00:09 - 2014-08-26 00:07 - 00000000 ____D () C:\Users\Brandus\Desktop\Madden.NFL.15.XBOX360-COMPLEX
2014-08-22 22:07 - 2014-08-28 01:16 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 01:16 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 01:16 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 07:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 07:04 - 2014-02-08 10:43 - 00000000 ____D () C:\Users\Brandus\Downloads\Utorrent
2014-08-20 06:32 - 2012-08-25 11:49 - 00000000 ___RD () C:\Users\Brandus\Podcasts
2014-08-18 07:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-18 06:47 - 2012-08-05 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-18 06:43 - 2013-08-14 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-18 06:40 - 2012-08-05 09:24 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-18 06:36 - 2014-05-04 23:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-18 06:34 - 2012-08-05 09:51 - 00109680 _____ () C:\Users\Brandus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-16 22:44 - 2014-08-16 22:44 - 00931328 _____ () C:\Users\Brandus\Downloads\Chapter 1.ppt
2014-08-16 22:10 - 2014-03-09 18:45 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-08-16 22:09 - 2014-03-09 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2014-08-16 21:44 - 2013-07-29 19:39 - 00000000 ____D () C:\Users\Brandus\Heaven
2014-08-15 21:14 - 2012-08-05 01:34 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2014-08-15 21:13 - 2014-07-27 23:44 - 00009742 _____ () C:\Users\Brandus\Documents\bill.xlsx
2014-08-06 22:06 - 2014-08-16 22:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-16 22:36 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Files to move or delete:
====================
C:\Users\Brandus\Democracy2_Win_1370545527.exe
 
 
Some content of TEMP:
====================
C:\Users\Brandus\AppData\Local\Temp\AskSLib.dll
C:\Users\Brandus\AppData\Local\Temp\AutoRun.exe
C:\Users\Brandus\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Brandus\AppData\Local\Temp\EAInstall.dll
C:\Users\Brandus\AppData\Local\Temp\htmlayout.dll
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_CR_Downloader_for_ncaa-football-'11.exe
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_halloween.exe
C:\Users\Brandus\AppData\Local\Temp\ICReinstall_ICReinstall_halloween.exe
C:\Users\Brandus\AppData\Local\Temp\installerdll43052171.dll
C:\Users\Brandus\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Brandus\AppData\Local\Temp\madden_inst.exe
C:\Users\Brandus\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Brandus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Brandus\AppData\Local\Temp\nvStInst.exe
C:\Users\Brandus\AppData\Local\Temp\ose00000.exe
C:\Users\Brandus\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Brandus\AppData\Local\Temp\sfextra.dll
C:\Users\Brandus\AppData\Local\Temp\sonarinst.exe
C:\Users\Brandus\AppData\Local\Temp\SRLDetectionLibrary7486045928970420086.dll
C:\Users\Brandus\AppData\Local\Temp\temp.exe
C:\Users\Brandus\AppData\Local\Temp\uninstall.exe
C:\Users\Brandus\AppData\Local\Temp\uninstall8245890.exe
C:\Users\Brandus\AppData\Local\Temp\utt60F5.tmp.exe
C:\Users\Brandus\AppData\Local\Temp\_is4549.exe
C:\Users\Brandus\AppData\Local\Temp\_isA231.exe
C:\Users\Brandus\AppData\Local\Temp\_isB732.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 07:53
 
==================== End Of Log ============================

  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
 
gmericon.png Scan with Gmer

 

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.
Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!
icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.


  • 0

#15
brandus

brandus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

here is the content of the gmer file

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-06 12:49:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000007f Hitachi_ rev.JP2O 465.76GB
Running: ot16si01.exe; Driver: C:\Users\Brandus\AppData\Local\Temp\pftiyfog.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                         fffff800037ac000 52 bytes [00, 00, 48, 8B, D8, 48, 89, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 581                                                         fffff800037ac035 58 bytes {MOV RBX, [RSP+0x58]; JMP 0x1e}
 
---- User code sections - GMER 2.1 ----
 
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                    0000000072da1a22 2 bytes [DA, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                    0000000072da1ad0 2 bytes [DA, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                    0000000072da1b08 2 bytes [DA, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                    0000000072da1bba 2 bytes [DA, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                    0000000072da1bda 2 bytes [DA, 72]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000076ad1465 2 bytes [AD, 76]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000076ad14bb 2 bytes [AD, 76]
.text     ...                                                                                                                        * 2
.text     C:\Program Files (x86)\Steam\Steam.exe[3624] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                       0000000076ad1465 2 bytes [AD, 76]
.text     C:\Program Files (x86)\Steam\Steam.exe[3624] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                      0000000076ad14bb 2 bytes [AD, 76]
.text     ...                                                                                                                        * 2
.text     C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076ad1465 2 bytes [AD, 76]
.text     C:\Program Files (x86)\Steam\bin\steamwebhelper.exe[4932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         0000000076ad14bb 2 bytes [AD, 76]
.text     ...                                                                                                                        * 2
.text     C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   0000000076ad1465 2 bytes [AD, 76]
.text     C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2884] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  0000000076ad14bb 2 bytes [AD, 76]
.text     ...                                                                                                                        * 2
.text     C:\Users\Brandus\AppData\Roaming\uTorrent\uTorrent.exe[9040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000076ad1465 2 bytes [AD, 76]
.text     C:\Users\Brandus\AppData\Roaming\uTorrent\uTorrent.exe[9040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000076ad14bb 2 bytes [AD, 76]
.text     ...                                                                                                                        * 2
 
---- Threads - GMER 2.1 ----
 
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4652:5580]                                                             000007fefba92bf8
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4652:5616]                                                             000007feee904830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4652:6100]                                                             000007fef7ea5124
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4652:3788]                                                             000007feee889d90
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4652:2780]                                                             000007feee904830
 
---- Registry - GMER 2.1 ----
 
Reg       HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected]                                                         ???x?????????v??????p????????????????????????????v??? ???????u???????????u?,??????.?4????????0????4??u??????????????????RDP Encoder Mirror Driver????????u???????????????s??????????????????????? ??????????????e????u?u?u?u????? ???????u???????????u?,????????N?????????????N??u???????D??{42cf9257-1d96-4c9d-87f3-0d8e74595f78}???????????u???????e??RDPENCDD?????u?u???????u???u????? [email protected]%systemroot%\system32\drprov.dll,[email protected]%systemroot%\system32\drprov.dll,-100??????? ???????u???????????u?,????????N????????????r??? ???u??????????????\Device\RdpDr?????8??u??????????Microsoft Terminal [email protected]%systemroot%\system32\drprov.dll,-100????????B??u??????????????%SystemRoot%\System32\drprov.dll?????u?u?u?u????? ???????n?????v?????u??????????b???????????????????????t?????8???????????h??????v???v???????????????????????????????????????[email protected]%systemroot%\s
Reg       HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected]                                                    ????os??????rt????~??????n???????d???????????????????????D?????????np6???????????9??????B1???????????B??????? ?????????????????????,?????????????????f??????????? `??????c?????ip6??{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp??pi??? `??????D??????s3??192.168.1.72????????????? ???????9?????????????:????????????&????????????????????4???????????????????????????????????? ???????????????????????????????????????????????4-8185-144EF2068740}"?"{??? ???????:?????????????9??????4? ???&????????????????????-????????????????????????????????????????????????????????????????????????????????????????0EAC708FC6E}"?"{619D???????????8?????????d46???????????"?????????eE6??? ??????????????????????????????????&????????????????????7??? ???????????????????????? ????????? ??????24}??? ??????????????????????????????????????p"??????????? ??????????????????? ?????????????????????:????????????,??????????????????????? ??????????????????????????????????????&??????????????????????????????????????????????7C-4452-BAF2-58B2ED209B3??? ?????????
Reg       HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected]                                                             ???m?????????????????????????????????????????????????????l???????????l?l?l??????????????????????????? ???????j?????l?????k?,??????????V?????????????????????????????????? ???????l?????????????,????????N???????????6.1.7601.17514????????*??l???o?? (?????l?&????N??l????????D?????? L?????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????l???l???????????????????h???????/????(??l???1???1??usb.inf?f?????X??????F?????????????????????s????????ed????P??u?????????e????????? ???????l???????????k?0????????????????????ms_ndiswanip?????????????/??????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}???????j?j?j?j?k?k?l?l?l?l?l???????????1???1??6.1.7600.16385??6.???????k???a??pv???????k???a???????????k???????????????l???????1???????????????????????l???????????????????????????????k???????????????????????????????????????????l?l????? ???????j?????l?????k?,??????????X??????????????????l??????????????? ???????l???????????k?,????????`?????????????X??????????????????????????????l?????l?&??{4d36e972-e325-11ce-bfc1-08002be10318}\0006????
Reg       HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected]                                                        ???s????????????????g???? ???????n???????? ???????????$???N?????????????????????Microsoft .NET Framework NGEN v2.0.50727_X64????%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe????????<??p?????????n????Microsoft .NET Framework NGEN???? ???p??????????????????????????????????????????? ???????????????p???????????????????????????????????????????????????????????p??????????????????LocalSystem??????????????????????????????????????d???????????k???0???????e??????????????????RPCSS????i??????????????t?????????????????????????????????Z??p?????????e????????????????t?????4??p????????????????~??p????????h??????????????????????????????p??????????????? ???????n???????????p??????????Z?Q???????????????????????????????P??p?????????!????\SystemRoot\system32\DRIVERS\CmBatt.sys???????Z??p?????????e????Microsoft ACPI Control Method Battery Driver??????V??p??????????????battery.inf_amd64_neutral_cb8fa151a7b7cb80???????p?p?p?p?p?p????? ???????n??????????????????????R?R???????????????????????????????????????????????P??p?
 
---- EOF - GMER 2.1 ----

  • 0






Similar Topics


Also tagged with one or more of these keywords: frst64, frst

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP