Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RegSvr32 error [Closed]

Started by ValkyrieLV , Sep 11 2014 03:50 PM

This topic is locked

#1
ValkyrieLV

Posted 11 September 2014 - 03:50 PM

New Member

Member
6 posts

Hello there. As soon as i turn on my PC i get this RegSvr32 error which contains the following (No module which failed to load included):

The module "" failed to load

Make sure the binary is stored at the specified path or

debug it to check for problems with the binary or

dependent .DLL files.

The specified module could not be found

So i ran an OTL scan. I hope it could give you some information about what could be the issue.

OTL logfile created on: 11/09/14 11:39:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Emils\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

7.96 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 70.17% Memory free
15.91 Gb Paging File | 13.28 Gb Available in Paging File | 83.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 108.63 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
Drive D: | 1667.70 Gb Total Space | 1534.89 Gb Free Space | 92.04% Space Free | Partition Type: NTFS

Computer Name: EMILS-PC | User Name: Emils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/11 23:38:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Emils\Downloads\OTL.exe
PRC - [2014/09/10 00:34:04 | 001,523,392 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014/09/10 00:34:00 | 001,938,112 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/09/04 11:44:30 | 003,802,448 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/08/27 15:00:48 | 000,164,656 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/08/27 15:00:42 | 000,160,048 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/08/25 16:33:29 | 001,245,752 | ---- | M] (Spotify Ltd) -- C:\Users\Emils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/07/23 13:29:15 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/07/23 13:29:07 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/07/23 13:29:07 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/07/22 17:57:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/07/15 17:24:02 | 000,538,112 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/05/30 01:28:21 | 002,350,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/05/30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/05/20 01:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/05/08 10:47:44 | 002,993,376 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014/04/30 15:01:06 | 001,303,864 | ---- | M] (Megaify Software Co., Ltd.) -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
PRC - [2013/11/21 08:31:44 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/11/21 08:31:44 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/10/24 00:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Emils\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012/07/17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

========== Modules (No Company Name) ==========

MOD - [2014/09/10 00:34:14 | 002,225,344 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/09/10 00:34:02 | 000,679,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/09/05 01:29:26 | 034,589,376 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/09/05 01:29:26 | 000,837,824 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
MOD - [2014/09/03 21:28:16 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/08/27 15:00:40 | 000,139,056 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/08/27 15:00:32 | 000,052,472 | ---- | M] () -- C:\Users\Emils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/08/21 20:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014/08/21 20:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014/08/21 20:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014/08/21 20:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014/08/21 20:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014/07/24 04:42:37 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\83bc48ea0e895f71054d15421dea08a1\WindowsFormsIntegration.ni.dll
MOD - [2014/07/24 04:42:10 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\b53164cb2422eb66af48ef3ce722b5e5\System.IdentityModel.ni.dll
MOD - [2014/07/24 04:42:08 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5402af8a63eab08e68cee5bb8c57ec43\System.ServiceModel.ni.dll
MOD - [2014/07/24 04:41:59 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\a97901d797a42bd994beabba4e1a4480\System.ServiceModel.Web.ni.dll
MOD - [2014/07/24 04:41:37 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\e2bc7466bfb562cdc37c7de5fb176537\PresentationFramework-SystemXml.ni.dll
MOD - [2014/07/24 04:41:37 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\fa2c7f46e962bd6f6e089bb75286f553\PresentationFramework-SystemData.ni.dll
MOD - [2014/07/23 22:25:47 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\dc7d3cf3ed23c066cf958991e0c5a2ee\PresentationFramework.ni.dll
MOD - [2014/07/23 22:25:37 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7ce7f36d6ddd95c15fa5bdefbfcbf0c\PresentationCore.ni.dll
MOD - [2014/07/23 22:25:32 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\2d985b5e3d65c7e843a7e137968b5293\System.Data.Linq.ni.dll
MOD - [2014/07/23 22:25:31 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1c8087380e2a00c4925353ff41819ef\WindowsBase.ni.dll
MOD - [2014/07/23 22:25:29 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\3a77639e6d14a90630ff1cce877134ae\System.Runtime.Serialization.ni.dll
MOD - [2014/07/23 22:25:29 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\ab78c8f8e5568f893308833861fc11d7\PresentationFramework.Aero.ni.dll
MOD - [2014/07/23 22:25:28 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\f56c031ccb3c19bfcdd668cdd0d0babc\System.ServiceModel.Internals.ni.dll
MOD - [2014/07/23 22:25:28 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3ae392116532056a505ee49002341288\SMDiagnostics.ni.dll
MOD - [2014/07/23 22:25:27 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b80e18d5a7263101812de91dead2dee\System.Data.ni.dll
MOD - [2014/07/23 22:25:26 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\5af458179c5c48dd9f400159b23c2398\System.Windows.Forms.ni.dll
MOD - [2014/07/23 22:25:21 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\66e122de5ff2bad83e6150461fd1f3a4\System.Xml.ni.dll
MOD - [2014/07/23 22:25:21 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d04bc8678d72be74f11365ced3c3cfe6\System.Core.ni.dll
MOD - [2014/07/23 22:25:21 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\23dd0840f9d45171f3bbd3c45a0a8f9a\System.ServiceProcess.ni.dll
MOD - [2014/07/23 22:25:20 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\35ff79b0dd6c57013ea52df5a95efd72\System.Drawing.ni.dll
MOD - [2014/07/23 22:25:19 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7b986cec878db3a6ab533de03fc552be\System.Xaml.ni.dll
MOD - [2014/07/23 22:25:17 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aaadf3ca1bcec0c03ce992dec33a45fa\System.Configuration.ni.dll
MOD - [2014/07/23 22:25:16 | 010,061,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\42f19eab7abb6a12442e3a9572ad370d\System.ni.dll
MOD - [2014/07/23 22:25:12 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf0c209df74c672dfdbd31f9c3e15195\mscorlib.ni.dll
MOD - [2014/07/23 22:25:12 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b15f62752445af5accebcdfd3b61fe4e\System.Numerics.ni.dll
MOD - [2014/07/22 17:57:38 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/07/15 15:47:22 | 000,401,920 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2014/02/17 19:13:46 | 000,092,984 | ---- | M] () -- C:\Program Files (x86)\DriverToolkit\zlibwapi.dll
MOD - [2009/07/14 06:56:14 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll
MOD - [2009/07/14 06:56:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll
MOD - [2009/07/14 06:55:47 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll
MOD - [2009/07/14 06:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 06:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 06:55:23 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll
MOD - [2009/07/14 06:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009/07/14 06:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 06:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 06:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 06:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/30 01:20:09 | 021,055,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/21 08:31:44 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/09 22:21:26 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 11:44:28 | 002,525,008 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/08/27 15:00:42 | 000,160,048 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/08/14 05:58:30 | 000,448,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2014/08/14 00:30:50 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/08 15:02:36 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/07/23 13:29:15 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/07/23 13:29:07 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/22 17:57:38 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/02 11:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/05/30 01:23:57 | 001,631,008 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/05/20 01:10:40 | 000,413,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/05/08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/13 09:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/17 17:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 17:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 17:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/23 13:29:07 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/07/23 13:29:07 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/07/23 13:29:07 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2014/06/11 10:57:41 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/05/30 01:20:09 | 000,020,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014/03/31 18:42:44 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/02/18 19:48:28 | 000,901,848 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/11/21 08:31:28 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/11/21 08:31:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/04/24 09:52:54 | 000,109,336 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2012/07/04 19:59:24 | 000,413,544 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2012/07/04 19:59:22 | 000,136,552 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 EE EA 2B 51 CC CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Emils\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Emils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/06/24 17:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emils\AppData\Roaming\Mozilla\Extensions
[2014/09/04 19:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\extensions
[2014/09/04 19:34:36 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\extensions\[email protected]
[2014/07/27 23:12:19 | 000,132,528 | ---- | M] () (No name found) -- C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\extensions\[email protected]
[2014/07/23 17:59:53 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/22 17:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/22 17:57:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AdobeCEPServiceManager] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [EvhuXmab] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [f.lux] C:\Users\Emils\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Emils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C202852-7C9D-433F-8E27-1BC5C68302F6}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1b1817ee-15cd-11e4-a7af-10604b5cecff}\Shell - "" = AutoRun
O33 - MountPoints2\{1b1817ee-15cd-11e4-a7af-10604b5cecff}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{746209d1-fbfb-11e3-ac97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{746209d1-fbfb-11e3-ac97-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/11 21:07:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/11 21:01:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/09/10 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Local\LogMeIn Hamachi
[2014/09/10 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Local\LogMeIn
[2014/09/10 17:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/09/10 17:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/09/10 17:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/09/06 11:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\EvhuXmab
[2014/09/05 19:43:04 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Roaming\.minecraft
[2014/09/05 19:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/09/05 19:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/09/05 19:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/09/05 19:39:48 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/09/05 19:39:41 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/09/05 19:39:41 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/09/05 19:39:41 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/09/05 19:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/05 19:39:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/09/03 02:59:57 | 000,000,000 | ---D | C] -- C:\Users\Emils\Documents\My Cheat Tables
[2014/09/03 02:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
[2014/09/03 02:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.4
[2014/08/31 03:15:27 | 001,143,296 | ---- | C] (FluorineFx.com) -- C:\Users\Emils\Desktop\FluorineFx.dll
[2014/08/31 03:15:27 | 000,421,888 | ---- | C] (Microsoft) -- C:\Users\Emils\Desktop\NotMissing.dll
[2014/08/31 03:15:27 | 000,270,336 | ---- | C] (The Apache Software Foundation) -- C:\Users\Emils\Desktop\log4net.dll
[2014/08/31 03:15:27 | 000,187,904 | ---- | C] (ServiceStack) -- C:\Users\Emils\Desktop\ServiceStack.Text.dll
[2014/08/31 03:15:27 | 000,106,496 | ---- | C] (www.antlr.org) -- C:\Users\Emils\Desktop\antlr.runtime.dll
[2014/08/30 17:27:12 | 000,000,000 | ---D | C] -- C:\Users\Emils\Desktop\New folder
[2014/08/29 00:07:05 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Local\NFS Underground 2
[2014/08/23 11:03:06 | 000,000,000 | ---D | C] -- C:\RecoveredPSD
[2014/08/22 23:51:54 | 000,000,000 | ---D | C] -- C:\Users\Emils\Desktop\TXD Workshop
[2014/08/22 15:53:52 | 000,000,000 | ---D | C] -- C:\Users\Emils\Documents\ArmA 2 Other Profiles
[2014/08/22 15:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2014/08/22 15:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/08/22 15:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2014/08/22 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2014/08/22 15:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/22 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/08/22 15:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/22 15:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/22 15:03:59 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Roaming\DesktopIconGoodgame
[2014/08/22 15:03:59 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Roaming\DesktopIconForAmazon
[2014/08/21 06:21:57 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Roaming\Avira
[2014/08/21 06:21:15 | 000,042,040 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014/08/21 06:16:14 | 000,130,584 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014/08/21 06:16:14 | 000,117,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014/08/21 06:16:14 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014/08/21 05:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014/08/21 05:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014/08/21 05:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014/08/21 02:42:31 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/08/21 02:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/08/21 02:42:30 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Roaming\Notepad++
[2014/08/21 02:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/08/20 16:44:37 | 000,000,000 | ---D | C] -- C:\Users\Emils\Documents\HTML learning
[2014/08/20 15:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/14 19:14:54 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Local\ArmA 2
[2014/08/14 19:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2014/08/14 19:10:49 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Local\DayZCommander
[2014/08/14 19:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
[2014/08/14 19:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2014/08/14 13:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio
[2014/08/14 13:59:37 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Local\ArmA 2 OA
[2014/08/14 13:59:37 | 000,000,000 | ---D | C] -- C:\Users\Emils\Documents\ArmA 2
[2014/08/14 13:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye
[2014/08/14 13:59:22 | 000,000,000 | ---D | C] -- C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive

========== Files - Modified Within 30 Days ==========

[2014/09/11 23:40:16 | 000,784,286 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/11 23:40:16 | 000,663,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/11 23:40:16 | 000,122,788 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/11 23:39:22 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 23:39:22 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 23:34:19 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\DriverToolkit Autorun.job
[2014/09/11 23:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/11 23:34:08 | 2112,327,679 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/11 23:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/11 21:07:37 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/09/11 21:01:27 | 666,015,272 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/11 14:24:18 | 000,000,132 | ---- | M] () -- C:\Users\Emils\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/09/09 22:21:26 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 22:21:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/09 17:19:32 | 000,574,732 | ---- | M] () -- C:\Users\Emils\Desktop\2.jpg
[2014/09/09 17:18:21 | 000,037,158 | ---- | M] () -- C:\Users\Emils\Desktop\1.jpg
[2014/09/08 14:42:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEmils.job
[2014/09/08 12:02:27 | 000,000,221 | ---- | M] () -- C:\Users\Emils\Desktop\Borderlands 2.url
[2014/09/05 19:39:35 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/09/05 19:39:35 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/09/05 19:39:35 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/09/05 19:39:35 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/09/04 19:36:29 | 000,043,009 | ---- | M] () -- C:\Users\Emils\Desktop\download.jpg
[2014/09/03 02:59:53 | 000,001,089 | ---- | M] () -- C:\Users\Emils\Desktop\Cheat Engine.lnk
[2014/09/01 21:18:13 | 000,106,107 | ---- | M] () -- C:\Users\Emils\Desktop\cartoon-plane.png
[2014/08/31 03:19:57 | 000,000,062 | ---- | M] () -- C:\Users\Emils\Desktop\settings.json
[2014/08/30 22:55:18 | 000,309,141 | ---- | M] () -- C:\Users\Emils\Desktop\awp1uJ9.png
[2014/08/29 01:26:51 | 000,000,042 | ---- | M] () -- C:\Users\Emils\lelwat
[2014/08/29 00:06:43 | 000,000,638 | ---- | M] () -- C:\Users\Emils\Desktop\Need for Speed Underground 2.lnk
[2014/08/28 23:37:26 | 004,998,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/27 16:12:26 | 000,360,459 | ---- | M] () -- C:\Users\Emils\Desktop\903695_608823902480187_1124198137_o.jpg
[2014/08/27 02:16:03 | 000,166,652 | ---- | M] () -- C:\Users\Emils\Desktop\IMG_27082014_011540.png
[2014/08/26 18:51:58 | 000,036,476 | ---- | M] () -- C:\Users\Emils\Desktop\free-vector-hummer-clip-art_118215_Hummer_clip_art_hight.png
[2014/08/26 18:44:41 | 000,214,499 | ---- | M] () -- C:\Users\Emils\Desktop\sniper_render.png
[2014/08/26 18:22:53 | 000,032,446 | ---- | M] () -- C:\Users\Emils\Desktop\1313528957800209655Binoculars.svg.hi.png
[2014/08/25 16:59:01 | 000,001,456 | ---- | M] () -- C:\Users\Emils\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/08/24 15:42:38 | 000,049,925 | ---- | M] () -- C:\Users\Emils\Desktop\aoZZ6K0_700b_v1.jpg
[2014/08/24 15:28:51 | 000,041,496 | ---- | M] () -- C:\Users\Emils\Desktop\aBQ3grA_460s_v1.jpg
[2014/08/23 13:11:30 | 000,552,331 | ---- | M] () -- C:\Users\Emils\Desktop\2render.png
[2014/08/23 13:08:44 | 000,571,838 | ---- | M] () -- C:\Users\Emils\Desktop\1render.png
[2014/08/22 15:06:11 | 000,001,466 | ---- | M] () -- C:\Users\Emils\Application Data\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[2014/08/22 15:03:59 | 000,001,486 | ---- | M] () -- C:\Users\Emils\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2014/08/21 06:17:20 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys

========== Files Created - No Company Name ==========

[2014/09/11 21:07:37 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/09/11 21:01:27 | 666,015,272 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/09/09 17:17:47 | 000,574,732 | ---- | C] () -- C:\Users\Emils\Desktop\2.jpg
[2014/09/09 17:17:41 | 000,037,158 | ---- | C] () -- C:\Users\Emils\Desktop\1.jpg
[2014/09/08 12:02:27 | 000,000,221 | ---- | C] () -- C:\Users\Emils\Desktop\Borderlands 2.url
[2014/09/04 19:35:44 | 000,043,009 | ---- | C] () -- C:\Users\Emils\Desktop\download.jpg
[2014/09/03 02:59:53 | 000,001,089 | ---- | C] () -- C:\Users\Emils\Desktop\Cheat Engine.lnk
[2014/09/01 21:18:13 | 000,106,107 | ---- | C] () -- C:\Users\Emils\Desktop\cartoon-plane.png
[2014/08/31 03:19:52 | 000,000,062 | ---- | C] () -- C:\Users\Emils\Desktop\settings.json
[2014/08/31 03:15:27 | 000,440,320 | ---- | C] () -- C:\Users\Emils\Desktop\ElophantClient.exe
[2014/08/30 22:55:18 | 000,309,141 | ---- | C] () -- C:\Users\Emils\Desktop\awp1uJ9.png
[2014/08/29 01:26:48 | 000,000,042 | ---- | C] () -- C:\Users\Emils\lelwat
[2014/08/29 00:06:43 | 000,000,638 | ---- | C] () -- C:\Users\Emils\Desktop\Need for Speed Underground 2.lnk
[2014/08/27 16:12:26 | 000,360,459 | ---- | C] () -- C:\Users\Emils\Desktop\903695_608823902480187_1124198137_o.jpg
[2014/08/27 02:15:49 | 000,166,652 | ---- | C] () -- C:\Users\Emils\Desktop\IMG_27082014_011540.png
[2014/08/26 18:51:58 | 000,036,476 | ---- | C] () -- C:\Users\Emils\Desktop\free-vector-hummer-clip-art_118215_Hummer_clip_art_hight.png
[2014/08/26 18:44:41 | 000,214,499 | ---- | C] () -- C:\Users\Emils\Desktop\sniper_render.png
[2014/08/26 18:22:53 | 000,032,446 | ---- | C] () -- C:\Users\Emils\Desktop\1313528957800209655Binoculars.svg.hi.png
[2014/08/24 15:42:38 | 000,049,925 | ---- | C] () -- C:\Users\Emils\Desktop\aoZZ6K0_700b_v1.jpg
[2014/08/24 15:28:51 | 000,041,496 | ---- | C] () -- C:\Users\Emils\Desktop\aBQ3grA_460s_v1.jpg
[2014/08/23 13:11:27 | 000,552,331 | ---- | C] () -- C:\Users\Emils\Desktop\2render.png
[2014/08/23 13:08:42 | 000,571,838 | ---- | C] () -- C:\Users\Emils\Desktop\1render.png
[2014/08/22 15:03:59 | 000,001,486 | ---- | C] () -- C:\Users\Emils\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2014/08/22 15:03:59 | 000,001,466 | ---- | C] () -- C:\Users\Emils\Application Data\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[2014/08/12 22:49:13 | 000,001,456 | ---- | C] () -- C:\Users\Emils\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/08/08 00:34:15 | 000,000,132 | ---- | C] () -- C:\Users\Emils\AppData\Roaming\Adobe PNG Format CC Prefs
[2014/06/24 17:53:35 | 000,776,320 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 160 bytes -> C:\ProgramData\MTA San Andreas All:NT2
@Alternate Data Stream - 160 bytes -> C:\ProgramData:NT2

< End of report >

And the extras file i got

OTL Extras logfile created on: 11/09/14 11:39:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emils\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

7.96 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 70.17% Memory free
15.91 Gb Paging File | 13.28 Gb Available in Paging File | 83.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.21 Gb Total Space | 108.63 Gb Free Space | 55.65% Space Free | Partition Type: NTFS
Drive D: | 1667.70 Gb Total Space | 1534.89 Gb Free Space | 92.04% Space Free | Partition Type: NTFS

Computer Name: EMILS-PC | User Name: Emils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A6AABD-D397-4113-AA46-E8F1303215FD}" = lport=41780 | protocol=17 | dir=in | name=landmarkawesomiumbrowsercontroller |
"{05620D4F-191B-4D41-9A65-504A33F50FC2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08201FC6-17CE-4C7C-9A20-1DF56FC44C48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{198CB6A8-95A0-4CD2-AF33-15742BA715A4}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{1F7A9F63-BFCE-4DE8-AEC0-76801BB7D777}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{280DD21F-F148-472B-BF90-EDBDF921705D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D2153AA-96C3-45C0-AB13-65F39C31360C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30621057-B031-40E4-85E4-D37889056855}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{335FEDCE-EAB0-4F3B-ADC2-120776F631B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36E2D45B-AA73-49AE-B741-C2CBCAADC987}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{3CEDC30C-4466-48E9-A20A-8FF56E16AAD7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4973DD3F-C0D4-446F-A094-C363D02555F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F347A9C-3E3B-47D0-AE4E-B7B27777264A}" = rport=139 | protocol=6 | dir=out | app=system |
"{517B9D1B-D6C2-4185-A370-E0A348E21779}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{55FC302F-E28E-4486-AD74-3AA2850B5EDE}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{5B3C4458-FDCE-453D-B183-617DB80C1996}" = lport=58367 | protocol=17 | dir=in | name=pando media booster |
"{5C0D8202-5F60-40F9-BD3E-E264817746E7}" = lport=58367 | protocol=6 | dir=in | name=pando media booster |
"{5FDFD392-EDCA-4C84-A960-1234F4BBCE92}" = rport=445 | protocol=6 | dir=out | app=system |
"{6538F4C4-EC0F-4461-A196-3D66C29088C1}" = lport=137 | protocol=17 | dir=in | app=system |
"{819F2330-4E1B-452C-B240-E7130EE99E14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98503F8A-0E79-4F5B-9207-74B569F57A30}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{ACAA6031-4D54-4EF0-8E2A-4BB83DB377C1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{ADBD75F9-7500-4290-B9F9-EFAE75732233}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0C99C3B-B0FC-464B-AAE9-C9F9A5EDB1E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{B1C4D763-BD3D-4482-83A3-17AD729F6830}" = lport=445 | protocol=6 | dir=in | app=system |
"{BA079781-D17E-4CFD-A010-96C346728C8C}" = lport=58367 | protocol=6 | dir=in | name=pando media booster |
"{C6D64371-DE51-489A-83A9-C28281CA5B8B}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE8F329A-094A-4BFE-BCE8-D21E215C5F56}" = rport=137 | protocol=17 | dir=out | app=system |
"{DEF0C7A7-52D9-4B87-BE4F-1E5E5051D977}" = lport=138 | protocol=17 | dir=in | app=system |
"{E83B96DD-342F-4685-AF05-17DBBCF2BD71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E8A008A3-50BD-435F-B5C8-920E8875D781}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FCEF9C08-77D8-4DA1-BC12-9A537FA21473}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FE7336A8-EF59-4A7A-9D56-5D9D9F3D14C7}" = lport=58367 | protocol=17 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0124F470-7BEB-41EF-826F-C2B139E2DE85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0A682FC1-C4AA-4AC2-BB79-5129212C3268}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B7B0E27-4A42-4CA6-9B53-888EA4F7B31D}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{0E65681B-3443-4AEB-814C-82893D47D367}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\rbs\really big sky.exe |
"{11AF0F19-2D6B-4547-B207-42CC9049ACE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{156DCF0B-4A2F-4D3A-A8F5-5C3375954C59}" = protocol=17 | dir=in | app=c:\users\emils\appdata\roaming\utorrent\utorrent.exe |
"{16C387E3-4B4B-49EB-B40C-76218330B07A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe |
"{20D29269-287A-4BBC-9A99-3F2B8235A94F}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\gun monkeys\gun_monkeys.exe |
"{22467A17-5ECC-447C-A417-C416440F3937}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{2297A989-0E3D-4594-B782-95E98B828553}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{255007DF-36EA-42EE-9CF1-A7E0003AB3DE}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{28278E27-4A3A-4D4D-BFF2-F7E99D949FF5}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\half-life\hl.exe |
"{2A95A9D1-4A12-4FB4-8CBD-DC6C80C72FDC}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\ava\nwzlauncher.exe |
"{2E4F1715-1401-4064-A293-7447B184E95D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31ECC749-352F-4BC3-B8AA-1AEA34C25B21}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\race 07\config.exe |
"{3412574B-76E5-4A94-92E3-1C60754D22D9}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\rift\riftpatchlive.exe |
"{35406EA0-70FB-4F12-B58C-3CEA197B11D2}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{35C8C115-AD2A-456D-93B8-C2CC35F9A233}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\rift\riftpatchlive.exe |
"{3E07BB91-CBB1-48C3-90A8-9233BBD82B71}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3E5F9EEC-9E7D-4044-A5D3-ECA636028835}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{3F686DB5-5752-428C-80B0-A8D85EEA77C7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FE04DF1-12B2-4F79-9088-CE84DC2496D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40578851-63F8-4E82-9FA0-216FB02BBA1E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{4101F442-F403-43B2-B0CD-83DFF705EA23}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\rbs\really big sky.exe |
"{4117BB3A-13E0-4031-ACEB-3FB4C030A3E6}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe |
"{41DBDD87-B4EC-4141-868C-5C1E41535A1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{4259933B-C22E-4C2C-A242-B463E45B1859}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{474EBEAC-B763-43DD-A704-DA15D9EFC19B}" = protocol=6 | dir=in | app=d:\battle.net\battle.net.exe |
"{478318FE-14AB-4515-A11B-7403C63C9FB1}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{4FF501D7-9877-4C9E-885A-A27E0B283D5F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51435360-6606-4826-82F2-0179559456F7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{53E5C984-E24F-4EA7-A56F-025F7AED92D4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{550FEC67-68C1-4016-8AA6-8228F244A94C}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\watch_dogs\bin\watch_dogs.exe |
"{55950F5F-E7AB-4D50-97AE-916151E70512}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{5741014E-150A-42E6-89F6-8FD5E80251A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A2EC075-4D2D-4061-925F-EB910A57BEB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{60525647-F144-4971-B3ED-5AEBFF2EBAD9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe |
"{61A78D4C-8EEC-421E-91CB-78F6DDD599D5}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\half-life\hl.exe |
"{65F7342F-4CDE-4BEB-8675-E968F531E8C7}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\counter-strike global offensive\csgo.exe |
"{66D244D1-F221-4987-934F-C4D45747AC22}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68B8E2C8-DCEE-4FF5-81FD-8289F2E00B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7211AA56-C350-4D54-AA84-4A5FDBA6AA1F}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\race 07\steamproxy.exe |
"{72BA48E3-A807-4474-BFC5-06AAECFFC5FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{7C3DB246-C61D-4B0C-B140-FA16B68F4533}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\race 07\steamproxy.exe |
"{7CB5D6A4-324A-48AA-A5F6-ACC93CD926CB}" = protocol=17 | dir=in | app=d:\hearthstone\hearthstone.exe |
"{7D5B675C-C7BA-4F93-BD09-766A00B4CF68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{830708F2-38DC-44F8-B321-833977947C10}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{832DD8C6-4426-44E2-AA17-2B19BFAF8D59}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{834D38DC-BC07-4ED6-918A-3F580BE773FC}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\raceroom racing experience\game\rrre.exe |
"{836F74FD-EFC6-47F3-A418-D1F2D1E94172}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{845E5B92-2096-494C-9971-A1EA57C7A04A}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\dino d-day\dinodday.exe |
"{875BF2FF-3B48-497F-B60F-B4EB39F700EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{87A18370-6219-4850-8039-5FC36E7CFC8E}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\spacechem\spacechem.exe |
"{8D47637A-D451-4A00-ACBF-2060F574E3FD}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\raceroom racing experience\game\rrre.exe |
"{91F6CAC4-2055-4CF8-A195-514EDFCC5461}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\spacechem\spacechem.exe |
"{92C7A702-4441-478C-9297-C93EA34D40F9}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\dino d-day\dinodday.exe |
"{9928D327-F3CD-4275-B6E7-6861603AD1B8}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{A011C558-D73D-478D-9A13-3F143FC07185}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\watch_dogs\bin\watch_dogs.exe |
"{A09E16CA-5A54-41BA-A3D4-38F480BC628B}" = protocol=58 | dir=out | [email protected],-503 |
"{A1E87E9E-1D12-4FAD-9629-B45F50CA2F47}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\gun monkeys\gun_monkeys.exe |
"{A801CDD2-B268-4682-8F62-977381CEC358}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{ABF199B3-0BCE-4537-B14A-762F7CEDDB3E}" = protocol=1 | dir=out | [email protected],-28544 |
"{AE2632DF-EBD4-43B8-AAEC-18062B578051}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{B17EA07C-58CB-4CB8-9496-3C8EC3B3515A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{B410218B-7C38-4298-A40F-D5300CF67F9B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BBEC2EA8-A18C-462F-8536-1ECBB6EF421F}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\ava\nwzlauncher.exe |
"{BEA6D2D2-0B0B-4EA8-9C71-E21942DDC3A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C3265128-6685-437A-9075-7CDE449EE051}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{C6AE88E3-0627-4BA3-B230-E5EBB49B1B61}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{C7834491-0078-4C71-93DF-B6FCA2D6619C}" = protocol=58 | dir=in | app=system |
"{C83C636A-0036-4963-9841-432A376DC9B4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{CBB987BD-F60B-497D-B59D-DDDBC41F38B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCBCB95F-1CB9-432B-80C2-4EE584749749}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\race 07\config.exe |
"{D07B53A3-D97D-4EA9-B5EE-4FF99BFA64E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{D099D1CC-86BF-4113-9D4F-F5AF7DAE4DBB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D23DFAE4-2C95-4E28-B065-2F355AF9A6AF}" = protocol=58 | dir=in | [email protected],-28545 |
"{D409589D-C583-4E32-BFFB-0C7247F1BBDD}" = protocol=6 | dir=in | app=c:\users\emils\appdata\roaming\utorrent\utorrent.exe |
"{D4E3DE26-76D8-49F1-8A71-9A7E3EF0C657}" = protocol=6 | dir=in | app=d:\hearthstone\hearthstone.exe |
"{DA5C07A9-DCF7-4E92-8926-E25B2474AE4E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{DE32A3D9-2733-4757-A13A-A9C905C47E42}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E01AB1FC-A613-479B-9FA9-538E6CA3BAA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E313F644-D23F-4350-8BD8-6BD76E9856D0}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{E33E6D9A-4AD8-4B8A-A00E-ABA27B84EE39}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{E804C068-C10B-42B1-AF95-1D9FA9710B66}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{EC47470A-C6DC-41BD-845E-76C01A469660}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{ED6B5898-AD3A-4EB1-B96E-815C7D02CDEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F35EC463-3DF3-4C8F-A566-96D32DA5E9D1}" = protocol=1 | dir=in | [email protected],-28543 |
"{F3FF3EF6-3512-49A2-9213-976DF58A5F3F}" = protocol=17 | dir=in | app=d:\battle.net\battle.net.exe |
"{FB24C692-1868-4FE3-A55D-E5ED7DFAC894}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{FDC80764-1B31-43A1-AD2D-CCC111A66C24}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{FEC8FA7D-8F92-462A-8026-97045E42E69A}" = protocol=58 | dir=out | [email protected],-28546 |
"{FF1724AD-DA1F-4B68-9284-A32690AF0F83}" = protocol=6 | dir=out | app=system |
"TCP Query User{30E78D72-7EE8-4BAC-A61B-CDA6221604C8}C:\users\emils\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\emils\appdata\roaming\spotify\spotify.exe |
"TCP Query User{346E3D35-C8C1-458A-BBD0-DDCE62248302}D:\gta san andreas\gta_sa.exe" = protocol=6 | dir=in | app=d:\gta san andreas\gta_sa.exe |
"TCP Query User{3480EEC8-7798-4DB4-8300-809EC2B475B2}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{399FC53E-F7E8-42E7-81A3-AEFDDEE20710}C:\program files (x86)\robot entertainment\omdu\binaries\win64\spitfiregame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\robot entertainment\omdu\binaries\win64\spitfiregame.exe |
"TCP Query User{3E7BB60A-A0F7-434F-9451-9B5B9068A531}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{623B1BA7-427E-4228-8ED8-1E1908DC8B01}C:\program files (x86)\robot entertainment\omdu\omdu.exe" = protocol=6 | dir=in | app=c:\program files (x86)\robot entertainment\omdu\omdu.exe |
"TCP Query User{6A90C654-0160-4A9B-BE75-355C11B54959}C:\program files (x86)\robot entertainment\omdu\dashboard\bin\spitfiredashboard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\robot entertainment\omdu\dashboard\bin\spitfiredashboard.exe |
"TCP Query User{9EFA5E42-4F2A-4934-BC15-3167A7DD3101}C:\programdata\battle.net\agent\agent.3235\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"TCP Query User{DDC2BE23-6625-4B72-8564-5D016F0B740A}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe |
"UDP Query User{14F51E61-5050-4582-9380-475924275F22}C:\program files (x86)\robot entertainment\omdu\omdu.exe" = protocol=17 | dir=in | app=c:\program files (x86)\robot entertainment\omdu\omdu.exe |
"UDP Query User{18695430-D84E-4029-98E1-552C0115D1E8}C:\program files (x86)\robot entertainment\omdu\binaries\win64\spitfiregame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\robot entertainment\omdu\binaries\win64\spitfiregame.exe |
"UDP Query User{1C1D142F-1BAF-42EA-9A01-3414239F0BEB}C:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\landmark beta\landmark64.exe |
"UDP Query User{1C80C04D-CE31-47B6-A7C4-FD65E4DB6111}C:\program files (x86)\robot entertainment\omdu\dashboard\bin\spitfiredashboard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\robot entertainment\omdu\dashboard\bin\spitfiredashboard.exe |
"UDP Query User{4264012C-D153-41B5-98EE-012EC52635AB}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{75D442A3-0AF9-417F-8D1F-56B7264DF08A}D:\gta san andreas\gta_sa.exe" = protocol=17 | dir=in | app=d:\gta san andreas\gta_sa.exe |
"UDP Query User{A49F0C1F-27DF-4057-962E-3EEA3AF223FC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{D1020A74-4BB5-46A1-8449-32F5CAEB5029}C:\programdata\battle.net\agent\agent.3235\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"UDP Query User{E29DF7E6-51A4-4E48-B4FB-945A300D548F}C:\users\emils\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\emils\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27DEA29A-222C-45F8-B70D-0A7B303FC71B}" = Intel® Rapid Storage Technology
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 RC
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 337.88
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{E70808B9-78FE-3081-9658-A3C9DBC9A798}" = Microsoft .NET Framework 4.5.1 RC
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DesktopIconAmazon" = Desktop Icon für Amazon
"Recuva" = Recuva
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1CA8266F-73D8-413A-94DF-EEAC92770AD7}" = Avira
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1" = Adobe Update Management Tool
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.1
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B1DA58-A2B9-4EA0-B83D-F03CBEEAE22D}" = LogMeIn Hamachi
"{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}" = Avira
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}" = DayZ Commander
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{AA8B3F71-1481-404D-9DEE-C8862A85C63A}" = TI USB3 Host Driver
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{C90340A9-F592-4164-9480-FCE488C4BFF6}" = Alcor Micro USB Card Reader
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1" = DriverToolkit version 8.3.0.0
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle.net" = Battle.net
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cheat Engine 6.4_is1" = Cheat Engine 6.4
"Hearthstone" = Hearthstone
"InstallShield_{AA8B3F71-1481-404D-9DEE-C8862A85C63A}" = TI USB 3.0 Host Controller Driver
"League of Legends 3.0.1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"mIRC" = mIRC
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.4" = MTA:SA v1.4.0
"Need for Speed Underground 2" = Need for Speed Underground 2
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMDU" = Orcs Must Die! Unchained
"RaidCall" = RaidCall
"Steam" = Steam
"Steam App 10" = Counter-Strike
"Steam App 102700" = A.V.A - Alliance of Valiant Arms
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 201570" = Really Big Sky
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 239450" = Gun Monkeys
"Steam App 243470" = Watch_Dogs
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 39120" = RIFT™
"Steam App 49520" = Borderlands 2
"Steam App 63380" = Sniper Elite V2
"Steam App 65800" = Dungeon Defenders
"Steam App 70000" = Dino D-Day
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8600" = RACE 07
"Steam App 8660" = GTR Evolution
"Steam App 92800" = SpaceChem
"TeamViewer 9" = TeamViewer 9
"Uplay" = Uplay

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
"SOE-Landmark Beta" = Landmark Beta
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/09/14 4:07:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 4:07:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 4:37:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 4:37:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 4:37:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 4:37:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 5:07:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 5:07:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 5:07:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error - 11/09/14 5:07:39 PM | Computer Name = Emils-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (1020) SUS20ClientDataStore: Unable to read the header
of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

[ Hewlett-Packard Events ]
Error - 10/09/14 5:15:30 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:25:31 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:25:31 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:35:32 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:35:32 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:45:33 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:45:33 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:55:34 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 5:55:34 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

Error - 10/09/14 6:05:35 AM | Computer Name = Emils-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233033HPSF.exe   at System.DateTimeParse.Parse(String
s, DateTimeFormatInfo dtfi, DateTimeStyles styles)     at System.DateTime.Parse(String
s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: String was not recognized as a valid DateTime. StackTrace:
   at System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles
styles)     at System.DateTime.Parse(String s, IFormatProvider provider)     at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: mscorlib    Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 8147
Ram
Utilization: 60 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo,
System.Globalization.DateTimeStyles)

[ HP Software Framework Events ]
Error - 15/07/14 6:01:36 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:36.253|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:37 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:37.766|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:39 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:39.280|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:40 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:40.794|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:42 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:42.311|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:43 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:43.825|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:45 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:45.340|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:48 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:48.365|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

Error - 15/07/14 6:01:49 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:49.879|0000150C|Error      |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
executing wmiBIOS.ExecMethodClient, eRetCode: 597

Error - 15/07/14 6:01:51 AM | Computer Name = Emils-PC | Source = CaslSmBios | ID = 5
Description = 2014/07/15 12:01:51.393|0000150C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
eRet: 597

[ System Events ]
Error - 29/08/14 12:43:53 PM | Computer Name = Emils-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 29/08/14 12:43:53 PM | Computer Name = Emils-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 08/09/14 2:17:21 PM | Computer Name = Emils-PC | Source = bowser | ID = 8003
Description =

Error - 09/09/14 4:45:25 AM | Computer Name = Emils-PC | Source = BROWSER | ID = 8032
Description =

Error - 10/09/14 11:36:37 AM | Computer Name = Emils-PC | Source = Service Control Manager | ID = 7030
Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 10/09/14 11:36:43 AM | Computer Name = Emils-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn
Hamachi Tunneling Engine service to connect.

Error - 10/09/14 11:36:43 AM | Computer Name = Emils-PC | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
the following error:   %%1053

Error - 11/09/14 6:16:26 AM | Computer Name = Emils-PC | Source = BROWSER | ID = 8032
Description =

Error - 11/09/14 3:01:31 PM | Computer Name = Emils-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:00:40 PM on ?9/?11/?2014 was unexpected.

Error - 11/09/14 3:01:32 PM | Computer Name = EMILS-PC | Source = BugCheck | ID = 1001
Description =

< End of report >

I also had a blue screen of death earlier today, and some other bugs around my PC, so i figured, this error may be the cause.

#2
BrianDrab

Posted 11 September 2014 - 06:13 PM

Trusted Helper

Malware Removal
3,591 posts

Hi. My name is Brian, and I would be happy to check if the cause is malware.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

- General Instructions -

Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
Any fixes provided by myself are for this log file only and should not be used on any other systems.
Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

- Finally Before We Start-

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

I'm reviewing your logs now and will have suggestions tomorrow.

#3
ValkyrieLV

Posted 12 September 2014 - 04:29 AM

New Member

Topic Starter
Member
6 posts

Thank you for your (quick) response. Going to prepare my PC for the repairs during this time.

#4
BrianDrab

Posted 12 September 2014 - 07:19 AM

Trusted Helper

Malware Removal
3,591 posts

I've reviewed the logs and the good news is that it doesn't look like you are infected with any active malware...just some remnants but we will confirm. We can get you cleaned up. Please follow the steps below.

Please temporarily disable your Avira antivirus while performing the following steps. Please remember to re-enable it when done.

Step#1 - Warnings

1. Pando Media Booster Advice:
I see you have Pando Media Booster installed, maybe intentionally and or came with one of your installed games for example. Technically this type of software is based upon peer to
peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.
My friendly advice is if you do not really use it, merely uninstall. However this is your choice and I respect whomever I assist with what they wish to have installed on their respective machines.

2. CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

3. uTorrent
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
Please uninstall the following Peer-to-Peer program(s): uTorrent
To uninstall on Windows 7, you can:

Click your Start Orb in the lower left corner of your computer and select Control Panel.
Select Uninstall a program from the Programs Category.
Locate the program(s) in the list and click Uninstall.

Step#2 - OTL Fix
1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.

:Commands
[CreateRestorePoint]

:OTL
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found
[2014/09/06 11:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\EvhuXmab

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EvhuXmab"=-

:commands
[EmptyTemp]

3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step#3 - BSOD Log
1. Please download the 64-bit version of Bluescreenview from here and save it to your desktop.
2. Right-click on the downloaded file (bluescreenview-x64.zip) and select Extract All. Click the Extract button and a folder will open with the contents that were extracted.
3. Right-click on BlueScreenView.exe and select Run as administrator. If prompted to Allow, please answer yes.
4. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
5. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt.
6. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.

Step#4 - Adware Scan

1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-Click on AdwCleaner.exe and select Run as administrator to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.

Step#5 - FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

Step#6 - FRST Query

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. fixlist.txt   29bytes   137 downloads
    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).

2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.



Items for your next post
1. OTL Fix Log
2. BSOD Log
3. AdwCleaner log
4. FRST & Addition logs
5. FRST Fix Log

#5
ValkyrieLV

Posted 12 September 2014 - 11:09 AM

New Member

Topic Starter
Member
6 posts

The OTL Fix repaired my RegSvr32 error.

------------------------------------

1. OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:bj.dll deleted successfully.
C:\ProgramData\EvhuXmab folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EvhuXmab deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Emils
->Temp folder emptied: 1368708809 bytes
->Temporary Internet Files folder emptied: 5368422 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 397402021 bytes
->Flash cache emptied: 32594 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2511637 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 47148238 bytes

Total Files Cleaned = 1,737.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09122014_184951

Files\Folders moved on Reboot...
File move failed. C:\Users\Emils\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a860_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Emils\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395c8fd8a860_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Emils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Users\Emils\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

------------------------------------

2. BSOD Log

==================================================
Dump File         : 091114-10561-01.dmp
Crash Time        : 11/09/14 9:00:47 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff960`001b4283
Parameter 3       : fffff880`0969e020
Parameter 4       : 00000000`00000000
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+1f5742
File Description : NVIDIA Windows Kernel Mode Driver, Version 337.88
Product Name      : NVIDIA Windows Kernel Mode Driver, Version 337.88
Company           : NVIDIA Corporation
File Version      : 9.18.13.3788
Processor         : x64
Crash Address     : ntoskrnl.exe+71f00
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\091114-10561-01.dmp
Processors Count : 4
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 292,120
Dump File Time    : 11/09/14 9:01:32 PM
==================================================

------------------------------------
3. AdwCleaner log

# AdwCleaner v3.310 - Report created 12/09/2014 at 18:59:43
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Emils - EMILS-PC
# Running from : C:\Users\Emils\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Emils\AppData\Roaming\DesktopIconForAmazon

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\OCS
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1025 octets] - [12/09/2014 18:58:51]
AdwCleaner[S0].txt - [917 octets] - [12/09/2014 18:59:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [976 octets] ##########

------------------------------------
4. FRST & Addition logs

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Emils (administrator) on EMILS-PC on 12-09-2014 19:03:30
Running from C:\Users\Emils\Desktop
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Emils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Flux Software LLC) C:\Users\Emils\AppData\Local\FluxSoftware\Flux\flux.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
HKU\S-1-5-21-3428225840-3675432227-3511263173-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3428225840-3675432227-3511263173-1000\...\Run: [Spotify Web Helper] => C:\Users\Emils\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-25] (Spotify Ltd)
HKU\S-1-5-21-3428225840-3675432227-3511263173-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2993376 2014-05-08] (Nota Inc.)
HKU\S-1-5-21-3428225840-3675432227-3511263173-1000\...\Run: [f.lux] => C:\Users\Emils\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3428225840-3675432227-3511263173-1000\...\MountPoints2: {1b1817ee-15cd-11e4-a7af-10604b5cecff} - G:\Startme.exe
HKU\S-1-5-21-3428225840-3675432227-3511263173-1000\...\MountPoints2: {746209d1-fbfb-11e3-ac97-806e6f6e6963} - E:\Einstiegsseite.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?r...opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x09EEEA2B51CCCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Emils\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Emils\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Avira Browser Safety - C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\Extensions\[email protected] [2014-09-04]
FF Extension: Twitch.tv Stream Browser - C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\Extensions\[email protected] [2014-07-27]
FF Extension: Adblock Plus - C:\Users\Emils\AppData\Roaming\Mozilla\Firefox\Profiles\3we6rrcs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-24]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-08-14] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 19:03 - 2014-09-12 19:03 - 00014230 _____ () C:\Users\Emils\Desktop\FRST.txt
2014-09-12 19:02 - 2014-09-12 19:03 - 00000000 ____D () C:\FRST
2014-09-12 19:02 - 2014-09-12 19:02 - 02105856 _____ (Farbar) C:\Users\Emils\Desktop\FRST64.exe
2014-09-12 19:01 - 2014-09-12 19:01 - 00001059 _____ () C:\Users\Emils\Desktop\ADW.txt
2014-09-12 18:58 - 2014-09-12 18:59 - 00000000 ____D () C:\AdwCleaner
2014-09-12 18:58 - 2014-09-12 18:58 - 01373475 _____ () C:\Users\Emils\Downloads\AdwCleaner.exe
2014-09-12 18:57 - 2014-09-12 18:57 - 00002201 _____ () C:\Users\Emils\Desktop\New Text Document.txt
2014-09-12 18:56 - 2014-09-12 18:56 - 00002142 _____ () C:\Users\Emils\Desktop\BSOD.txt
2014-09-12 18:54 - 2013-07-17 10:36 - 00146528 _____ (NirSoft) C:\Users\Emils\Desktop\BlueScreenView.exe
2014-09-12 18:54 - 2013-07-17 10:36 - 00018384 _____ () C:\Users\Emils\Desktop\BlueScreenView.chm
2014-09-12 18:54 - 2013-07-17 10:36 - 00017196 _____ () C:\Users\Emils\Desktop\readme.txt
2014-09-12 18:49 - 2014-09-12 18:49 - 00000000 ____D () C:\_OTL
2014-09-12 13:50 - 2014-09-12 13:50 - 01231447 _____ () C:\Users\Emils\Downloads\saveedit_r237.zip
2014-09-11 23:44 - 2014-09-11 23:44 - 00102810 _____ () C:\Users\Emils\Downloads\Extras.Txt
2014-09-11 23:43 - 2014-09-11 23:43 - 00101606 _____ () C:\Users\Emils\Downloads\OTL.Txt
2014-09-11 23:38 - 2014-09-11 23:38 - 00602112 _____ (OldTimer Tools) C:\Users\Emils\Downloads\OTL.exe
2014-09-11 21:07 - 2014-09-11 21:07 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 21:01 - 2014-09-11 21:01 - 666015272 _____ () C:\Windows\MEMORY.DMP
2014-09-11 21:01 - 2014-09-11 21:01 - 00292120 _____ () C:\Windows\Minidump\091114-10561-01.dmp
2014-09-11 21:01 - 2014-09-11 21:01 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 17:36 - 2014-09-12 19:01 - 00000000 ____D () C:\Users\Emils\AppData\Local\LogMeIn Hamachi
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\Users\Emils\AppData\Local\LogMeIn
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-10 17:34 - 2014-09-10 17:35 - 08478720 _____ () C:\Users\Emils\Downloads\hamachi.msi
2014-09-08 12:02 - 2014-09-08 12:02 - 00000221 _____ () C:\Users\Emils\Desktop\Borderlands 2.url
2014-09-07 02:57 - 2014-09-12 19:00 - 00001418 _____ () C:\Windows\PFRO.log
2014-09-05 19:43 - 2014-09-11 19:33 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\.minecraft
2014-09-05 19:39 - 2014-09-05 19:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-05 19:39 - 2014-09-05 19:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-05 19:39 - 2014-09-05 19:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-05 19:39 - 2014-09-05 19:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\ProgramData\Sun
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-05 19:38 - 2014-09-05 19:38 - 00918952 _____ (Oracle Corporation) C:\Users\Emils\Downloads\jxpiinstall.exe
2014-09-05 19:38 - 2014-09-05 19:38 - 00675988 _____ () C:\Users\Emils\Downloads\Minecraft.exe
2014-09-03 03:33 - 2014-09-03 03:33 - 00010720 _____ () C:\Users\Emils\Desktop\clickerHeroSave2.txt
2014-09-03 02:59 - 2014-09-03 02:59 - 00001089 _____ () C:\Users\Emils\Desktop\Cheat Engine.lnk
2014-09-03 02:59 - 2014-09-03 02:59 - 00000000 ____D () C:\Users\Emils\Documents\My Cheat Tables
2014-09-03 02:59 - 2014-09-03 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-09-03 02:59 - 2014-09-03 02:59 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-09-03 02:58 - 2014-09-03 02:59 - 09052192 _____ (Cheat Engine ) C:\Users\Emils\Downloads\CheatEngine64.exe
2014-09-03 02:56 - 2014-09-03 03:28 - 00011696 _____ () C:\Users\Emils\Desktop\clickerHeroSave.txt
2014-09-01 23:15 - 2014-09-01 23:15 - 00687138 _____ () C:\Users\Emils\Downloads\Ariana Grande Leaked - Imgur.zip
2014-09-01 23:14 - 2014-09-01 23:14 - 00364823 _____ () C:\Users\Emils\Downloads\Brie Larson - Imgur.zip
2014-09-01 23:14 - 2014-09-01 23:14 - 00290668 _____ () C:\Users\Emils\Downloads\Jennette McCurdy Leaked - Imgur.zip
2014-09-01 23:12 - 2014-09-01 23:13 - 01569916 _____ () C:\Users\Emils\Downloads\Kayley Cuoco - Imgur.zip
2014-09-01 23:12 - 2014-09-01 23:12 - 07959992 _____ () C:\Users\Emils\Downloads\Jennifer Lawrence Leaked pics - Imgur.zip
2014-09-01 05:08 - 2014-09-01 05:08 - 00028672 _____ (pHr34K) C:\Users\Emils\Downloads\Klickor.exe
2014-08-31 03:19 - 2014-08-31 03:19 - 00000062 _____ () C:\Users\Emils\Desktop\settings.json
2014-08-31 03:15 - 2014-06-17 19:31 - 00440320 _____ () C:\Users\Emils\Desktop\ElophantClient.exe
2014-08-31 03:15 - 2014-03-30 16:06 - 01143296 _____ (FluorineFx.com) C:\Users\Emils\Desktop\FluorineFx.dll
2014-08-31 03:15 - 2014-03-30 16:06 - 00421888 _____ (Microsoft) C:\Users\Emils\Desktop\NotMissing.dll
2014-08-31 03:15 - 2014-01-11 01:20 - 00270336 _____ (The Apache Software Foundation) C:\Users\Emils\Desktop\log4net.dll
2014-08-31 03:15 - 2014-01-11 01:20 - 00187904 _____ (ServiceStack) C:\Users\Emils\Desktop\ServiceStack.Text.dll
2014-08-31 03:15 - 2014-01-11 01:20 - 00106496 _____ (www.antlr.org) C:\Users\Emils\Desktop\antlr.runtime.dll
2014-08-30 17:27 - 2014-08-30 17:50 - 00000000 ____D () C:\Users\Emils\Desktop\New folder
2014-08-30 16:52 - 2014-08-30 16:52 - 08104305 _____ () C:\Users\Emils\Downloads\Kā pievienoties.rar
2014-08-29 18:37 - 2014-09-12 19:00 - 00003762 _____ () C:\Windows\setupact.log
2014-08-29 18:37 - 2014-08-29 18:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-29 01:26 - 2014-08-29 01:27 - 00000042 _____ () C:\Users\Emils\lelwat.txt
2014-08-29 00:07 - 2014-08-29 00:12 - 00000000 ____D () C:\Users\Emils\AppData\Local\NFS Underground 2
2014-08-29 00:06 - 2014-08-29 00:06 - 00000638 _____ () C:\Users\Emils\Desktop\Need for Speed Underground 2.lnk
2014-08-29 00:06 - 2014-08-29 00:06 - 00000638 _____ () C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Need for Speed Underground 2.lnk
2014-08-26 03:57 - 2014-08-26 20:57 - 00014026 _____ () C:\Users\Emils\Desktop\BT5.txt
2014-08-25 16:27 - 2014-08-25 16:27 - 01376768 _____ () C:\Users\Emils\Downloads\7z920-x64.msi
2014-08-23 11:03 - 2014-08-23 11:04 - 00000000 ____D () C:\RecoveredPSD
2014-08-22 23:51 - 2014-08-22 23:52 - 00000000 ____D () C:\Users\Emils\Desktop\TXD Workshop
2014-08-22 15:06 - 2014-08-23 16:35 - 00000000 ____D () C:\Program Files\Recuva
2014-08-22 15:06 - 2014-08-22 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-08-22 15:05 - 2014-08-25 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-22 15:05 - 2014-08-23 00:10 - 00000000 ____D () C:\Program Files\Defraggler
2014-08-22 15:05 - 2014-08-22 15:05 - 00961360 _____ (Chip Digital GmbH) C:\Users\Emils\Downloads\recuva.exe
2014-08-22 15:05 - 2014-08-22 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-08-22 15:05 - 2014-08-22 15:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-22 15:04 - 2014-08-22 15:04 - 01101648 _____ () C:\Users\Emils\Downloads\defraggler.exe
2014-08-22 15:04 - 2014-08-22 15:04 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-22 15:04 - 2014-08-22 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-22 15:04 - 2014-08-22 15:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-22 15:03 - 2014-08-22 15:03 - 00961360 _____ (Chip Digital GmbH) C:\Users\Emils\Downloads\ccleaner.exe
2014-08-22 15:03 - 2014-08-22 15:03 - 00961360 _____ (Chip Digital GmbH) C:\Users\Emils\Downloads\7-zip.exe
2014-08-22 15:03 - 2014-08-22 15:03 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\DesktopIconGoodgame
2014-08-21 06:21 - 2014-08-21 06:21 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Avira
2014-08-21 06:21 - 2014-08-21 06:17 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-21 06:16 - 2014-07-23 13:29 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-21 06:16 - 2014-07-23 13:29 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-21 06:16 - 2014-07-23 13:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-21 05:48 - 2014-09-11 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-21 05:48 - 2014-09-11 21:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-21 05:48 - 2014-08-21 06:16 - 00000000 ____D () C:\ProgramData\Avira
2014-08-21 05:42 - 2014-08-21 05:42 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Emils\Downloads\avira_en_av___ws.exe
2014-08-21 02:42 - 2014-08-21 02:51 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Notepad++
2014-08-21 02:42 - 2014-08-21 02:51 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-21 02:42 - 2014-08-21 02:42 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-21 02:42 - 2014-08-21 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-21 02:41 - 2014-08-21 02:41 - 07920175 _____ () C:\Users\Emils\Downloads\npp.6.6.8.Installer.exe
2014-08-20 16:44 - 2014-08-21 17:12 - 00000000 ____D () C:\Users\Emils\Documents\HTML learning
2014-08-16 19:36 - 2014-08-16 19:36 - 00003088 _____ () C:\Windows\System32\Tasks\{3CBAD1D6-D7F8-4C86-8C59-32DB6E85F7F4}
2014-08-14 19:14 - 2014-08-14 19:15 - 00000000 ____D () C:\Users\Emils\AppData\Local\ArmA 2
2014-08-14 19:14 - 2014-08-14 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-14 19:10 - 2014-08-14 19:10 - 00000000 ____D () C:\Users\Emils\AppData\Local\DayZCommander
2014-08-14 19:10 - 2014-08-14 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-08-14 19:10 - 2014-08-14 19:10 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-08-14 19:09 - 2014-08-14 19:09 - 02932736 _____ () C:\Users\Emils\Downloads\Dotjosh.DayZCommander.Installer.msi
2014-08-14 13:59 - 2014-09-08 12:18 - 00000000 ____D () C:\Users\Emils\AppData\Local\ArmA 2 OA
2014-08-14 13:59 - 2014-08-14 19:14 - 00000000 ____D () C:\Users\Emils\Documents\ArmA 2
2014-08-14 13:59 - 2014-08-14 19:14 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-14 13:59 - 2014-08-14 13:59 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 19:03 - 2014-09-12 19:03 - 00014230 _____ () C:\Users\Emils\Desktop\FRST.txt
2014-09-12 19:03 - 2014-09-12 19:02 - 00000000 ____D () C:\FRST
2014-09-12 19:03 - 2014-06-24 17:03 - 01364014 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 19:02 - 2014-09-12 19:02 - 02105856 _____ (Farbar) C:\Users\Emils\Desktop\FRST64.exe
2014-09-12 19:01 - 2014-09-12 19:01 - 00001059 _____ () C:\Users\Emils\Desktop\ADW.txt
2014-09-12 19:01 - 2014-09-10 17:36 - 00000000 ____D () C:\Users\Emils\AppData\Local\LogMeIn Hamachi
2014-09-12 19:01 - 2014-06-24 19:10 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Skype
2014-09-12 19:00 - 2014-09-07 02:57 - 00001418 _____ () C:\Windows\PFRO.log
2014-09-12 19:00 - 2014-08-29 18:37 - 00003762 _____ () C:\Windows\setupact.log
2014-09-12 19:00 - 2014-06-24 18:13 - 00000358 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-09-12 19:00 - 2014-06-24 17:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-12 19:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 18:59 - 2014-09-12 18:58 - 00000000 ____D () C:\AdwCleaner
2014-09-12 18:58 - 2014-09-12 18:58 - 01373475 _____ () C:\Users\Emils\Downloads\AdwCleaner.exe
2014-09-12 18:57 - 2014-09-12 18:57 - 00002201 _____ () C:\Users\Emils\Desktop\New Text Document.txt
2014-09-12 18:57 - 2009-07-14 07:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 18:56 - 2014-09-12 18:56 - 00002142 _____ () C:\Users\Emils\Desktop\BSOD.txt
2014-09-12 18:56 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 18:56 - 2009-07-14 06:45 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 18:49 - 2014-09-12 18:49 - 00000000 ____D () C:\_OTL
2014-09-12 18:48 - 2014-06-29 02:17 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\uTorrent
2014-09-12 18:25 - 2014-06-24 18:35 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Spotify
2014-09-12 18:21 - 2014-06-24 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 14:57 - 2014-06-24 19:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-12 14:42 - 2014-06-29 11:48 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEmils
2014-09-12 14:42 - 2014-06-29 11:48 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForEmils.job
2014-09-12 13:50 - 2014-09-12 13:50 - 01231447 _____ () C:\Users\Emils\Downloads\saveedit_r237.zip
2014-09-12 12:27 - 2014-06-28 13:00 - 00000000 ____D () C:\Users\Emils\AppData\Local\Adobe
2014-09-12 01:34 - 2014-06-24 18:13 - 00002714 _____ () C:\Windows\System32\Tasks\DriverToolkit Autorun
2014-09-11 23:52 - 2014-06-24 18:36 - 00000000 ____D () C:\Users\Emils\AppData\Local\Spotify
2014-09-11 23:44 - 2014-09-11 23:44 - 00102810 _____ () C:\Users\Emils\Downloads\Extras.Txt
2014-09-11 23:43 - 2014-09-11 23:43 - 00101606 _____ () C:\Users\Emils\Downloads\OTL.Txt
2014-09-11 23:38 - 2014-09-11 23:38 - 00602112 _____ (OldTimer Tools) C:\Users\Emils\Downloads\OTL.exe
2014-09-11 21:07 - 2014-09-11 21:07 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 21:07 - 2014-08-21 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 21:07 - 2014-08-21 05:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-11 21:07 - 2014-07-23 21:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 21:01 - 2014-09-11 21:01 - 666015272 _____ () C:\Windows\MEMORY.DMP
2014-09-11 21:01 - 2014-09-11 21:01 - 00292120 _____ () C:\Windows\Minidump\091114-10561-01.dmp
2014-09-11 21:01 - 2014-09-11 21:01 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 19:33 - 2014-09-05 19:43 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\.minecraft
2014-09-11 19:12 - 2014-08-05 17:24 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\mIRC
2014-09-11 14:24 - 2014-08-08 00:34 - 00000132 _____ () C:\Users\Emils\AppData\Roaming\Adobe PNG Format CC Prefs
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\Users\Emils\AppData\Local\LogMeIn
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-10 17:36 - 2014-09-10 17:36 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-10 17:35 - 2014-09-10 17:34 - 08478720 _____ () C:\Users\Emils\Downloads\hamachi.msi
2014-09-09 22:21 - 2014-06-24 18:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 22:21 - 2014-06-24 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 22:21 - 2014-06-24 18:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-08 20:26 - 2014-06-26 15:41 - 00000000 ____D () C:\Users\Emils\Documents\My Games
2014-09-08 12:18 - 2014-08-14 13:59 - 00000000 ____D () C:\Users\Emils\AppData\Local\ArmA 2 OA
2014-09-08 12:02 - 2014-09-08 12:02 - 00000221 _____ () C:\Users\Emils\Desktop\Borderlands 2.url
2014-09-05 19:39 - 2014-09-05 19:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-05 19:39 - 2014-09-05 19:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-05 19:39 - 2014-09-05 19:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-05 19:39 - 2014-09-05 19:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\ProgramData\Sun
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-05 19:39 - 2014-09-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-05 19:38 - 2014-09-05 19:38 - 00918952 _____ (Oracle Corporation) C:\Users\Emils\Downloads\jxpiinstall.exe
2014-09-05 19:38 - 2014-09-05 19:38 - 00675988 _____ () C:\Users\Emils\Downloads\Minecraft.exe
2014-09-03 03:33 - 2014-09-03 03:33 - 00010720 _____ () C:\Users\Emils\Desktop\clickerHeroSave2.txt
2014-09-03 03:28 - 2014-09-03 02:56 - 00011696 _____ () C:\Users\Emils\Desktop\clickerHeroSave.txt
2014-09-03 02:59 - 2014-09-03 02:59 - 00001089 _____ () C:\Users\Emils\Desktop\Cheat Engine.lnk
2014-09-03 02:59 - 2014-09-03 02:59 - 00000000 ____D () C:\Users\Emils\Documents\My Cheat Tables
2014-09-03 02:59 - 2014-09-03 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2014-09-03 02:59 - 2014-09-03 02:59 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2014-09-03 02:59 - 2014-09-03 02:58 - 09052192 _____ (Cheat Engine ) C:\Users\Emils\Downloads\CheatEngine64.exe
2014-09-01 23:15 - 2014-09-01 23:15 - 00687138 _____ () C:\Users\Emils\Downloads\Ariana Grande Leaked - Imgur.zip
2014-09-01 23:14 - 2014-09-01 23:14 - 00364823 _____ () C:\Users\Emils\Downloads\Brie Larson - Imgur.zip
2014-09-01 23:14 - 2014-09-01 23:14 - 00290668 _____ () C:\Users\Emils\Downloads\Jennette McCurdy Leaked - Imgur.zip
2014-09-01 23:13 - 2014-09-01 23:12 - 01569916 _____ () C:\Users\Emils\Downloads\Kayley Cuoco - Imgur.zip
2014-09-01 23:12 - 2014-09-01 23:12 - 07959992 _____ () C:\Users\Emils\Downloads\Jennifer Lawrence Leaked pics - Imgur.zip
2014-09-01 05:08 - 2014-09-01 05:08 - 00028672 _____ (pHr34K) C:\Users\Emils\Downloads\Klickor.exe
2014-09-01 00:27 - 2014-07-11 00:40 - 00000000 ____D () C:\Users\Emils\AppData\Local\Battle.net
2014-08-31 03:19 - 2014-08-31 03:19 - 00000062 _____ () C:\Users\Emils\Desktop\settings.json
2014-08-30 17:50 - 2014-08-30 17:27 - 00000000 ____D () C:\Users\Emils\Desktop\New folder
2014-08-30 16:52 - 2014-08-30 16:52 - 08104305 _____ () C:\Users\Emils\Downloads\Kā pievienoties.rar
2014-08-30 05:14 - 2014-07-24 02:09 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\TS3Client
2014-08-29 18:37 - 2014-08-29 18:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-29 01:27 - 2014-08-29 01:26 - 00000042 _____ () C:\Users\Emils\lelwat.txt
2014-08-29 01:26 - 2014-06-24 17:04 - 00000000 ____D () C:\Users\Emils
2014-08-29 00:12 - 2014-08-29 00:07 - 00000000 ____D () C:\Users\Emils\AppData\Local\NFS Underground 2
2014-08-29 00:06 - 2014-08-29 00:06 - 00000638 _____ () C:\Users\Emils\Desktop\Need for Speed Underground 2.lnk
2014-08-29 00:06 - 2014-08-29 00:06 - 00000638 _____ () C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Need for Speed Underground 2.lnk
2014-08-29 00:06 - 2014-08-05 17:14 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 23:37 - 2009-07-14 06:45 - 04998912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 15:56 - 2014-06-24 18:38 - 00087904 _____ () C:\Users\Emils\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 20:57 - 2014-08-26 03:57 - 00014026 _____ () C:\Users\Emils\Desktop\BT5.txt
2014-08-25 16:59 - 2014-08-12 22:49 - 00001456 _____ () C:\Users\Emils\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-08-25 16:27 - 2014-08-25 16:27 - 01376768 _____ () C:\Users\Emils\Downloads\7z920-x64.msi
2014-08-25 16:27 - 2014-08-22 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-23 16:35 - 2014-08-22 15:06 - 00000000 ____D () C:\Program Files\Recuva
2014-08-23 11:04 - 2014-08-23 11:03 - 00000000 ____D () C:\RecoveredPSD
2014-08-23 11:04 - 2014-08-07 12:55 - 00000000 ____D () C:\Users\Emils\Documents\Lightrooms
2014-08-23 00:10 - 2014-08-22 15:05 - 00000000 ____D () C:\Program Files\Defraggler
2014-08-22 23:53 - 2014-06-25 02:55 - 00000000 ____D () C:\Windows\Panther
2014-08-22 23:52 - 2014-08-22 23:51 - 00000000 ____D () C:\Users\Emils\Desktop\TXD Workshop
2014-08-22 15:06 - 2014-08-22 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-08-22 15:05 - 2014-08-22 15:05 - 00961360 _____ (Chip Digital GmbH) C:\Users\Emils\Downloads\recuva.exe
2014-08-22 15:05 - 2014-08-22 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-08-22 15:05 - 2014-08-22 15:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-22 15:04 - 2014-08-22 15:04 - 01101648 _____ () C:\Users\Emils\Downloads\defraggler.exe
2014-08-22 15:04 - 2014-08-22 15:04 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-22 15:04 - 2014-08-22 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-22 15:04 - 2014-08-22 15:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-22 15:03 - 2014-08-22 15:03 - 00961360 _____ (Chip Digital GmbH) C:\Users\Emils\Downloads\ccleaner.exe
2014-08-22 15:03 - 2014-08-22 15:03 - 00961360 _____ (Chip Digital GmbH) C:\Users\Emils\Downloads\7-zip.exe
2014-08-22 15:03 - 2014-08-22 15:03 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\DesktopIconGoodgame
2014-08-21 17:12 - 2014-08-20 16:44 - 00000000 ____D () C:\Users\Emils\Documents\HTML learning
2014-08-21 06:21 - 2014-08-21 06:21 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Avira
2014-08-21 06:17 - 2014-08-21 06:21 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-21 06:16 - 2014-08-21 05:48 - 00000000 ____D () C:\ProgramData\Avira
2014-08-21 05:42 - 2014-08-21 05:42 - 04574968 _____ (Avira Operations GmbH & Co. KG) C:\Users\Emils\Downloads\avira_en_av___ws.exe
2014-08-21 02:51 - 2014-08-21 02:42 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Notepad++
2014-08-21 02:51 - 2014-08-21 02:42 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-08-21 02:42 - 2014-08-21 02:42 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-21 02:42 - 2014-08-21 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-08-21 02:41 - 2014-08-21 02:41 - 07920175 _____ () C:\Users\Emils\Downloads\npp.6.6.8.Installer.exe
2014-08-20 15:35 - 2014-06-24 19:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-16 19:36 - 2014-08-16 19:36 - 00003088 _____ () C:\Windows\System32\Tasks\{3CBAD1D6-D7F8-4C86-8C59-32DB6E85F7F4}
2014-08-16 16:05 - 2014-07-24 02:09 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-08-14 19:15 - 2014-08-14 19:14 - 00000000 ____D () C:\Users\Emils\AppData\Local\ArmA 2
2014-08-14 19:14 - 2014-08-14 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-14 19:14 - 2014-08-14 13:59 - 00000000 ____D () C:\Users\Emils\Documents\ArmA 2
2014-08-14 19:14 - 2014-08-14 13:59 - 00000000 ____D () C:\Users\Emils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-14 19:10 - 2014-08-14 19:10 - 00000000 ____D () C:\Users\Emils\AppData\Local\DayZCommander
2014-08-14 19:10 - 2014-08-14 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios
2014-08-14 19:10 - 2014-08-14 19:10 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2014-08-14 19:09 - 2014-08-14 19:09 - 02932736 _____ () C:\Users\Emils\Downloads\Dotjosh.DayZCommander.Installer.msi
2014-08-14 13:59 - 2014-08-14 13:59 - 00000000 ____D () C:\ProgramData\Bohemia Interactive Studio

Some content of TEMP:
====================
C:\Users\Emils\AppData\Local\Temp\avgnt.exe
C:\Users\Emils\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-06 18:29

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Emils at 2014-09-12 19:04:04
Running from C:\Users\Emils\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A.V.A - Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version: - RED DUCK Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - 800 North and Digital Ranch)
DriverToolkit version 8.3.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.3.0.0 - Megaify Software)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
f.lux (HKCU\...\Flux) (Version: - )
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version: - SimBin)
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Landmark Beta (HKCU\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.7 - www.leaguereplays.com)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.34 - mIRC Co. Ltd.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Orcs Must Die! Unchained (HKLM-x32\...\OMDU) (Version: - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin)
RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - SimBin Studios AB)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12943.90 - raidcall.com)
Really Big Sky (HKLM-x32\...\Steam App 201570) (Version: - Boss Baddie)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{AA8B3F71-1481-404D-9DEE-C8862A85C63A}) (Version: 1.12.25 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.25 - Texas Instruments Inc.) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version: - Ubisoft)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

03-09-2014 05:30:24 Scheduled Checkpoint
05-09-2014 17:39:19 Installed Java 7 Update 67
08-09-2014 18:24:07 Installed Microsoft Visual C++ 2005 Redistributable
08-09-2014 18:24:40 Installed Microsoft Visual C++ 2005 Redistributable
08-09-2014 18:25:29 Installed DirectX
10-09-2014 15:36:07 Installed LogMeIn Hamachi
12-09-2014 16:50:03 OTL Restore Point - 12/09/14 6:50:02 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {21DCA013-EE56-41FC-A1DE-D6CD77CFBD99} - System32\Tasks\{3CBAD1D6-D7F8-4C86-8C59-32DB6E85F7F4} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {27A85D08-1E6A-4C0F-ABEC-6F946F37697D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {481C1A5F-FC7E-4058-AB0F-696FA4BB1A96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {6017ECD1-6C3B-4826-9D60-EA5929E5656D} - System32\Tasks\HPCeeScheduleForEmils => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {830530D8-3D55-402D-ABE0-2F54FD491333} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {9A6447FC-CD8E-41FD-B2A8-3DA8BD68384A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {9CE13737-822F-4EBB-B2F0-62E1D0E4EBB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A4DE727D-7F77-4049-AE66-CF0D9414FE09} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-05-08] ()
Task: {B151E1BF-AAB7-43B0-8024-717A8C6A7817} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [2014-04-30] (Megaify Software Co., Ltd.)
Task: {B16EA302-1808-46F0-91C7-6EF1F8BAEFA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {D72B809D-A8FF-42B5-90CC-B3020C71AD44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {E55FD45F-88A6-43E2-9972-4F8A41514A65} - System32\Tasks\AdobeAAMUpdater-1.0-Emils-PC-Emils => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\HPCeeScheduleForEmils.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-06-24 17:48 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-06-24 17:36 - 2014-02-17 19:13 - 00092984 _____ () C:\Program Files (x86)\DriverToolkit\zlibwapi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-07-15 15:47 - 2014-07-15 15:47 - 00401920 _____ () C:\Program Files (x86)\LOLReplay\LOLUtils.dll
2014-08-21 06:16 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Emils\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-22 17:57 - 2014-07-22 17:57 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-09 22:21 - 2014-09-09 22:21 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-06-24 19:12 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Emils\Application Data:NT
AlternateDataStreams: C:\Users\Emils\Application Data:NT2
AlternateDataStreams: C:\Users\Emils\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Emils\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

System errors:
=============
Error: (09/12/2014 06:49:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/12/2014 00:28:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (09/12/2014 00:28:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (09/12/2014 00:20:45 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3C202852-7C9D-433F-8E27-1BC5C68302F6}.
The backup browser is stopping.

Error: (09/11/2014 09:01:32 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff960001b4283, 0xfffff8800969e020, 0x0000000000000000)C:\Windows\MEMORY.DMP091114-10561-01

Error: (09/11/2014 09:01:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:00:40 PM on ‎9/‎11/‎2014 was unexpected.

Error: (09/11/2014 00:16:26 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3C202852-7C9D-433F-8E27-1BC5C68302F6}.
The backup browser is stopping.

Error: (09/10/2014 05:36:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (09/10/2014 05:36:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (09/10/2014 05:36:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll980SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546

==================== Memory info ===========================

Processor: Intel® Core™ i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 26%
Total physical RAM: 8147.3 MB
Available physical RAM: 5968.62 MB
Total Pagefile: 16292.74 MB
Available Pagefile: 13789.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:109.36 GB) NTFS
Drive d: () (Fixed) (Total:1667.7 GB) (Free:1534.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4D8EBEAD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1667.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

------------------------------------
5. FRST Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Emils at 2014-09-12 19:05:50 Run:1
Running from C:\Users\Emils\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
cmd:fsutil fsinfo ntfsinfo c:
*****************

========= fsutil fsinfo ntfsinfo c: =========

NTFS Volume Serial Number :       0xf46420fe6420c568
Version :                         3.1
Number Sectors :                  0x000000001866dfff
Total Clusters :                  0x00000000030cdbff
Free Clusters :                  0x0000000001b57d47
Total Reserved :                  0x00000000000005f0
Bytes Per Sector :               512
Bytes Per Cluster :               4096
Bytes Per FileRecord Segment    : 1024
Clusters Per FileRecord Segment : 0
Mft Valid Data Length :           0x000000000a280000
Mft Start Lcn :                  0x00000000000c0000
Mft2 Start Lcn :                  0x0000000000000002
Mft Zone Start :                  0x00000000013daaa0
Mft Zone End   :                  0x00000000013e72c0
RM Identifier:        18F31EEA-FC01-11E3-9854-AF05EE083141

========= End of CMD: =========

==== End of Fixlog ====

#6
BrianDrab

Posted 12 September 2014 - 01:34 PM

Trusted Helper

Malware Removal
3,591 posts

Excellent job so far!! Glad to here the one issue is resolved. Please follow the instructions below.

Step#1 - Fix Issue with Advanced Format Disk
1. Please go here and download and install the 64-bit version for Windows 7.

This should resolve the errors like the one that follows in your Application Event Log.

Application errors:
==================
Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Step#2 - Fix Blue Screen of Death
1. Please download and install Service Pack 1 for Windows 7. It's likely this will resolve your blue screen issues.

Step#3 - Run Malwarebytes and Post Log

Download Malwarebytes to your desktop from here.
Double-click on the file that is downloaded to your desktop.
Select the appropriate language and click OK.
Click Next.
Select "I accept the agreement" and click Next.
Click Next
Change the install path if desired. Normally you will keep this as is. Click Next.
Click Next again.
Click Next again.
Click Install.
Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium" since we are going to uninstall when we are done.
Click Finish
If an update is found you will be prompted to download and install. Go ahead.
Click the Scan button at the top of the form and then click Scan Now.
Once the scan completes click the View detailed log link.
Then click the Copy to clipboard button and paste into your next post.

Step#4 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Items for your next post
1. Malwarebytes log

2. Rootkit Scan log

3. How's your machine after all this?

#7
ValkyrieLV

Posted 14 September 2014 - 08:18 AM

New Member

Topic Starter
Member
6 posts

Couldn't install the updates for some reason. Shows error:
Installer encountered an error: 0xc8000222

-------------------------------

1. Malwarebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/09/14
Scan Time: 3:18:28 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.14.03
Rootkit Database: v2014.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Emils

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301811
Time Elapsed: 6 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

-------------------------------

2. Rootkit Scan log

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-14 15:28:23
-----------------------------
15:28:23.145    OS Version: Windows x64 6.1.7600
15:28:23.145    Number of processors: 4 586 0x3A09
15:28:23.145    ComputerName: EMILS-PC UserName: Emils
15:28:23.651    Initialize success
15:28:23.682    VM: initialized successfully
15:28:23.705    VM: Intel CPU BiosDisabled
15:28:27.918    VM: disk I/O iaStorA.sys
15:32:08.765    AVAST engine defs: 14091400
15:32:55.981    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
15:32:55.984    Disk 0 Vendor: ST2000DM HP16 Size: 1907729MB BusType: 11
15:32:56.076    Disk 0 MBR read successfully
15:32:56.079    Disk 0 MBR scan
15:32:56.107    Disk 0 Windows 7 default MBR code
15:32:56.114    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:32:56.118    Disk 0 Boot: NTFS     code=1
15:32:56.132    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       199900 MB offset 206848
15:32:56.150    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS      1707727 MB offset 409602048
15:32:56.175    Disk 0 scanning C:\Windows\system32\drivers
15:33:02.688    Service scanning
15:33:14.391    Modules scanning
15:33:14.398    Disk 0 trace - called modules:
15:33:14.408    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
15:33:14.414    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099d1060]
15:33:14.420    3 CLASSPNP.SYS[fffff88001b8f43f] -> nt!IofCallDriver -> [0xfffffa8007769c50]
15:33:14.424    5 iaStorF.sys[fffff88001b2bf84] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8007678780]
15:33:14.951    AVAST engine scan C:\Windows
15:33:16.148    AVAST engine scan C:\Windows\system32
15:35:04.244    AVAST engine scan C:\Windows\system32\drivers
15:35:15.578    AVAST engine scan C:\Users\Emils
15:40:01.573    File: C:\Users\Emils\Downloads\recuva.exe **INFECTED** Win32:Adware-gen [Adw]
15:40:33.574    AVAST engine scan C:\ProgramData
15:41:19.023    Scan finished successfully
16:16:14.093    Disk 0 MBR has been saved successfully to "C:\Users\Emils\Desktop\MBR.dat"
16:16:14.097    The log file has been saved successfully to "C:\Users\Emils\Desktop\aswMBR.txt"

-----------------------------

3. Slower start up times, and no errors so far except for the error when trying to install updates.

#8
BrianDrab

Posted 14 September 2014 - 09:00 AM

Trusted Helper

Malware Removal
3,591 posts

No problem. We definitely have some issues here to resolve. , we need to check for any broken services. Also can you let me know did you happen to buy a new hard drive and then clone your current one on to it?

Step#1 - Check Services
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.

Things For Your Next Post:
1. Contents of the FSS.txt log.
2. Did you happen to clone your drive or backup and restore on to a new drive?

#9
ValkyrieLV

Posted 14 September 2014 - 09:24 AM

New Member

Topic Starter
Member
6 posts

----------------------------------------

1. FSS log

Farbar Service Scanner Version: 21-07-2014
Ran by Emils (administrator) on 14-09-2014 at 17:24:10
Running from "C:\Users\Emils\Downloads"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

----------------------------------------

2. No I haven't changed my hard drive

#10
BrianDrab

Posted 15 September 2014 - 09:08 AM

Trusted Helper

Malware Removal
3,591 posts

Thanks for the info. Please follow the instructions below.

Step#1 - Reset Windows Update Components
1. Please go here and run the Microsoft FixIt for Windows 7.
2. If it asks to reboot please do. Let me know how it goes.

Step#2 - Do this ONLY if Step#1 worked with no errors (Fix Issue with Advanced Format Disk)

1. Please go here and download and install the 64-bit version for Windows 7.

This should resolve the errors like the one that follows in your Application Event Log.

Application errors:
==================
Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Step#3 - Do this ONLY if Step#1 Didn't work

1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...

3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Double-click to open the folder.

6. Double-click on Repair_Windows.exe to open the program. Answer Yes when prompted to allow.
7. When the program opens, click the Repairs tab and click the Open Repairs button.
Start%20Repairs.JPG
8. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
9. Please click the Unselect All button and then click to enable only the following ones:
      17 - Repair Windows Updates
      21 - Repair MSI (Windows Installer)


10. Click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient (should be less than 10 minutes however).
11. Once the fixes are complete you will be prompted to reboot. Please answer Yes.

Step#4 - Do this ONLY if you had to do Step#3 (Fix Issue with Advanced Format Disk)

1. Please go here and download and install the 64-bit version for Windows 7.

This should resolve the errors like the one that follows in your Application Event Log.

Application errors:
==================
Error: (09/12/2014 07:03:47 PM) (Source: ESENT) (EventID: 412) (User: )
Description: wuaueng.dll (980) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.

Items for your next post.

1. Let me know the results of these steps.

#11
Essexboy

Posted 19 September 2014 - 05:56 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#12
ValkyrieLV

Posted 19 September 2014 - 06:44 AM

New Member

Topic Starter
Member
6 posts

So sorry for this long delay, i didn't receive my notification email, therefore forgot to look. Also i used the windows FixIt tool 1st, it succeeded, yet still couldn't install the update. After that i did Step #3 and it worked just like a charm. Thanks alot <3