Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Winmgr.exe malware issue.

Started by DSWuk , Nov 04 2014 06:02 AM

Please log in to reply

#1
DSWuk

Posted 04 November 2014 - 06:02 AM

New Member

Member
8 posts

Hi there, stupidly i downloaded a program that has infacted my Pc with this winmgr.exe, its blocked my AVG and windows defender.

been trying to get rid of it, but cant.

any ideas?

Cheers

DSW

Edited by DSWuk, 04 November 2014 - 06:02 AM.

#2
DonnaB

Posted 04 November 2014 - 05:55 PM

Miss Congeniality

GeekU Moderator
8,529 posts

Hi DSWuk,

Welcome to Geeks To Go!

My apologies for the delay in responding. I need more information. Please follow the instructions below and provide both logs the scan generates...

Download Farbar Recovery Scan Tool from here to your Desktop.
You'll have to choose either the 32 or 64-bit version depending on which your OS is.
When completed, launch the downloaded file.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will create 2 logs (FRST.txt and Addition.tx) on the Desktop. Please copy and paste the logs into your next reply.

Thank you,
Donna

#3
DSWuk

Posted 05 November 2014 - 05:38 AM

New Member

Topic Starter
Member
8 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by DSW79 (administrator) on DSW on 05-11-2014 11:28:15
Running from C:\Users\DSW79\Downloads
Loaded Profile: DSW79 (Available profiles: DSW79)
Platform: Windows 8.1 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Wondershare Software Co.,Ltd. ) C:\Program Files (x86)\Windows Manager\winmgr.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\DSW79\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [819984 2014-03-13] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-04] (Electronic Arts)
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [Actual Multiple Monitors] => "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\RunOnce: [WindowsUpdate] => C:\Program Files (x86)\Windows Manager\winmgr.exe [41598976 2014-04-22] (Wondershare Software Co.,Ltd. )
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\MountPoints2: {914b137f-5f6d-11e3-824b-806e6f6e6963} - "E:\autorun.exe"
HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\taskman.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com
Startup: C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\DSW79\z8g36di25wi81\43455.vbs ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg...fr&d=2014-08-30 15:40:51&v=18.1.9.786&pid=safeguard&sg=&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F5D4B7DEC42CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2014-08-30 15:40:51&v=18.1.9.786&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default
FF SelectedSearchEngine: Google
FF Homepage: google.com
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Nectar Toolbar - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\{EBB6A13A-F162-47D8-8BAE-B587C99A6C0E} [2014-07-05]
FF Extension: Classic Theme Restorer - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-05-14]
FF Extension: Classic Reload-Stop-Go Button - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\crsg@ArisT2_Noia4dev.xpi [2014-03-18]
FF Extension: nzbdStatus - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-03-18]
FF Extension: translator - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-03-19]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-06-19]
FF Extension: Adblock Plus - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-18]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20]
CHR Extension: (Google Drive) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20]
CHR Extension: (Google Cast) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-08-20]
CHR Extension: (Adblock Plus) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-20]
CHR Extension: (Google Search) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20]
CHR Extension: (Google Cast (Beta)) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2014-08-29]
CHR Extension: (Excel Online) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-08-23]
CHR Extension: (Nectar Toolbar) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgkojhokdikmakapclkdoagjnghgpphm [2014-08-29]
CHR Extension: (TCast Beta) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmmfodkjhnilmceocmpadlkpahakhdi [2014-08-29]
CHR Extension: (Google Wallet) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]
CHR Extension: (Gmail) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-14] () [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-03-13] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-06-28] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-09] ()
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [121616 2014-03-13] (BlueStack Systems)
R3 DroidCam; C:\Windows\system32\DRIVERS\droidcam.sys [32568 2014-06-25] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\system32\DRIVERS\droidcamvideo.sys [229176 2014-06-25] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-11-04] ()
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39240 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 11:26 - 2014-11-05 11:26 - 02114560 _____ (Farbar) C:\Users\DSW79\Downloads\FRST64 (1).exe
2014-11-04 13:28 - 2014-11-04 13:29 - 00000000 ____D () C:\Program Files (x86)\RegTweaker
2014-11-04 13:28 - 2014-11-04 13:28 - 02992555 _____ () C:\Users\DSW79\Downloads\regtweaker.exe
2014-11-04 13:21 - 2014-11-05 11:28 - 00022175 _____ () C:\Users\DSW79\Downloads\FRST.txt
2014-11-04 13:21 - 2014-11-05 11:28 - 00000000 ____D () C:\FRST
2014-11-04 13:21 - 2014-11-04 13:21 - 02114560 _____ (Farbar) C:\Users\DSW79\Downloads\FRST64.exe
2014-11-04 13:07 - 2014-11-04 13:07 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\DSW79\Downloads\info.com.exe
2014-11-04 12:52 - 2014-11-04 12:52 - 20143256 _____ (SUPERAntiSpyware) C:\Users\DSW79\Downloads\SUPERAntiSpyware.exe
2014-11-04 12:08 - 2014-11-04 12:47 - 00000000 ____D () C:\VIPRERESCUE
2014-11-04 12:08 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-11-04 12:08 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2014-11-04 10:08 - 2014-11-04 10:09 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-11-04 10:08 - 2014-11-04 10:08 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2014-11-04 10:08 - 2014-11-04 10:08 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\CONFIG.NT
2014-11-04 10:08 - 2014-11-04 10:08 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2014-11-04 10:08 - 2014-11-04 10:08 - 00000000 ____D () C:\Users\DSW79\Documents\RegRun2
2014-11-04 09:39 - 2014-11-04 09:40 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-04 09:39 - 2014-11-04 09:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 00:04 - 2014-11-04 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-04 00:04 - 2014-11-04 00:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 00:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-04 00:04 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-11-04 00:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-04 00:02 - 2014-11-04 00:05 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-11-04 00:02 - 2014-11-04 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-11-04 00:02 - 2014-11-04 00:02 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-11-03 23:58 - 2014-11-04 00:00 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-11-03 23:49 - 2014-11-04 00:05 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-11-03 23:49 - 2014-11-03 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-03 23:35 - 2014-11-04 00:00 - 00005254 _____ () C:\WINDOWS\system32\.crusader
2014-11-03 23:33 - 2014-11-03 23:35 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-03 19:32 - 2014-11-03 19:32 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Wondershare
2014-11-03 19:32 - 2014-11-03 19:32 - 00000000 ____D () C:\Users\DSW79\AppData\Local\Wondershare
2014-11-03 19:31 - 2014-11-05 11:23 - 00000000 __SHD () C:\ProgramData\Windows Manager
2014-11-03 19:31 - 2014-04-22 18:28 - 41598976 __RSH (Wondershare Software Co.,Ltd. ) C:\WINDOWS\SysWOW64\Microsoft.com
2014-11-03 19:31 - 2014-04-22 18:28 - 41598976 __RSH (Wondershare Software Co.,Ltd. ) C:\ProgramData\Microsoft.com
2014-11-03 18:18 - 2014-11-03 18:18 - 00000000 ____D () C:\Users\DSW79\Documents\Black
2014-11-02 19:19 - 2014-11-02 19:19 - 00000000 ____D () C:\Users\DSW79\AppData\Local\Adobe
2014-11-01 18:06 - 2014-11-01 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2014-10-31 17:07 - 2014-11-01 20:30 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Curse Client
2014-10-31 17:07 - 2014-10-31 17:07 - 00001030 _____ () C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-10-31 17:07 - 2014-10-31 17:07 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Curse
2014-10-22 17:47 - 2014-10-22 17:47 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-22 17:47 - 2014-10-16 12:27 - 00614544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-10-22 17:46 - 2014-10-16 16:54 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-10-22 17:46 - 2014-10-16 16:54 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 31890064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 24555840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 20922696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 19966856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 17260864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 14029400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 13942368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 13190288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-10-22 17:45 - 2014-10-16 16:54 - 11395672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 11333848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 04289856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 04009672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 02849224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434448.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434448.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00962376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00931984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00921928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00895176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00870112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00833864 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00500880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00418112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00392008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00348488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00101696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2014-10-22 17:45 - 2014-10-16 16:54 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2014-10-22 17:43 - 2014-10-22 17:47 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-10-22 17:43 - 2014-09-04 19:14 - 00038048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-10-22 17:43 - 2014-09-04 19:14 - 00032416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-10-16 20:54 - 2014-09-27 22:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-16 20:53 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-16 20:53 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-16 20:53 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-16 20:53 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-16 20:53 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-16 20:53 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-16 20:53 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-16 20:53 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-16 20:53 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-16 20:53 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-16 20:53 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-16 20:53 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-16 20:53 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-16 20:53 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-16 20:53 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-16 20:53 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-16 20:53 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-16 20:53 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-16 20:53 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-16 20:53 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-16 20:53 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-16 20:53 - 2014-09-19 00:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-16 20:53 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-16 20:53 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-16 20:53 - 2014-09-19 00:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-16 20:53 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-16 20:53 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-16 20:53 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-16 20:53 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-16 20:53 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-16 20:52 - 2014-09-13 06:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-16 20:52 - 2014-09-13 05:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-16 20:52 - 2014-09-08 03:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-16 20:52 - 2014-09-08 01:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-16 20:52 - 2014-09-08 01:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-16 20:52 - 2014-09-08 00:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-16 20:52 - 2014-09-08 00:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-16 20:52 - 2014-09-08 00:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-16 20:52 - 2014-09-08 00:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-16 20:52 - 2014-09-08 00:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-16 20:52 - 2014-09-08 00:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-16 20:52 - 2014-09-08 00:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-16 20:52 - 2014-09-07 23:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-16 20:52 - 2014-09-07 23:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-16 20:52 - 2014-09-07 23:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-16 20:52 - 2014-09-07 23:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-16 20:52 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-16 20:52 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-16 20:52 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-16 20:52 - 2014-08-29 01:32 - 02779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-16 20:52 - 2014-08-29 00:59 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-16 20:52 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-16 20:52 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-16 20:52 - 2014-08-16 04:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-16 20:52 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-16 20:52 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-16 20:52 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-16 20:52 - 2014-08-16 03:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-16 20:52 - 2014-08-16 03:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-16 20:52 - 2014-08-16 03:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-16 20:52 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-16 20:52 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-16 20:52 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-16 20:52 - 2014-08-16 01:30 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2014-10-16 20:52 - 2014-08-16 01:19 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2014-10-16 20:52 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-16 20:52 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-16 20:52 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-16 20:52 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-16 20:52 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-16 20:52 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-16 20:52 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-16 20:52 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-16 20:52 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-16 20:52 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 20:52 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-16 20:52 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-16 20:52 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-16 20:52 - 2014-08-16 00:20 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-16 20:52 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 20:52 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-16 20:52 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-16 20:52 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-16 20:52 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-16 20:52 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-16 20:52 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-16 20:52 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-16 20:52 - 2014-08-16 00:11 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-16 20:52 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-16 20:52 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-16 20:52 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-16 20:52 - 2014-07-31 23:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-14 15:57 - 2014-10-14 15:57 - 00000587 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 11:27 - 2014-03-18 21:01 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\ClassicShell
2014-11-05 11:27 - 2014-03-18 15:54 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-475818928-1566985967-3258346663-1001
2014-11-05 11:26 - 2014-03-18 15:48 - 01615964 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-05 11:23 - 2014-08-20 20:49 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 11:23 - 2014-03-18 20:58 - 00000000 ____D () C:\ProgramData\Origin
2014-11-05 11:23 - 2014-03-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-04 22:07 - 2014-03-18 21:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-04 22:02 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-04 21:59 - 2014-08-20 20:49 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-04 19:30 - 2014-03-18 21:47 - 00215416 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-11-04 13:35 - 2014-03-18 15:49 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-04 13:29 - 2014-04-10 18:55 - 00072668 _____ () C:\WINDOWS\PFRO.log
2014-11-04 13:29 - 2014-04-10 18:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-04 13:29 - 2014-03-18 21:00 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-11-04 13:29 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-04 12:59 - 2014-03-25 19:16 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-04 12:59 - 2014-03-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-04 00:06 - 2014-06-28 16:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-03 23:49 - 2014-03-18 15:48 - 00000000 ____D () C:\Users\DSW79\AppData\Local\VirtualStore
2014-11-03 23:35 - 2014-04-10 20:19 - 00000000 _RSHD () C:\Users\DSW79\z8g36di25wi81
2014-11-03 23:26 - 2013-08-22 15:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-11-03 20:17 - 2014-03-18 22:55 - 00000000 ____D () C:\Program Files (x86)\UOAssist
2014-11-03 18:33 - 2014-03-18 21:47 - 00215416 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-11-03 12:15 - 2014-02-15 19:39 - 00000000 ____D () C:\Users\DSW79\Documents\Respawn
2014-11-02 22:35 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-02 18:54 - 2014-04-10 18:55 - 00020035 _____ () C:\WINDOWS\setupact.log
2014-11-01 21:55 - 2014-03-18 15:47 - 00000000 ____D () C:\Users\DSW79
2014-11-01 17:44 - 2014-04-21 10:46 - 00183770 _____ () C:\WINDOWS\DirectX.log
2014-10-29 18:09 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-27 19:06 - 2014-03-18 23:09 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\vlc
2014-10-26 18:07 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-26 11:30 - 2014-03-18 22:06 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Ventrilo
2014-10-26 09:54 - 2014-08-20 20:49 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-26 09:54 - 2014-08-20 20:49 - 00003650 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 17:47 - 2014-04-10 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-22 17:47 - 2014-03-18 15:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-22 17:44 - 2014-03-18 15:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-17 17:21 - 2014-06-25 13:10 - 00000000 ____D () C:\ProgramData\Codemasters
2014-10-17 17:21 - 2014-04-06 15:14 - 00000000 ____D () C:\Users\DSW79\Documents\My Games
2014-10-17 11:04 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-17 10:32 - 2013-08-22 14:44 - 00484512 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 23:10 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-16 23:10 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-16 21:04 - 2013-08-22 15:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-16 21:03 - 2014-03-20 16:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-16 21:01 - 2014-03-20 16:39 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-16 16:54 - 2014-04-10 19:29 - 16886168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-10-16 16:54 - 2014-04-10 18:57 - 01538880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2014-10-16 16:54 - 2014-03-20 22:03 - 20968040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-10-16 16:54 - 2014-03-20 22:03 - 18499648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-10-16 16:54 - 2014-03-20 22:03 - 00987008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-10-16 16:54 - 2014-03-20 22:02 - 03237528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-10-16 16:54 - 2014-03-20 22:02 - 00027024 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-10-16 14:11 - 2014-04-10 18:48 - 06883136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-10-16 14:11 - 2014-04-10 18:48 - 03533632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-10-16 14:11 - 2014-04-10 18:48 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-10-16 14:11 - 2014-04-10 18:48 - 00933064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-10-16 14:11 - 2014-04-10 18:48 - 00384200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-10-16 14:11 - 2014-04-10 18:48 - 00061640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-10-15 00:48 - 2014-04-10 18:48 - 04047877 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-10-13 15:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

Some content of TEMP:
====================
C:\Users\DSW79\AppData\Local\Temp\ose00000.exe
C:\Users\DSW79\AppData\Local\Temp\WondersharePDFEditor3.6.2.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-04 10:53

==================== End Of Log ============================

Attached Files

Addition.txt 32.48KB 324 downloads
FRST.txt 47.35KB 145 downloads

#4
DSWuk

Posted 05 November 2014 - 05:39 AM

New Member

Topic Starter
Member
8 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by DSW79 at 2014-11-05 11:28:35
Running from C:\Users\DSW79\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Actual Multiple Monitors 8.0 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.0 - Actual Tools)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{FE5ABB0E-EDEA-4023-B0FB-9DEA39A98D76}) (Version: 0.8.7.3069 - BlueStack Systems, Inc.)
CCG Launcher version 0.6 (HKLM-x32\...\{28362054-F79B-4697-A246-3ECF730E7E9D}_is1) (Version: 0.6 - Custom Combat Gaming)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version: - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Game Long Name (HKLM\...\UDK-468047f4-7dcf-4278-abc5-b0afa7b38659) (Version: - Epic Games, Inc.)
Nectar Toolbar (HKLM-x32\...\Nectar Toolbar) (Version: 1.0.3 - AIMIA Coalition Loyalty UK Ltd)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.48 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
SABnzbd 0.7.18 (HKLM-x32\...\SABnzbd) (Version: 0.7.18 - The SABnzbd Team)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version: - Electronic Arts)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UOAssist (HKLM-x32\...\UOAssist) (Version: - )
UOCartographer 0.9 (HKLM-x32\...\UOCartographer 0.9) (Version: - UOCartographer.com)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

01-11-2014 17:43:32 Installed DirectX
03-11-2014 18:18:32 Installed Tt eSPORTS BLACK

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {343B9539-DD0A-4690-9751-C80A233E95B0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EBE12DE-6674-46E1-838A-FFC5AA302EEF} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-09-29] ()
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5FCC841C-44F7-4FB9-B377-3770E60E3C0E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D44BBD0-DC42-4F7C-81A1-9381251B69E7} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7522124E-67F0-4515-A0B3-F2D5BE034B87} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7987C088-EC6A-404C-977C-97E7A1F26972} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {957716FC-88F1-4468-8116-0A25C9149047} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A8CED03F-7620-44D9-A26F-0CFC4774543F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-20] (Google Inc.)
Task: {B99D78E5-CA40-46C2-BE4D-A0883D5F2A65} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {BDF1C4EA-9529-43E3-9EAC-8994E7A23E53} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB2DFE12-5742-459E-AFDA-A7085DAEA35D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-20] (Google Inc.)
Task: {F07B97FE-C72B-46C1-AB81-B0140FEC0E7C} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-28 17:10 - 2014-06-28 17:10 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2014-04-10 18:48 - 2014-10-16 14:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-07-15 04:44 - 2010-07-15 04:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-28 16:47 - 2014-01-21 15:41 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2014-06-28 16:47 - 2014-01-21 15:41 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-03-18 20:59 - 2014-11-04 19:29 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 02100360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 01923720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-08-01 21:13 - 2014-08-01 21:13 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2014-08-01 21:13 - 2014-08-01 21:13 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2014-08-01 21:13 - 2014-08-01 21:13 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-08-01 21:13 - 2014-08-01 21:13 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2014-08-01 21:13 - 2014-08-01 21:13 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2014-03-18 21:20 - 2014-05-06 10:24 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-03-18 21:20 - 2014-05-19 19:20 - 00103424 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll
2014-03-18 21:20 - 2014-05-19 19:20 - 00039424 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll
2014-03-18 21:20 - 2014-05-19 19:19 - 00038400 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll
2014-03-18 21:20 - 2014-05-19 19:20 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll
2014-03-18 21:20 - 2014-05-19 19:19 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00035976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-08-01 21:14 - 2014-08-01 21:14 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-08-01 21:14 - 2014-08-01 21:14 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-10-28 19:00 - 2014-10-22 04:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 19:00 - 2014-10-22 04:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 19:00 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 19:00 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 19:00 - 2014-10-22 04:04 - 00310088 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libexif.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKCU\...\StartupApproved\Run: => "ManyCam"
HKCU\...\StartupApproved\Run: => "Actual Multiple Monitors"

========================= Accounts: ==========================

Administrator (S-1-5-21-475818928-1566985967-3258346663-500 - Administrator - Disabled)
DSW79 (S-1-5-21-475818928-1566985967-3258346663-1001 - Administrator - Enabled) => C:\Users\DSW79
Guest (S-1-5-21-475818928-1566985967-3258346663-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-475818928-1566985967-3258346663-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2014 11:25:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/05/2014 11:24:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (11/05/2014 11:24:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/05/2014 11:23:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.2.0, time stamp: 0x53c9a9a0
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xe0434352
Fault offset: 0x000000000000606c
Faulting process id: 0x1198
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (11/05/2014 11:23:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException
Stack:
   at System.DateTime.Parse(System.String)
   at ..(.)
   at ..(.)
   at ..()

Error: (11/04/2014 01:31:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/04/2014 01:31:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/04/2014 01:29:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.2.0, time stamp: 0x53c9a9a0
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xe0434352
Fault offset: 0x000000000000606c
Faulting process id: 0x504
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (11/04/2014 01:29:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.FormatException
Stack:
   at System.DateTime.Parse(System.String)
   at ..(.)
   at ..(.)
   at ..()

Error: (11/04/2014 01:29:45 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

System errors:
=============
Error: (11/04/2014 10:54:58 AM) (Source: DCOM) (EventID: 10010) (User: DSW)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/04/2014 10:54:28 AM) (Source: DCOM) (EventID: 10010) (User: DSW)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/04/2014 10:18:47 AM) (Source: DCOM) (EventID: 10010) (User: DSW)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/04/2014 10:18:17 AM) (Source: DCOM) (EventID: 10010) (User: DSW)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/04/2014 00:00:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (11/03/2014 11:38:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (11/03/2014 11:35:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (11/03/2014 11:13:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error:
%%3758213659

Error: (11/03/2014 07:36:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/03/2014 04:44:39 PM) (Source: DCOM) (EventID: 10010) (User: DSW)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Microsoft Office Sessions:
=========================
Error: (11/05/2014 11:25:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/05/2014 11:24:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (11/05/2014 11:24:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/05/2014 11:23:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.2.053c9a9a0KERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c119801cff8eadabd0982C:\WINDOWS\AutoKMS\AutoKMS.exeC:\WINDOWS\system32\KERNELBASE.dll1b44e29f-64de-11e4-8292-902b34d75169

Error: (11/04/2014 01:31:05 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/04/2014 01:31:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (11/04/2014 01:29:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.2.053c9a9a0KERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c50401cff83364525447C:\WINDOWS\AutoKMS\AutoKMS.exeC:\WINDOWS\system32\KERNELBASE.dlla736ab86-6426-11e4-8292-902b34d75169

Error: (11/04/2014 01:29:45 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8080.89 MB
Available physical RAM: 5861.52 MB
Total Pagefile: 9360.89 MB
Available Pagefile: 6914.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.27 GB) (Free:15.86 GB) NTFS
Drive d: () (Fixed) (Total:298.09 GB) (Free:150.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Local Disk) (Fixed) (Total:931.39 GB) (Free:681.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A8C3E263)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

#5
DonnaB

Posted 05 November 2014 - 06:38 PM

Miss Congeniality

GeekU Moderator
8,529 posts

Hi DSWuk,

Please do the following:

Download attached fixlist.txt file found below. You'll have to save it to your Downloads folder since that is where FRST is located.

fixlist.txt 3.43KB 160 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will create a log (Fixlog.txt) in the Downloads folder. Please post it in your reply.

When done see if the issue is gone.

#6
DSWuk

Posted 06 November 2014 - 12:27 PM

New Member

Topic Starter
Member
8 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014

Ran by DSW79 at 2014-11-06 16:23:13 Run:1

Running from C:\Users\DSW79\Downloads

Loaded Profile: DSW79 (Available profiles: DSW79)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\RunOnce: [WindowsUpdate] => C:\Program Files (x86)\Windows Manager\winmgr.exe [41598976 2014-04-22] (Wondershare Software Co.,Ltd.)

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\Microsoft.com <===== ATTENTION

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\MountPoints2: {914b137f-5f6d-11e3-824b-806e6f6e6963} - "E:\autorun.exe"

IFEO\AvastSvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\AvastUI.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avcenter.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avconfig.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avgcsrvx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avgidsagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avgnt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avgrsx.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avguard.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avgwdsvc.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avp.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\avscan.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\bdagent.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\ccuac.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\ComboFix.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\egui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\hijackthis.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\instup.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\keyscrambler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\mbam.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\mbamgui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\mbampt.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\mbamscheduler.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\mbamservice.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\MpCmdRun.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\MSASCui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\MsMpEng.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\msseces.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\rstrui.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\spybotsd.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\taskman.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\wireshark.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

IFEO\zlclient.exe: [Debugger] C:\WINDOWS\system32\Microsoft.com

2014-11-03 19:32 - 2014-11-03 19:32 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Wondershare

2014-11-03 19:32 - 2014-11-03 19:32 - 00000000 ____D () C:\Users\DSW79\AppData\Local\Wondershare

2014-11-03 19:31 - 2014-11-05 11:23 - 00000000 __SHD () C:\ProgramData\Windows Manager

2014-11-03 23:49 - 2014-11-04 00:05 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager

2014-11-03 19:31 - 2014-04-22 18:28 - 41598976 __RSH (Wondershare Software Co.,Ltd. ) C:\WINDOWS\SysWOW64\Microsoft.com

2014-11-03 19:31 - 2014-04-22 18:28 - 41598976 __RSH (Wondershare Software Co.,Ltd. ) C:\ProgramData\Microsoft.com

C:\WINDOWS\SysWOW64\Microsoft.com

C:\Program Files (x86)\Windows Manager\winmgr.exe

C:\ProgramData\Windows Manager

C:\ProgramData\Microsoft.com

C:\Users\DSW79\AppData\Local\Temp\ose00000.exe

C:\Users\DSW79\AppData\Local\Temp\WondersharePDFEditor3.6.2.exe

*****************

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WindowsUpdate => value deleted successfully.

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.

"HKU\S-1-5-21-475818928-1566985967-3258346663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{914b137f-5f6d-11e3-824b-806e6f6e6963}" => Key deleted successfully.

"HKCR\CLSID\{914b137f-5f6d-11e3-824b-806e6f6e6963}" => Key not found.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskman.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => Key deleted successfully.

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => Key deleted successfully.

C:\Users\DSW79\AppData\Roaming\Wondershare => Moved successfully.

C:\Users\DSW79\AppData\Local\Wondershare => Moved successfully.

C:\ProgramData\Windows Manager => Moved successfully.

"C:\Program Files (x86)\Windows Manager" directory move:

C:\Program Files (x86)\Windows Manager\3818273 => Moved successfully.

Could not move "C:\Program Files (x86)\Windows Manager\winmgr.exe" => Scheduled to move on reboot.

Could not move "C:\Program Files (x86)\Windows Manager" directory. => Scheduled to move on reboot.

C:\WINDOWS\SysWOW64\Microsoft.com => Moved successfully.

C:\ProgramData\Microsoft.com => Moved successfully.

"C:\WINDOWS\SysWOW64\Microsoft.com" => File/Directory not found.

Could not move "C:\Program Files (x86)\Windows Manager\winmgr.exe" => Scheduled to move on reboot.

"C:\ProgramData\Windows Manager" => File/Directory not found.

"C:\ProgramData\Microsoft.com" => File/Directory not found.

C:\Users\DSW79\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\DSW79\AppData\Local\Temp\WondersharePDFEditor3.6.2.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-06 16:23:45)<=

C:\Program Files (x86)\Windows Manager\winmgr.exe => Is moved successfully.

C:\Program Files (x86)\Windows Manager => Is moved successfully.

C:\Program Files (x86)\Windows Manager\winmgr.exe => Is moved successfully.

==== End of Fixlog ====

Attached Files

Fixlog.txt 9.8KB 166 downloads

#7
DonnaB

Posted 06 November 2014 - 04:40 PM

Miss Congeniality

GeekU Moderator
8,529 posts

Hi DSWuk,

How's the machine behaving now?

A little bit more to check out here.....

Please download AdwCleaner by Xplode and save to your Desktop.

Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
Click the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.]
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Next:

MalwareBytes Antirootkit Tool
- Download Malwarebytes Anti-Rootkit from HERE
- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
Next:

Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
Next:

Please run FRST again and provide the resultant log for my viewing pleasure.

In your next reply, please post the following logs:
AdwCleaner[S0].txt
mbar-log.txt
system-log.txt
checkup.txt

#8
DSWuk

Posted 07 November 2014 - 12:02 PM

New Member

Topic Starter
Member
8 posts

yep its gone.

I have done what you have asked.

i cant seem to install AVG, apart from that all ok

Attached Files

mbar-log-2014-11-07 (15-24-41).txt 2.47KB 116 downloads
mbar-log-2014-11-07 (15-31-15).txt 1.98KB 127 downloads
AdwCleanerS0.txt 2.86KB 143 downloads
system-log.txt 137.25KB 157 downloads
checkup.txt 858bytes 140 downloads

#9
DSWuk

Posted 07 November 2014 - 12:03 PM

New Member

Topic Starter
Member
8 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014

Ran by DSW79 (administrator) on DSW on 07-11-2014 18:03:03

Running from C:\Users\DSW79\Downloads

Loaded Profile: DSW79 (Available profiles: DSW79)

Platform: Windows 8.1 Enterprise (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\System32\PnkBstrA.exe

(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe

(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [819984 2014-03-13] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-04] (Electronic Arts)

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [Actual Multiple Monitors] => "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

Startup: C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk

ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)

Startup: C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk

ShortcutTarget: start.lnk -> C:\Users\DSW79\z8g36di25wi81\43455.vbs ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={FCA84EB8-624D-4F05-9C15-7F68C6D304FA}&mid=71faee80e0e247d2a1f441627233b89a-7d03489fdaec6857f67b2f3520a73aa5b9aae52c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-30 15:40:51&v=18.1.9.786&pid=safeguard&sg=&sap=hp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F5D4B7DEC42CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default

FF SelectedSearchEngine: Google

FF Homepage: google.com

FF Keyword.URL:

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Nectar Toolbar - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\{EBB6A13A-F162-47D8-8BAE-B587C99A6C0E} [2014-07-05]

FF Extension: Classic Theme Restorer - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-05-14]

FF Extension: Classic Reload-Stop-Go Button - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\crsg@ArisT2_Noia4dev.xpi [2014-03-18]

FF Extension: nzbdStatus - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-03-18]

FF Extension: translator - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-03-19]

FF Extension: 1-Click YouTube Video Downloader - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\[email protected] [2014-06-19]

FF Extension: Adblock Plus - C:\Users\DSW79\AppData\Roaming\Mozilla\Firefox\Profiles\4tpo4y77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-18]

Chrome:

=======

CHR HomePage: Default -> hxxp://google.com/

CHR StartupUrls: Default -> "hxxp://google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20]

CHR Extension: (Google Drive) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]

CHR Extension: (YouTube) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20]

CHR Extension: (Google Cast) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-08-20]

CHR Extension: (Adblock Plus) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-20]

CHR Extension: (Google Search) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20]

CHR Extension: (Google Cast (Beta)) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2014-08-29]

CHR Extension: (Excel Online) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-08-23]

CHR Extension: (Nectar Toolbar) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgkojhokdikmakapclkdoagjnghgpphm [2014-08-29]

CHR Extension: (TCast Beta) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\khmmfodkjhnilmceocmpadlkpahakhdi [2014-08-29]

CHR Extension: (Google Wallet) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]

CHR Extension: (Gmail) - C:\Users\DSW79\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-14] () [File not signed]

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-03-13] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-03-13] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [770832 2014-03-13] (BlueStack Systems, Inc.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)

R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-06-28] ()

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-09] ()

R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2013-08-22] (Microsoft Corporation)

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [121616 2014-03-13] (BlueStack Systems)

R3 DroidCam; C:\Windows\system32\DRIVERS\droidcam.sys [32568 2014-06-25] (Dev47Apps)

R3 DroidCamVideo; C:\Windows\system32\DRIVERS\droidcamvideo.sys [229176 2014-06-25] (Windows ® Win 7 DDK provider)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)

S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-11-04] ()

S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-27] (Visicom Media Inc.)

S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)

R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-10-30] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-10-08] (C-Media Electronics Inc)

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 18:01 - 2014-11-07 18:01 - 00000858 _____ () C:\Users\DSW79\Desktop\checkup.txt

2014-11-07 15:25 - 2014-11-07 15:25 - 00854448 _____ () C:\Users\DSW79\Downloads\SecurityCheck.exe

2014-11-07 15:24 - 2014-11-07 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-11-07 15:24 - 2014-11-07 15:31 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-11-07 15:23 - 2014-11-07 15:36 - 00000000 ____D () C:\Users\DSW79\Desktop\mbar

2014-11-07 15:23 - 2014-11-07 15:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\DSW79\Downloads\mbar-1.07.0.1012.exe

2014-11-07 15:23 - 2014-11-07 15:23 - 01375089 _____ () C:\Users\DSW79\Downloads\AdwCleaner (1).exe

2014-11-07 15:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-11-07 15:18 - 2014-11-07 15:22 - 00000000 ____D () C:\AdwCleaner

2014-11-07 15:18 - 2014-11-07 15:18 - 01375089 _____ () C:\Users\DSW79\Downloads\AdwCleaner.exe

2014-11-06 19:28 - 2014-11-06 19:28 - 00002149 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk

2014-11-06 19:27 - 2014-11-06 19:27 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp

2014-11-06 19:27 - 2014-10-30 00:56 - 00614728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2014-11-06 19:26 - 2014-10-30 04:53 - 31890064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 24554824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 20922696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 19966856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 17258696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 14029400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 13942368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 13189832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

2014-11-06 19:26 - 2014-10-30 04:53 - 11395672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 11333848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 04289856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 04011840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 02849224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434460.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434460.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00961224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00932168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00922944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00896144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00870112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00833680 _____ () C:\WINDOWS\system32\nvmcumd.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00502080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00416912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00391824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00349504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00100496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll

2014-11-06 19:26 - 2014-10-30 04:53 - 00039056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys

2014-11-06 16:40 - 2014-11-06 16:41 - 00305664 _____ (Secure By Design Inc.) C:\Users\DSW79\Downloads\Ninite AVG Installer.exe

2014-11-06 16:27 - 2014-11-06 16:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\DSW79\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-06 16:27 - 2014-10-30 11:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-11-06 16:22 - 2014-11-07 18:03 - 00018900 _____ () C:\Users\DSW79\Downloads\FRST.txt

2014-11-06 16:22 - 2014-11-06 16:22 - 00033256 _____ () C:\Users\DSW79\Downloads\Addition.txt

2014-11-06 16:21 - 2014-11-06 16:21 - 02114560 _____ (Farbar) C:\Users\DSW79\Downloads\FRST64.exe

2014-11-05 18:51 - 2014-11-05 18:51 - 00000000 ____D () C:\Users\DSW79\AppData\Local\CrashDumps

2014-11-04 13:28 - 2014-11-04 13:29 - 00000000 ____D () C:\Program Files (x86)\RegTweaker

2014-11-04 13:21 - 2014-11-07 18:03 - 00000000 ____D () C:\FRST

2014-11-04 12:08 - 2014-11-04 12:47 - 00000000 ____D () C:\VIPRERESCUE

2014-11-04 12:08 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys

2014-11-04 12:08 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys

2014-11-04 10:08 - 2014-11-04 10:09 - 00000000 ____D () C:\Program Files (x86)\UnHackMe

2014-11-04 10:08 - 2014-11-04 10:08 - 00000002 RSHOT () C:\WINDOWS\winstart.bat

2014-11-04 10:08 - 2014-11-04 10:08 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\CONFIG.NT

2014-11-04 10:08 - 2014-11-04 10:08 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\AUTOEXEC.NT

2014-11-04 10:08 - 2014-11-04 10:08 - 00000000 ____D () C:\Users\DSW79\Documents\RegRun2

2014-11-04 09:39 - 2014-11-04 09:40 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-11-04 09:39 - 2014-11-04 09:39 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-11-04 00:04 - 2014-11-07 15:30 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-11-04 00:04 - 2014-11-04 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-04 00:04 - 2014-11-04 00:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-04 00:04 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-11-04 00:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-11-04 00:02 - 2014-11-05 19:44 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager

2014-11-04 00:02 - 2014-11-04 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

2014-11-03 23:58 - 2014-11-04 00:00 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys

2014-11-03 23:49 - 2014-11-07 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-03 23:35 - 2014-11-04 00:00 - 00005254 _____ () C:\WINDOWS\system32\.crusader

2014-11-03 23:33 - 2014-11-03 23:35 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-11-03 18:18 - 2014-11-03 18:18 - 00000000 ____D () C:\Users\DSW79\Documents\Black

2014-11-02 19:19 - 2014-11-02 19:19 - 00000000 ____D () C:\Users\DSW79\AppData\Local\Adobe

2014-11-01 18:06 - 2014-11-01 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall

2014-10-31 17:07 - 2014-11-01 20:30 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Curse Client

2014-10-31 17:07 - 2014-10-31 17:07 - 00001030 _____ () C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk

2014-10-31 17:07 - 2014-10-31 17:07 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Curse

2014-10-22 17:47 - 2014-10-22 17:47 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-10-22 17:46 - 2014-10-16 16:54 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

2014-10-22 17:46 - 2014-10-16 16:54 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll

2014-10-22 17:45 - 2014-10-30 04:53 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll

2014-10-22 17:45 - 2014-10-16 16:54 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434448.dll

2014-10-22 17:45 - 2014-10-16 16:54 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434448.dll

2014-10-22 17:43 - 2014-09-04 19:14 - 00038048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

2014-10-22 17:43 - 2014-09-04 19:14 - 00032416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2014-10-16 20:54 - 2014-09-27 22:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-10-16 20:53 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-10-16 20:53 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-10-16 20:53 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-10-16 20:53 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-10-16 20:53 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-10-16 20:53 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-10-16 20:53 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-10-16 20:53 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-10-16 20:53 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-10-16 20:53 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-10-16 20:53 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-10-16 20:53 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-10-16 20:53 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-10-16 20:53 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-10-16 20:53 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-10-16 20:53 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-10-16 20:53 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-10-16 20:53 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-10-16 20:53 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-10-16 20:53 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-10-16 20:53 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-10-16 20:53 - 2014-09-19 00:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-10-16 20:53 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-10-16 20:53 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-10-16 20:53 - 2014-09-19 00:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-10-16 20:53 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-10-16 20:53 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-10-16 20:53 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-10-16 20:53 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-10-16 20:53 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-10-16 20:52 - 2014-09-13 06:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll

2014-10-16 20:52 - 2014-09-13 05:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll

2014-10-16 20:52 - 2014-09-08 03:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-10-16 20:52 - 2014-09-08 01:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-10-16 20:52 - 2014-09-08 01:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-10-16 20:52 - 2014-09-08 00:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2014-10-16 20:52 - 2014-09-08 00:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2014-10-16 20:52 - 2014-09-08 00:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-10-16 20:52 - 2014-09-08 00:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-10-16 20:52 - 2014-09-08 00:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-10-16 20:52 - 2014-09-08 00:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-10-16 20:52 - 2014-09-08 00:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-10-16 20:52 - 2014-09-07 23:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2014-10-16 20:52 - 2014-09-07 23:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2014-10-16 20:52 - 2014-09-07 23:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-10-16 20:52 - 2014-09-07 23:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-10-16 20:52 - 2014-09-04 00:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2014-10-16 20:52 - 2014-09-04 00:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2014-10-16 20:52 - 2014-08-29 01:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll

2014-10-16 20:52 - 2014-08-29 01:32 - 02779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2014-10-16 20:52 - 2014-08-29 00:59 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2014-10-16 20:52 - 2014-08-28 23:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-10-16 20:52 - 2014-08-28 23:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-10-16 20:52 - 2014-08-16 04:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-10-16 20:52 - 2014-08-16 04:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-10-16 20:52 - 2014-08-16 04:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2014-10-16 20:52 - 2014-08-16 03:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2014-10-16 20:52 - 2014-08-16 03:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-10-16 20:52 - 2014-08-16 03:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2014-10-16 20:52 - 2014-08-16 03:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-10-16 20:52 - 2014-08-16 03:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-10-16 20:52 - 2014-08-16 03:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2014-10-16 20:52 - 2014-08-16 01:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2014-10-16 20:52 - 2014-08-16 01:30 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe

2014-10-16 20:52 - 2014-08-16 01:19 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe

2014-10-16 20:52 - 2014-08-16 01:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll

2014-10-16 20:52 - 2014-08-16 00:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2014-10-16 20:52 - 2014-08-16 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2014-10-16 20:52 - 2014-08-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll

2014-10-16 20:52 - 2014-08-16 00:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2014-10-16 20:52 - 2014-08-16 00:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll

2014-10-16 20:52 - 2014-08-16 00:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2014-10-16 20:52 - 2014-08-16 00:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2014-10-16 20:52 - 2014-08-16 00:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll

2014-10-16 20:52 - 2014-08-16 00:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-16 20:52 - 2014-08-16 00:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-10-16 20:52 - 2014-08-16 00:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-10-16 20:52 - 2014-08-16 00:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-10-16 20:52 - 2014-08-16 00:20 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-10-16 20:52 - 2014-08-16 00:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-10-16 20:52 - 2014-08-16 00:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-10-16 20:52 - 2014-08-16 00:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-10-16 20:52 - 2014-08-16 00:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-10-16 20:52 - 2014-08-16 00:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-10-16 20:52 - 2014-08-16 00:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-10-16 20:52 - 2014-08-16 00:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-10-16 20:52 - 2014-08-16 00:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-10-16 20:52 - 2014-08-16 00:11 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-10-16 20:52 - 2014-08-16 00:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-10-16 20:52 - 2014-08-16 00:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-10-16 20:52 - 2014-08-16 00:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-10-16 20:52 - 2014-07-31 23:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-10-14 15:57 - 2014-10-14 15:57 - 00000587 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 18:01 - 2014-03-18 21:01 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\ClassicShell

2014-11-07 17:59 - 2014-08-20 20:49 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-07 17:17 - 2014-03-18 15:48 - 01924806 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-07 17:07 - 2014-03-18 21:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-11-07 17:00 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-11-07 15:45 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-11-07 15:42 - 2014-03-18 15:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-475818928-1566985967-3258346663-1001

2014-11-07 15:36 - 2014-03-18 15:49 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-11-07 15:30 - 2014-08-20 20:49 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-07 15:30 - 2014-04-10 18:55 - 00073764 _____ () C:\WINDOWS\PFRO.log

2014-11-07 15:30 - 2014-04-10 18:48 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-11-07 15:30 - 2014-03-18 21:00 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-11-07 15:30 - 2014-03-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-11-07 15:30 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\Resources

2014-11-07 15:30 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-11-07 15:15 - 2014-03-18 20:58 - 00000000 ____D () C:\ProgramData\Origin

2014-11-06 19:47 - 2014-03-18 20:58 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-06 19:28 - 2014-04-10 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-11-06 19:27 - 2014-04-10 18:55 - 00020241 _____ () C:\WINDOWS\setupact.log

2014-11-06 19:27 - 2014-03-18 15:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-11-06 18:22 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-11-05 15:49 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-11-05 12:19 - 2013-08-22 15:20 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-11-05 12:19 - 2013-08-22 11:32 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll

2014-11-04 19:30 - 2014-03-18 21:47 - 00215416 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe

2014-11-04 12:59 - 2014-03-25 19:16 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-11-04 00:06 - 2014-06-28 16:47 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-03 23:49 - 2014-03-18 15:48 - 00000000 ____D () C:\Users\DSW79\AppData\Local\VirtualStore

2014-11-03 23:35 - 2014-04-10 20:19 - 00000000 _RSHD () C:\Users\DSW79\z8g36di25wi81

2014-11-03 23:26 - 2013-08-22 15:36 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2014-11-03 20:17 - 2014-03-18 22:55 - 00000000 ____D () C:\Program Files (x86)\UOAssist

2014-11-03 18:33 - 2014-03-18 21:47 - 00215416 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0

2014-11-03 12:15 - 2014-02-15 19:39 - 00000000 ____D () C:\Users\DSW79\Documents\Respawn

2014-11-02 22:35 - 2013-08-22 13:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-11-01 21:55 - 2014-03-18 15:47 - 00000000 ____D () C:\Users\DSW79

2014-11-01 17:44 - 2014-04-21 10:46 - 00183770 _____ () C:\WINDOWS\DirectX.log

2014-10-30 04:53 - 2014-04-10 19:29 - 16886168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll

2014-10-30 04:53 - 2014-03-20 22:03 - 20966504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll

2014-10-30 04:53 - 2014-03-20 22:03 - 18497600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll

2014-10-30 04:53 - 2014-03-20 22:03 - 00987008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll

2014-10-30 04:53 - 2014-03-20 22:02 - 03237528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2014-10-30 04:53 - 2014-03-20 22:02 - 00027024 _____ () C:\WINDOWS\system32\nvinfo.pb

2014-10-30 02:10 - 2014-04-10 18:48 - 06880968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2014-10-30 02:10 - 2014-04-10 18:48 - 03533632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2014-10-30 02:10 - 2014-04-10 18:48 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2014-10-30 02:10 - 2014-04-10 18:48 - 00935232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe

2014-10-30 02:10 - 2014-04-10 18:48 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2014-10-30 02:10 - 2014-04-10 18:48 - 00061640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

2014-10-27 19:06 - 2014-03-18 23:09 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\vlc

2014-10-27 00:34 - 2014-04-10 18:48 - 04066553 _____ () C:\WINDOWS\system32\nvcoproc.bin

2014-10-26 11:30 - 2014-03-18 22:06 - 00000000 ____D () C:\Users\DSW79\AppData\Roaming\Ventrilo

2014-10-26 09:54 - 2014-08-20 20:49 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-26 09:54 - 2014-08-20 20:49 - 00003650 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-22 17:44 - 2014-03-18 15:50 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-10-17 17:21 - 2014-06-25 13:10 - 00000000 ____D () C:\ProgramData\Codemasters

2014-10-17 17:21 - 2014-04-06 15:14 - 00000000 ____D () C:\Users\DSW79\Documents\My Games

2014-10-17 10:32 - 2013-08-22 14:44 - 00484512 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-10-16 23:10 - 2013-08-22 15:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-10-16 23:10 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-10-16 21:03 - 2014-03-20 16:39 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-10-16 21:01 - 2014-03-20 16:39 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-10-16 16:54 - 2014-04-10 18:57 - 01538880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll

2014-10-13 15:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

Some content of TEMP:

====================

C:\Users\DSW79\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\DSW79\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\DSW79\AppData\Local\Temp\nvStInst.exe

C:\Users\DSW79\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 11:39

==================== End Of Log ============================

#10
DonnaB

Posted 07 November 2014 - 07:38 PM

Miss Congeniality

GeekU Moderator
8,529 posts

yep its gone.

Excellent!

i cant seem to install AVG,

Please explain what troubles you are having.

There are a couple more things that need to be removed. Please do the following same as before:

Download attached fixlist.txt file. You'll have to save it to your Downloads folder since that is where FRST is located.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

fixlist.txt 940bytes 136 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will create a log (Fixlog.txt) in the Downloads folder. Please post it in your reply.

#11
DSWuk

Posted 08 November 2014 - 01:35 PM

New Member

Topic Starter
Member
8 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01

Ran by DSW79 at 2014-11-08 19:30:15 Run:2

Running from C:\Users\DSW79\Downloads

Loaded Profile: DSW79 (Available profiles: DSW79)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2007392 2014-04-01] (Wondershare)

C:\Program Files (x86)\Common Files\Wondershare

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2374784 2014-08-23] (Microsoft Corporation) <==== ATTENTION

U0 Partizan; system32\drivers\Partizan.sys [X]

C:\Users\DSW79\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\DSW79\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\DSW79\AppData\Local\Temp\nvStInst.exe

C:\Users\DSW79\AppData\Local\Temp\Quarantine.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value deleted successfully.

C:\Program Files (x86)\Common Files\Wondershare => Moved successfully.

HKU\S-1-5-21-475818928-1566985967-3258346663-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

Partizan => Service deleted successfully.

C:\Users\DSW79\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.

C:\Users\DSW79\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.

C:\Users\DSW79\AppData\Local\Temp\nvStInst.exe => Moved successfully.

C:\Users\DSW79\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

I got AVG to install now.

all seems good so far,

I haven't said thanks yet, so .... Thank you! that thing really went to town on my pc.

Attached Files

Fixlog.txt 2.04KB 133 downloads

#12
DonnaB

Posted 08 November 2014 - 06:28 PM

Miss Congeniality

GeekU Moderator
8,529 posts

Oh yes! Lookin' good!!

Glad to hear that you got AVG to install.

I haven't said thanks yet, so .... Thank you! that thing really went to town on my pc.

You're most welcome!!

Isn't it amazing what damage one bad download can cause.

I am going to have you run one more scan before I remove my tools and send you on your merry way to make sure all the nasties are gone. It has been awhile since I have double checked to ensure the following instructions are spot on, if not, they should be very close.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Please be patient, this scan may take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)