Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC keeps restarting (BSOD) and sometimes won't boot [Solved]


  • This topic is locked This topic is locked

#1
JoeBenyon

JoeBenyon

    Member

  • Member
  • PipPipPip
  • 153 posts

My computer keeps restarting after roughly 5 minutes of being logged in. Also sometimes whilst windows is starting up it can freeze such as in the login screen, the mouse was still moving though. In safe mode the computer works fine and doesn't have any problems. I did a full scan with norton in safe mode and 2 'virus' were found and resolved but that didn't seem to fix it.

 

I did a Threat scan with malwarebytes whilst in safe mode and here is the log:Attached File  malwareresult.txt   7.43KB   159 downloads

 

It found 1 threat and fixed it but it doesn't seem to have made a difference. I'm not sure but the cause of the malware might have been the PC repair shop I sent my PC to. After fixing my PSU they returned my PC to me and I noticed that they had Uninstalled my Norton Antivirus and removed all my system restore points. I'm not sure if they had deliberately given me malware in order for me to pay them to remove it, as this is a service they offer.

 

The post here is investigating if it is a hardware issue.


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings JoeBenyon and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.png Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
  • Right click frst.png to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below


Drivers MD5
Shortcut.txt
Addition.txt

frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Items I need to see in your next post:

  • FRST.txt
  • Shortcut.txt
  • Addition.txt

 


  • 0

#3
JoeBenyon

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Hi, thanks for the assistance, here are the logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Joey (administrator) on JOEY-PC on 01-12-2014 16:36:48
Running from C:\Users\Joey\Documents\dumps
Loaded Profile: Joey (Available profiles: Joey)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\Run: [Clownfish] =>                                                                                                                                                                                                          (the data entry has 824 more characters).
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.3.1.22
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=20.3.1.22
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {C0BFD167-FAD9-477C-A6AE-A7424F71D686} URL = 
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> {1A4AA1F9-B855-4D77-93B1-E58948DEC367} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> {8D7BB901-9EAA-4C2F-AD9B-F809F8A00828} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=GB&ver=21&locale=en_GB&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> {C0BFD167-FAD9-477C-A6AE-A7424F71D686} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN21750495851226563&UM=2&SSPV=TB_T2
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2828569535-3307695315-1286302524-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2828569535-3307695315-1286302524-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-07-07]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2014-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2014-11-30]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Heroes & Generals) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-10]
CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\Exts\Chrome.crx [2014-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [202752 2010-05-20] (AMD) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] () [File not signed]
S4 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [122584 2014-11-11] (altPUG LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-10-21] (EasyAntiCheat Ltd)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1570208 2013-11-29] (Echobit LLC)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe [143928 2012-08-19] (Symantec Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-13] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-17] ()
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6368256 2010-05-20] (ATI Technologies Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [188416 2010-05-20] (Advanced Micro Devices, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-05-20] (ATI Technologies, Inc.) [File not signed]
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [1385120 2012-08-11] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1401000.018\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-29] (Symantec Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-07-13] (Echobit, LLC)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-01-11] (REALiX(tm))
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20141128.001\IDSvia64.sys [637656 2014-11-28] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141128.018\ENG64.SYS [129752 2014-11-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141128.018\EX64.SYS [2137304 2014-11-29] (Symantec Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0114.sys [28768 2013-10-28] (SoftEther Project at University of Tsukuba, Japan.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1401000.018\SRTSP64.SYS [776352 2012-08-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1401000.018\SRTSPX64.SYS [37496 2012-05-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1401000.018\SYMDS64.SYS [493216 2012-07-28] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1401000.018\SYMEFA64.SYS [1132192 2012-08-08] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-11-29] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1401000.018\Ironx64.SYS [224416 2012-07-28] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\N360x64\1401000.018\SYMNETS.SYS [432800 2012-07-23] (Symantec Corporation)
S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [33552 2012-08-22] (Windows (R) Win 7 DDK provider)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Joey\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S0 ctbhpnq; System32\drivers\kwijvpf.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ESEADriver2; \??\C:\Users\Joey\AppData\Local\Temp\ESEADriver2.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\CAM\CAM\CAM\CAM_Client.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atipmdag.sys 9337B5FABC03CA44CD355F700DA9B25B
C:\Windows\System32\DRIVERS\atikmpag.sys 560688A447E7A87F43774A2FF23A3E52
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 80B9412C4DE09147581FC935FB4C97AB
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\AsIO.sys A82C01606DC27D05D9D3BFB6BB807E32
C:\Windows\System32\DRIVERS\asmthub3.sys 22842362DF890F5492F85AA60916A697
C:\Windows\System32\DRIVERS\asmtxhci.sys 08E2D77766CC05E75A0707207D9FC684
C:\Windows\SysWow64\drivers\AsUpIO.sys 26D66E32E78D3059715B3A17BC679CD9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\atikmdag.sys 3EFD964D52221360AF0673CD61C2F4F5
C:\Windows\System32\DRIVERS\AtiPcie.sys C07A040D6B5A42DD41EE386CF90974C8
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys E99F59342171101EE2446D0CD1A60A8D
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360x64\1401000.018\ccSetx64.sys A5C13600F63EB92F8D15123D64BA9895
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 4353FF94D47A0A9D52B89ECCF0CDB013
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 142EA7DF1851C563571F2DCFC7AFBB40
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\evolve.sys A0539478593A00AA64E600CF7E19F195
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\GameKB.sys F5D15F93007259AFD6FC2DEC420132A1
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\system32\drivers\HWiNFO64A.SYS D7E0591E2BA1289C875A9D948377441E
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20141128.001\IDSvia64.sys B463A82741E67093B7DBAE8D460159D0
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LUsbFilt.Sys 97355D9AAC9EC42A7DFC9664F81FC699
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 19B006B181E3875FD254F7B67ACF1E7C
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141128.018\ENG64.SYS C180A82874D3CDC390A27F2F1E1AF025
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141128.018\EX64.SYS E66CA6C321614D7BC0AFC9C8436131B9
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Neo_0114.sys AC9AE6D15307A627D5F8574A3A788525
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\drivers\nvvad64v.sys 92E4BEE1A9EC0572F794B5BAECC0B599
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 946010CDFA91469351B22E2620CEBCD8
C:\Windows\System32\drivers\PLTGC.sys 542D7B8CD0487DB1C5EEA7E46BB9F1C1
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\System32\DRIVERS\ptun0901.sys E191D37BBA4BC9F57C8967D00DEFAD9B
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 3713DACCA1025B05A6343104112708D9
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys 6FAC52B8F98795243D836BF6CCCAFB23
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\SysWow64\speedfan.sys 0FFE35F0B0CD5A324BBE22F02569AE3B
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\system32\drivers\N360x64\1401000.018\SRTSP64.SYS B2FE88C5E621C8345CC9BAC5CFD366B0
C:\Windows\system32\drivers\N360x64\1401000.018\SRTSPX64.SYS 1B884D876E87EABF5A3356BBD7321412
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360x64\1401000.018\SYMDS64.SYS 688BBE78970E639BC1D66AE733394DCF
C:\Windows\System32\drivers\N360x64\1401000.018\SYMEFA64.SYS A17EE0D0D762CC9B56FB9218D7089AFB
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F5D6D3B7468C46EA2DDC1D19D2A6DA0F
C:\Windows\system32\drivers\N360x64\1401000.018\Ironx64.SYS ADF37F1A715D6C56C8E065FD8569A9A4
C:\Windows\system32\drivers\N360x64\1401000.018\SYMNETS.SYS 1605EBD8CB86AFC4430116065995279A
C:\Windows\System32\DRIVERS\tap0901.sys 3C32FF010F869BC184DF71290477384E
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\drivers\tsvadpcm.sys 925F2BBD56B7125EDBD71FACD8BA6B96
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vasdDev.sys 34812F7FAAFE329D15F55C4EB6DB44DA
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viahduaa.sys EECF5B7210D773F3501CEDA848D53D31
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 16:36 - 2014-12-01 16:36 - 00000000 ____D () C:\FRST
2014-12-01 16:35 - 2014-12-01 16:35 - 02117120 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe
2014-11-30 21:49 - 2014-11-30 21:49 - 00262144 ____N () C:\Windows\Minidump\113014-26473-01.dmp
2014-11-30 15:33 - 2014-11-30 15:33 - 00001011 _____ () C:\Users\Joey\Desktop\SpeedFan.lnk
2014-11-30 15:33 - 2014-11-30 15:33 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-11-30 15:33 - 2014-11-30 15:33 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-11-30 15:33 - 2014-11-30 15:33 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-30 15:33 - 2014-11-30 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-30 15:33 - 2002-01-01 18:47 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-11-30 15:32 - 2014-11-30 15:32 - 02174848 _____ () C:\Users\Joey\Downloads\instsf450.exe
2014-11-30 15:25 - 2014-11-30 15:25 - 01141408 _____ ( ) C:\Users\Joey\Downloads\hwmonitor_1.25-setup.exe
2014-11-30 15:25 - 2014-11-30 15:25 - 00798040 _____ ( ) C:\Users\Joey\Downloads\instsf450_inst.exe
2014-11-30 15:20 - 2014-11-30 15:20 - 00262144 ____N () C:\Windows\Minidump\113014-48204-01.dmp
2014-11-30 14:30 - 2014-11-30 14:30 - 00262144 ____N () C:\Windows\Minidump\113014-23836-01.dmp
2014-11-30 13:23 - 2014-12-01 16:36 - 00000000 ____D () C:\Users\Joey\Documents\dumps
2014-11-30 12:31 - 2014-11-30 12:31 - 00007613 _____ () C:\malwareresult.txt
2014-11-30 12:11 - 2014-11-30 13:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 12:11 - 2014-11-30 12:11 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Joey\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-30 12:11 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 12:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-30 12:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-30 11:59 - 2014-11-30 11:59 - 00262144 ____N () C:\Windows\Minidump\113014-52431-01.dmp
2014-11-29 23:42 - 2013-06-16 12:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-29 23:42 - 2013-06-16 12:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-29 23:42 - 2013-05-14 19:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-29 23:42 - 2013-05-14 19:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-29 23:42 - 2013-05-14 19:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-29 23:42 - 2013-01-29 08:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-29 23:25 - 2014-11-29 23:25 - 00850109 _____ () C:\Users\Joey\Downloads\M5A78L-M-USB3-ASUS-2001.zip
2014-11-29 19:48 - 2014-11-30 13:03 - 00007122 _____ () C:\Windows\PFRO.log
2014-11-29 19:36 - 2014-11-29 19:37 - 00000000 ____D () C:\NPE
2014-11-29 19:31 - 2014-11-29 19:57 - 00000000 ____D () C:\Users\Joey\AppData\Local\NPE
2014-11-29 19:30 - 2014-11-29 19:30 - 00262144 ____N () C:\Windows\Minidump\112914-28813-01.dmp
2014-11-29 19:29 - 2014-11-30 21:54 - 00126736 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 19:29 - 2014-11-29 19:30 - 03060320 ____N (Symantec Corporation) C:\Users\Joey\Downloads\NPE.exe
2014-11-29 19:26 - 2014-11-29 19:26 - 00262144 ____N () C:\Windows\Minidump\112914-41870-01.dmp
2014-11-29 19:25 - 2014-12-01 16:29 - 00003949 _____ () C:\Windows\setupact.log
2014-11-29 19:25 - 2014-11-29 19:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-29 18:37 - 2014-11-29 18:37 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-11-29 18:35 - 2014-11-29 18:35 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-29 18:28 - 2014-11-29 18:28 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-29 18:28 - 2014-11-29 18:28 - 00007466 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-29 18:28 - 2014-11-29 18:28 - 00000000 ____D () C:\Program Files\Symantec
2014-11-29 18:28 - 2014-11-29 18:28 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-29 18:26 - 2014-11-29 18:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-11-29 18:26 - 2014-11-29 18:26 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-11-29 18:26 - 2014-11-29 18:26 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-11-29 18:12 - 2014-11-29 18:12 - 00000000 ____D () C:\8836e1e23024d4b6e1
2014-11-29 17:42 - 2014-11-29 23:42 - 00000000 ____D () C:\Users\Joey\AppData\Local\NVIDIA Corporation
2014-11-29 17:41 - 2014-11-29 18:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\NVIDIA
2014-11-27 10:33 - 2014-11-27 10:33 - 00001351 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-11-27 10:32 - 2014-11-27 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-27 10:32 - 2014-11-27 10:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-27 10:31 - 2014-11-30 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-27 10:31 - 2014-11-30 15:40 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-27 10:29 - 2014-11-30 15:40 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-26 10:27 - 2014-11-26 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-11-26 10:27 - 2014-11-26 10:27 - 00000000 ____D () C:\Program Files (x86)\Geeks3D
2014-11-26 09:51 - 2014-11-26 09:51 - 00026872 _____ () C:\ComboFix.txt
2014-11-26 09:36 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-26 09:36 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-26 09:36 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-26 09:35 - 2014-11-26 09:51 - 00000000 ____D () C:\Qoobox
2014-11-26 09:35 - 2014-11-26 09:51 - 00000000 ____D () C:\ComboFix
2014-11-26 09:35 - 2014-11-26 09:49 - 00000000 ____D () C:\Windows\erdnt
2014-11-25 12:53 - 2014-11-25 12:53 - 00000000 ____D () C:\6b3ce2e579a6fa3fdbdb5d2e
2014-11-25 12:13 - 2014-11-25 12:13 - 00262144 ____H () C:\Windows\DUMP739c.DMP
2014-11-25 12:10 - 2014-11-25 12:10 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
2014-11-25 12:10 - 2014-11-25 12:10 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
2014-11-25 11:38 - 2014-11-25 11:42 - 308364224 _____ (NVIDIA Corporation) C:\Users\Joey\Downloads\344.75-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-11-25 10:57 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-25 10:57 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-25 10:57 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-25 10:57 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-25 10:57 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-25 10:56 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-25 10:56 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-25 10:56 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-25 10:56 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-25 10:56 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-25 10:56 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-25 10:56 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-25 10:56 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-25 10:56 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-25 10:56 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-25 10:56 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-25 10:56 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-25 10:56 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-25 10:56 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-25 10:56 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-25 10:56 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-25 10:56 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-25 10:56 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-25 10:56 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-25 10:56 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-25 10:56 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-25 10:56 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-25 10:56 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-25 10:56 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-25 10:56 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-25 10:56 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-25 10:56 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-25 10:56 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-25 10:56 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-25 10:56 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-25 10:56 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-25 10:56 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-25 10:56 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-25 10:56 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-25 10:56 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-25 10:56 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-25 10:56 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-25 10:56 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-25 10:56 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-25 10:56 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-25 10:56 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-25 10:56 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-25 10:56 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-25 10:56 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-25 10:56 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-25 10:56 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-25 10:56 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-25 10:56 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-25 10:56 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-25 10:56 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-25 10:56 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-25 10:56 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-25 10:56 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-25 10:56 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-25 10:56 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-25 10:56 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-25 10:55 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-25 10:55 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-25 10:51 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-25 10:51 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-25 10:51 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-25 10:51 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-25 10:51 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-25 10:51 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-25 10:50 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-25 10:50 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-25 10:50 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 10:50 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-25 10:50 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-25 10:50 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-25 10:50 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-25 10:50 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-25 10:50 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-25 10:50 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-25 10:50 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-25 10:50 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-25 10:47 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-25 10:47 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-25 10:47 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-25 10:47 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-25 10:47 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:54 - 2014-11-11 19:54 - 00000000 ____D () C:\ProgramData\NuGet
2014-11-11 19:54 - 2014-11-11 19:54 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-11-11 19:33 - 2014-11-11 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-11-11 19:20 - 2014-11-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2014-11-11 19:10 - 2014-11-11 19:10 - 01158344 _____ (Microsoft Corporation) C:\Users\Joey\Downloads\wdexpress_full (2).exe
2014-11-08 17:23 - 2014-11-08 17:23 - 00000221 _____ () C:\Users\Joey\Desktop\Metro 2033.url
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-04 16:22 - 2014-11-04 16:22 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-01 22:40 - 2014-11-01 22:40 - 00251661 _____ () C:\Users\Joey\Downloads\Auto Farmer.zip
2014-11-01 22:37 - 2014-11-01 22:37 - 00257223 _____ () C:\Users\Joey\Downloads\Builder Bot - Cloaked9000.zip
2014-11-01 22:25 - 2014-11-01 22:25 - 01888406 _____ () C:\Users\Joey\Downloads\Miner Bot - Cloaked9000.zip
2014-11-01 22:24 - 2014-11-01 22:24 - 00210535 _____ () C:\Users\Joey\Downloads\Minecraft Bot Launcher.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 16:29 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 21:54 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 21:54 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 21:49 - 2013-08-24 00:02 - 00000000 ____D () C:\Windows\Minidump
2014-11-30 21:48 - 2013-02-13 16:05 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\.minecraft
2014-11-30 21:38 - 2013-02-24 00:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 21:18 - 2013-02-24 00:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 20:34 - 2013-02-13 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 19:17 - 2013-03-13 17:11 - 00000000 ____D () C:\Users\Joey\AppData\Local\Adobe
2014-11-30 15:40 - 2013-02-07 15:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-30 15:33 - 2014-02-26 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-11-30 15:33 - 2014-02-26 16:17 - 00000000 ____D () C:\Program Files\CPUID
2014-11-30 15:32 - 2014-10-28 18:40 - 00003022 _____ () C:\Windows\System32\Tasks\RTSS
2014-11-30 15:22 - 2009-07-14 05:13 - 00799454 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 14:25 - 2013-02-12 21:20 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-30 12:52 - 2014-06-29 12:05 - 00000000 ____D () C:\Users\Joey\AppData\Local\LogMeIn Hamachi
2014-11-30 12:33 - 2013-10-18 19:45 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Search Protection
2014-11-30 12:33 - 2013-03-24 20:13 - 00000000 ____D () C:\Users\Joey\AppData\Local\CRE
2014-11-30 12:33 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help
2014-11-30 00:01 - 2013-02-13 15:48 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Skype
2014-11-29 23:57 - 2013-02-13 15:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-29 19:32 - 2013-02-13 15:49 - 00000000 ____D () C:\ProgramData\Norton
2014-11-29 19:13 - 2013-02-19 17:51 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps
2014-11-29 18:47 - 2013-05-05 15:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-29 18:18 - 2013-02-12 10:43 - 00000000 ____D () C:\Users\Joey
2014-11-26 11:07 - 2013-02-24 00:45 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 10:34 - 2013-02-13 20:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 10:34 - 2013-02-13 20:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 10:34 - 2013-02-13 20:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 09:48 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-25 12:39 - 2014-05-27 14:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-25 12:15 - 2009-07-14 04:45 - 05054992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-25 12:11 - 2013-07-09 20:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-25 12:05 - 2013-08-14 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-25 12:01 - 2013-02-24 00:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-25 12:01 - 2013-02-24 00:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-25 12:01 - 2012-10-12 15:32 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-25 11:43 - 2013-08-04 00:19 - 00000000 ____D () C:\Users\Joey\AppData\Local\Windows Live
2014-11-25 11:32 - 2014-03-03 20:16 - 00000000 ____D () C:\temp
2014-11-24 12:20 - 2013-11-04 20:14 - 00007604 _____ () C:\Users\Joey\AppData\Local\Resmon.ResmonCfg
2014-11-11 22:52 - 2013-12-07 14:51 - 00000000 ____D () C:\Users\Joey\AppData\Local\Battle.net
2014-11-11 20:14 - 2013-08-09 13:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2014-11-11 20:08 - 2013-08-09 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-11-11 20:06 - 2013-08-09 12:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-11-11 20:05 - 2013-08-09 15:23 - 00000000 ____D () C:\Program Files\IIS Express
2014-11-11 20:05 - 2013-08-09 15:23 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-11-11 19:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-11 19:27 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-11 19:07 - 2013-03-27 13:44 - 00000000 ____D () C:\Users\Joey\Desktop\TechnicalWhizz
2014-11-09 19:34 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-08 17:23 - 2014-03-04 18:05 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-08 00:47 - 2013-04-10 20:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-08 00:47 - 2013-02-13 15:48 - 00000000 ____D () C:\ProgramData\Skype
2014-11-07 19:24 - 2014-06-09 14:41 - 00000000 ____D () C:\Users\Joey\Documents\ArcheAge
2014-11-04 14:30 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 13:39 - 2013-02-26 16:50 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Audacity

Files to move or delete:
====================
C:\Users\Joey\jagex_cl_oldschool_LIVE.dat
C:\Users\Joey\jagex_cl_runescape_LIVE.dat
C:\Users\Joey\random.dat


Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\nvStInst.exe
C:\Users\Joey\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Joey\AppData\Local\Temp\sfextra.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 13:11

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by Joey at 2014-12-01 16:37:46
Running from C:\Users\Joey\Documents\dumps
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
A Game of Dwarves (HKLM-x32\...\Steam App 200370) (Version:  - Zeal Game Studio)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage Alpha (HKLM-x32\...\Glyph Archeage Alpha) (Version:  - Trion Worlds, Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Build Tools - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version:  - ) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX H.264 decoder 8.2.0.26 (HKLM-x32\...\divxh264_is1) (Version: 8.2.0.26 - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Effects Suite 64-bit (HKLM-x32\...\InstallShield_{B7765C3D-27EE-4AA8-BB54-D88285D128A0}) (Version: 10.0.2 - Red Giant Software)
Effects Suite 64-bit (Version: 10.0.2 - Red Giant Software) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.0.7.1 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.0.7.1 Alpha - ETS2MP Team)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.0 - Echobit, LLC)
ffdshow x64 v1.3.4515 [2013-06-12] (HKLM\...\ffdshow64_is1) (Version: 1.3.4515.0 - )
FileZilla Client 3.8.0 (HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GlassFish Server Open Source Edition 4.0 (HKLM\...\nbi-glassfish-mod-4.0.0.89.0) (Version:  - )
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
HWiNFO64 Version 4.30 (HKLM\...\HWiNFO64_is1) (Version: 4.30 - Martin Malík - REALiX)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Java SE Development Kit 7 Update 71 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Knoll Light Factory Photo 64 bit (HKLM-x32\...\InstallShield_{69F849EF-4918-4333-81C1-8D8FC07E62B1}) (Version: 3.2 - Red Giant Software)
Knoll Light Factory Photo 64 bit (Version: 3.2 - Red Giant Software) Hidden
LCPD First Response (HKLM-x32\...\{42EFAA60-123F-4877-A11A-A7D02F9C6703}) (Version: 1.0 - G17 Media)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 3 (HKLM-x32\...\{1ef771b4-b774-439e-a015-23dec292d9a4}) (Version: 12.0.30723.0 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MySQL Connector Net 5.2.7 (HKLM-x32\...\{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 5.2.7 - MySQL AB)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
No More Room in [bleep] (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in [bleep] Team)
Norton 360 (HKLM-x32\...\N360) (Version: 20.1.0.24 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.1 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.81.34.0 - Overwolf Ltd.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 1.00.0001 - Plantronics)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.4 fife-0.3.5 (HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\fife-py3.4) (Version:  - )
Python 3.4.1 (64-bit) (HKLM\...\{D54842CB-F761-30BA-881F-1FF821DC44DF}) (Version: 3.4.1150 - Python Software Foundation)
Python Tools for Visual Studio 2012 (HKLM-x32\...\{1B1B4164-E8DC-448B-926A-857E8A3E125B}) (Version: 2.0.10620.00 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.0 - Microsoft Corporation) Hidden
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Receiver (HKLM-x32\...\Steam App 234190) (Version:  - Wolfire Games)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version:  - Coffee Stain Studios)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 1.05.19 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - Zachtronics)
Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Tom Clancy's Rainbow Six: Vegas 2 (HKLM-x32\...\Steam App 15120) (Version:  - Ubisoft Montreal)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{A27FDB06-60C8-4D5A-BB2F-8038FD151E3C}) (Version: 11.0.3 - Red Giant Software)
Trapcode Suite 64-bit (Version: 11.0.3 - Red Giant Software) Hidden
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
TypeScript Power Tool (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.3.1 - Microsoft Corporation) Hidden
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2013 Update 3 (KB2829760) (HKLM-x32\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.30723 - Microsoft Corporation) Hidden
War of the Roses (HKLM-x32\...\Steam App 42160) (Version:  - Fatshark)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version:  - Eugen Systems)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XSplit (HKLM-x32\...\{FE6A9E08-B6DC-4B37-9DAA-ED1210B3A761}) (Version: 1.3.1306.0403 - SplitMediaLabs)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-11-2014 19:43:48 Norton_Power_Eraser_20141129194346703
29-11-2014 23:43:51 Device Driver Package Install: NVIDIA Display adapters
29-11-2014 23:45:37 Device Driver Package Install: NVIDIA Universal Serial Bus controllers

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-11-26 09:48 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10E7C93D-07E8-4477-A3FD-C18A598A23A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {173BDD33-B6A9-42CF-B87B-FB1EBC273164} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {278731F5-9E68-444A-92A6-D3760DBF7A3D} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2013-06-14] ()
Task: {2C011DF0-6749-491B-A561-0B214D629F0B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {2DA01C55-CA05-477D-AC15-3EC3B94AB422} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {79B98930-9E07-4FC1-9CA0-D4B2294E011F} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {84683BAC-C78B-4AA0-949B-253A41D913B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {88E53C9E-D95F-4950-B3E4-47AF3B4B3BAD} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-10-22] (Overwolf LTD)
Task: {94C7BE41-8D67-4526-81DB-25FEBE6C14E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {A87B6498-E84A-4AFC-AA2F-36D79F69746A} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {AB1C438B-94E3-4AF0-B565-8A89E0774F89} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\WSCStub.exe [2012-08-22] (Symantec Corporation)
Task: {ABDD1B96-5245-42CE-89CD-BFE1B4CC87E5} - System32\Tasks\AdobeAAMUpdater-1.0-Joey-PC-Joey => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {B5D2B87B-6C5B-499E-BB83-2A09185222AB} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {D7F8E218-BD1B-4DBF-B1EF-B1E067488829} - System32\Tasks\{E159A085-52E3-4A9D-98E1-3FF57AD88271} => C:\Program Files (x86)\Telestream\Wirecast\Wirecast.exe
Task: {D8BF323F-0F52-40D7-9B17-246A7F40567B} - System32\Tasks\{888C310B-54F0-49CF-AD08-CEC30C07E6A5} => C:\Users\Joey\Desktop\fellowship-of-the-ring\FOR1.EXE
Task: {D9597C9C-0102-4F60-A639-B7E3319A2320} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2828569535-3307695315-1286302524-1002
Task: {DA01CC99-CD2D-476B-AB49-2D9FDDD3B03E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {DFD81FF0-FB0B-4AC9-BA96-00FA09BD0C13} - System32\Tasks\{60380B15-6C2F-45C5-87C0-CDD7BC083F4B} => C:\Users\Joey\Desktop\fellowship-of-the-ring\FOR1.EXE
Task: {E195A76F-03D7-440E-80A9-B12848ADDCE1} - System32\Tasks\{007785DE-25F8-44A8-A0F3-E60A856B83B4} => C:\Program Files (x86)\Telestream\Wirecast\Wirecast.exe
Task: {FB5E11B2-74E5-4C1D-B199-145862BEFAED} - System32\Tasks\{9B183884-2F0A-4B88-B9D9-89CFCA30A246} => Chrome.exe http://www.skype.com/go/downloading?source=installer&amp;ver=6.3.0.107&amp;LastError=-9
Task: {FC9386FB-1488-455C-B9F1-E457C29A92AF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-08 05:17 - 2013-03-08 05:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2013-03-08 05:17 - 2013-03-08 05:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2013-03-08 05:17 - 2013-03-08 05:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2013-03-08 05:17 - 2013-03-08 05:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2013-03-08 05:17 - 2013-03-08 05:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2014-03-28 09:35 - 2014-03-28 09:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-11-26 11:07 - 2014-11-25 06:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 11:07 - 2014-11-25 06:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-07-12 16:44 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Joey\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-12 16:44 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Joey\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CAM => C:\Program Files (x86)\CAM\CAM\CAM\CAM_Client.exe
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
MSCONFIG\startupreg: EvolveClient => C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorun
MSCONFIG\startupreg: GamecomSound => C:\Program Files\Plantronics\GameCom780\GameCom780.exe
MSCONFIG\startupreg: GamingKeyboard => "C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: SearchProtection => "C:\Users\Joey\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2828569535-3307695315-1286302524-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2828569535-3307695315-1286302524-1006 - Limited - Enabled)
Guest (S-1-5-21-2828569535-3307695315-1286302524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2828569535-3307695315-1286302524-1004 - Limited - Enabled)
Joey (S-1-5-21-2828569535-3307695315-1286302524-1002 - Administrator - Enabled) => C:\Users\Joey

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2014 04:33:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 09:50:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 09:39:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 09:19:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 08:58:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 08:23:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 08:03:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 07:08:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2002 06:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 03:38:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/01/2014 04:36:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:36:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (12/01/2014 04:35:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-26 09:48:19.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-26 09:48:19.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8350 Eight-Core Processor 
Percentage of memory in use: 15%
Total physical RAM: 7918.12 MB
Available physical RAM: 6656.3 MB
Total Pagefile: 15834.41 MB
Available Pagefile: 14597.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:344.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A3C19CC3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Shortcut.txt

Users shortcut scan result (x64) Version: 01-12-2014
Ran by Joey at 2014-12-01 16:40:12
Running from C:\Users\Joey\Documents\dumps
Boot Mode: Safe Mode (with Networking)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Joey\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe (Adobe Systems Incorporated.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk -> C:\Windows\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk -> C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk -> C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk -> C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk -> C:\Program Files (x86)\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk -> C:\Program Files\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk -> C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk -> C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk -> C:\Program Files (x86)\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk -> C:\Program Files\Echobit\Evolve\EvolveClient.exe (Echobit LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk -> C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk -> C:\Program Files\Microsoft\Web Platform Installer\WebPlatformInstaller.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk -> C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Check for Updates.lnk -> C:\Program Files (x86)\Xvid\autoupdate-windows.exe (Xvid Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Release Notes.lnk -> C:\Program Files (x86)\Xvid\releasenotes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Uninstall Xvid Video Codec.lnk -> C:\Program Files (x86)\Xvid\uninstall.exe (Xvid Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Xvid MiniConvert.lnk -> C:\Program Files (x86)\Xvid\MiniConvert.exe (Xvid Solutions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's FourCC Changer.lnk -> C:\Program Files (x86)\Xvid\AviC.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Nic's MiniCalc.lnk -> C:\Program Files (x86)\Xvid\MiniCalc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\Some Quantization Matrices.lnk -> C:\Program Files (x86)\Xvid\Xvid_Quant_Matrices.zip ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader 2.1.lnk -> C:\Program Files (x86)\Xvid\StatsReader.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\StatsReader Notes.lnk -> C:\Program Files (x86)\Xvid\statsreader.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw\Uninstall x264vfw.lnk -> C:\Program Files (x86)\x264vfw\x264vfw-uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Account Billing.lnk -> C:\Program Files (x86)\World of Warcraft\Data\enGB\AccountBilling.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Blizzard Technical Support.lnk -> C:\Program Files (x86)\World of Warcraft\Data\enGB\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\DesktopDevCenterLearn.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Documentation for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\WindowsStoreAppDevCenterLearn.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\DesktopDevCenterSamples.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Samples for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\WindowsStoreAppDevCenterSamples.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Desktop Apps.lnk -> C:\Program Files (x86)\Windows Kits\8.1\Shortcuts\DesktopDevCenterToolsDocumentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Software Development Kit\Tools for Windows Store Apps.lnk -> C:\Program Files (x86)\Windows Kits\8.0\Shortcuts\WindowsStoreAppDevCenterToolsDocumentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat\Help (ENG).lnk -> C:\Program Files (x86)\WinDirStat\windirstat.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat\Uninstall WinDirStat.lnk -> C:\Program Files (x86)\WinDirStat\Uninstall.exe (WDS Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat\WinDirStat.lnk -> C:\Program Files (x86)\WinDirStat\windirstat.exe (Seifert)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013\Visual Studio Tools.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\Shortcuts ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013\VS Express 2013 for Desktop.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\MonoDevelop.lnk -> C:\Program Files (x86)\Unity\MonoDevelop\bin\MonoDevelop.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Report a Problem with Unity.lnk -> C:\Program Files (x86)\Unity\Editor\UnityBugReporter.exe (Unity Technologies ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Uninstall Unity.lnk -> C:\Program Files (x86)\Unity\Editor\Uninstall.exe (Unity Technologies ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity Documentation.lnk -> C:\Program Files (x86)\Unity\Editor\Data\Documentation\Documentation.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity\Unity.lnk -> C:\Program Files (x86)\Unity\Editor\Unity.exe (Unity Technologies ApS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Valley Benchmark 1.0\Uninstall.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Valley Benchmark 1.0\User manual.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\documentation\User_Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine\Valley Benchmark 1.0\Valley Benchmark 1.0.lnk -> C:\Program Files (x86)\Unigine\Valley Benchmark 1.0\valley.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UDPixel\UDPixel.lnk -> C:\Program Files (x86)\UDPixel\UDPixel.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UDPixel\Uninstall.lnk -> C:\Program Files (x86)\UDPixel\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontown Rewritten\Toontown Rewritten Official Site.lnk -> C:\Program Files (x86)\Toontown Rewritten\Toontown Rewritten Official Site.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toontown Rewritten\Toontown Rewritten.lnk -> C:\Program Files (x86)\Toontown Rewritten\Launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk -> C:\Program Files\Speccy\Speccy64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Uninstall Speccy.lnk -> C:\Program Files\Speccy\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Vegas Pro 12.0 Readme.lnk -> C:\Program Files\Sony\Vegas Pro 12.0\Readme\Vegas_readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Video Capture 6.0 Readme.lnk -> C:\Program Files\Sony\Vegas Pro 12.0\Readme\Videocapture_readme.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller\SHARKOON Skiller Configurator.lnk -> C:\Program Files (x86)\SHARKOON Skiller\GameSetting.exe (Game Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{91C25547-9534-41A5-823A-1E54BA16EA3F}\setup.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\San Andreas Multiplayer.lnk -> C:\Users\Joey\Documents\GTA-SanAndreas\samp.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer\Uninstall.lnk -> C:\Users\Joey\Documents\GTA-SanAndreas\SAMPUninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python Tools for Visual Studio\PTVS License.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\Extensions\Microsoft\Python Tools for Visual Studio\2.0\License.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python Tools for Visual Studio\ptvsd Package.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\Extensions\Microsoft\Python Tools for Visual Studio\2.0\ptvsd ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk -> C:\Program Files (x86)\PowerISO\PowerISO.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk -> C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk -> C:\Program Files (x86)\PowerISO\PowerISO.exe (Power Software Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk -> C:\Program Files (x86)\PowerISO\uninstall.exe (Power Software Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plantronics\GameCom780.lnk -> C:\Program Files\Plantronics\GameCom780\GameCom780.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Uninstall Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe (NVIDIA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO [email protected])
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Norton 360.lnk -> C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\uiStub.exe (Symantec Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans\NetBeans IDE 7.4.lnk -> C:\Program Files\NetBeans 7.4\bin\netbeans64.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace\Games for Windows Marketplace.lnk -> C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk -> C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk -> C:\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LCPD First Response\LCPDFR API Documentation.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\lcpdfr\LCPDFR API Documentation.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LCPD First Response\LCPDFR User Documentation.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\lcpdfr\LCPDFR User Documentation.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LCPD First Response\Open LCPDFR Folder.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\lcpdfr ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.7.0_71\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64\HWiNFO64 Program.lnk -> C:\Program Files\HWiNFO64\HWiNFO64.EXE (REALiX)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes & Generals\Uninstall.lnk -> C:\Program Files (x86)\Heroes & Generals\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\GOG.com Downloader.lnk -> C:\Program Files (x86)\GOG.com\GOG.com Downloader.exe (GOG.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Glyph.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Uninstall Glyph.lnk -> C:\Program Files (x86)\Glyph\GlyphUninstall.exe (Trion Worlds Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade\GameSpy Arcade.lnk -> C:\Program Files (x86)\GameSpy Arcade\Aphex.exe (IGN Entertainment, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade\Uninstall GameSpy Arcade.lnk -> C:\Program Files (x86)\GameSpy Arcade\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Uninstall.lnk -> C:\Fraps\uninstall.exe (Beepa Pty Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64\Uninstall ffdshow.lnk -> C:\Program Files\ffdshow\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer\Play Euro Truck Simulator 2 Multiplayer.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\Euro Truck Simulator 2 Multiplayer\launcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dotjosh Studios\DayZ Commander.lnk -> C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe (Dotjosh Studios, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX H.264 decoder\Uninstall DivX H.264 decoder.lnk -> C:\Program Files (x86)\DivX H.264 decoder\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net Account Management.lnk -> C:\Program Files (x86)\Diablo III\BattlenetAccount.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Technical Support.lnk -> C:\Program Files (x86)\Diablo III\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Manual.lnk -> C:\Program Files (x86)\Diablo III\Manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish\Clownfish.lnk -> C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish\Uninstall.lnk -> C:\Program Files (x86)\Clownfish\uninstall.exe (Shark Labs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEVO Client\CEVO Client (CSGO).lnk -> C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClient.exe (altPUG LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk -> C:\Program Files\CCleaner\uninst.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive\ArmA 2\BattlEye\Uninstall BattlEye.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Arma 2\BattlEye\UnInstallBE.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Battlefield 3.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\EA EULA.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\Support\eula\en_US_eula.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Read Me.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\Support\readme\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3\Technical Support.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\ASUSUpdate.lnk -> C:\Program Files (x86)\ASUS\ASUSUpdate\Update.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\Mylogo User Manual.lnk -> C:\Program Files (x86)\ASUS\ASUSUpdate\MyLogo2.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\MyLogo.lnk -> C:\Program Files (x86)\ASUS\ASUSUpdate\MyLogo.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\Uninstall ASUSUpdate.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{EBBBD30C-53E2-4159-BCEA-93FF412A26B3}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe (Bethesda Softworks)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\PlayTasks\3\Technical Support.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\PlayTasks\2\End User License Agreement.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3\Support\en_EULA.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\PlayTasks\1\Read Me.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3\Support\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\PlayTasks\0\The Sims™ 3.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\Sims3Launcher.exe (Electronic Arts, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\PlayTasks\3\Technical Support.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 High End Loft Stuff\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\PlayTasks\2\End User License Agreement.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 High End Loft Stuff\Support\en_EULA.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\PlayTasks\1\Read Me.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 High End Loft Stuff\Support\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\PlayTasks\0\The Sims™ 3 High-End Loft Stuff.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 High End Loft Stuff\Game\Bin\Sims3Launcher.exe (EA.com)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\PlayTasks\3\Technical Support.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 Late Night Expansion Pack\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\PlayTasks\2\End User License Agreement.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 Late Night Expansion Pack\Support\en_EULA.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\PlayTasks\1\Read Me.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 Late Night Expansion Pack\Support\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\PlayTasks\0\The Sims™ 3 Late Night.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3 Late Night Expansion Pack\Game\Bin\Sims3Launcher.exe (EA.com)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{0736F242-4081-4AF8-A26D-13FC91A17A4A}\PlayTasks\0\Launch.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe (Avalanche Studios)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Joey\Links\Desktop.lnk -> C:\Users\Joey\Desktop ()
Shortcut: C:\Users\Joey\Links\Downloads.lnk -> C:\Users\Joey\Downloads ()
Shortcut: C:\Users\Joey\Documents\Euro Truck Simulator 2\readme.rtf.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\readme.rtf ()
Shortcut: C:\Users\Joey\Desktop\Adobe After Effects CS6.lnk -> C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Joey\Desktop\Adobe Photoshop CS6 (64 Bit).lnk -> C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\Users\Joey\Desktop\ATLauncher.lnk -> C:\Users\Joey\Desktop\TechnicalWhizz\ATLAUNCH\ATLauncher.exe ()
Shortcut: C:\Users\Joey\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Joey\Desktop\EVGA Precision X.lnk -> C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe ()
Shortcut: C:\Users\Joey\Desktop\Glyph.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.)
Shortcut: C:\Users\Joey\Desktop\My Documents.lnk -> C:\Users\Joey\Documents ()
Shortcut: C:\Users\Joey\Desktop\Open Broadcaster Software.lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Joey\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Joey\Desktop\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
Shortcut: C:\Users\Joey\Desktop\TeamSpeak 3 Client.lnk -> C:\Users\Joey\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Joey\Desktop\TechnicLauncher.lnk -> C:\Users\Joey\Desktop\TechnicalWhizz\TechnicLauncher.exe ()
Shortcut: C:\Users\Joey\Desktop\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\Joey\Desktop\TechnicalWhizz\MCreator - Shortcut.lnk -> C:\Pylo\MCreator\MCreator.exe (No File)
Shortcut: C:\Users\Joey\Desktop\TechnicalWhizz\Notepad++.lnk -> C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO [email protected])
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Joey\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4\Python (command line).lnk -> C:\Users\Joey\AppData\Roaming\Microsoft\Installer\{D54842CB-F761-30BA-881F-1FF821DC44DF}\python_icon.exe ()
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4\Python Manuals.lnk -> C:\Python34\Doc\python341.chm ()
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe ()
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf\Uninstall Overwolf.lnk -> C:\Program Files (x86)\Overwolf\OWUninstaller.exe (Overwolf Ltd.)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (32bit).lnk -> C:\Program Files (x86)\OBS\OBS.exe ()
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (64bit).lnk -> C:\Program Files\OBS\OBS.exe ()
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Uninstall.lnk -> C:\Program Files (x86)\OBS\uninstall.exe ()
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe (Tim Kosse)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\SendTo\МойМир@Mail.ru.lnk -> C:\Users\Joey\AppData\Local\Mail.Ru\GameCenter\[email protected] (No File)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk -> C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.Core.exe (No File)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Joey\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Joey\AppData\Local\Microsoft\Windows\GameExplorer\{EE460F6A-89CB-4F2D-B383-E3BE7E5FCC6F}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Oblivion\Oblivion.exe (Bethesda Softworks)
Shortcut: C:\Users\Joey\AppData\Local\Microsoft\Windows\GameExplorer\{CE0E5089-5F36-4781-B55D-5FA1231BBB50}\PlayTasks\0\Play.lnk -> C:\Users\Joey\Documents\GTA-SanAndreas\gta_sa.exe ()
Shortcut: C:\Users\Joey\AppData\Local\Microsoft\Windows\GameExplorer\{823C3788-3D16-4DA3-BA1A-188A9941127F}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\San Andreas\gta_sa.exe ()
Shortcut: C:\Users\Joey\AppData\Local\Microsoft\Windows\GameExplorer\{75F743C2-59C0-426F-96BA-1F9BAA5F0159}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Ubisoft\Rayman 3\Rayman3.exe (No File)
Shortcut: C:\Users\Joey\AppData\Local\Microsoft\Windows\GameExplorer\{68918C3D-CE3C-4A48-AF22-73A871918332}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe (No File)
Shortcut: C:\Users\Joey\AppData\Local\Microsoft\GFWLive\Logs\InstallLog.lnk -> C:\Users\Joey\AppData\Local\Microsoft\GFWLive\Install\Logs ()
Shortcut: C:\Users\Joey\AppData\Local\Microsoft\GFWLive\Install\Logs\ClientLog.lnk -> C:\Users\Joey\AppData\Local\Microsoft\GFWLive\Logs ()
Shortcut: C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Battlefield 3.lnk -> C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe (EA Digital Illusions CE AB)
Shortcut: C:\Users\Public\Desktop\CEVO Client (CSGO).lnk -> C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClient.exe (altPUG LLC)
Shortcut: C:\Users\Public\Desktop\CPUID CPU-Z.lnk -> C:\Program Files\CPUID\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\DayZ Commander.lnk -> C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Current\DayZCommander.exe (Dotjosh Studios, LLC)
Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Evolve.lnk -> C:\Program Files\Echobit\Evolve\EvolveClient.exe (Echobit LLC)
Shortcut: C:\Users\Public\Desktop\Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe (NVIDIA)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\HD VDeck.lnk -> C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
Shortcut: C:\Users\Public\Desktop\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\NetBeans IDE 7.4.lnk -> C:\Program Files\NetBeans 7.4\bin\netbeans64.exe (Oracle Corporation)
Shortcut: C:\Users\Public\Desktop\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\Euro Truck Simulator 2 Multiplayer\launcher.exe ()
Shortcut: C:\Users\Public\Desktop\Play League of Legends.lnk -> C:\Riot Games\League of Legends\lol.launcher.exe ()
Shortcut: C:\Users\Public\Desktop\SHARKOON Skiller Configurator.lnk -> C:\Program Files (x86)\SHARKOON Skiller\GameSetting.exe (Game Inc.)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\The Sims™ 3.lnk -> C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\Sims3Launcher.exe (Electronic Arts, Inc.)
Shortcut: C:\Users\Public\Desktop\Toontown Rewritten.lnk -> C:\Program Files (x86)\Toontown Rewritten\Launcher.exe ()
Shortcut: C:\Users\Public\Desktop\Unity.lnk -> C:\Program Files (x86)\Unity\Editor\Unity.exe (Unity Technologies ApS)
Shortcut: C:\Users\Public\Desktop\World of Warcraft.lnk -> C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Decoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvid.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Configure Encoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvidvfw.dll,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Advanced\xvid_encraw.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k ""C:\Program Files (x86)\Xvid\xvid_encraw.exe"" -h
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\Uninstall XSplit Broadcaster.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {FE6A9E08-B6DC-4B37-9DAA-ED1210B3A761} /L*V "C:\Users\Joey\AppData\Roaming\\SplitMediaLabs\XSplit\xsplit_installer_uninstall.log"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw\Configure x264vfw.lnk -> C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) -> x264vfw.dll,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {B67BAFBA-4C9F-48FA-9496-933E3B255044} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\LiveUpdate.lnk -> C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\uiStub.exe (Symantec Corporation) -> /lu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Support.lnk -> C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\symerr.exe (Symantec Corporation) -> /support
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Uninstall Norton 360.lnk -> C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\2454B0AB\20.1.0.24\InstStub.exe (Symantec Corporation) -> /X /shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {32CB6BDF-F465-4BE8-9B57-1422057B61B9} REMOVE=ALL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Archeage Alpha.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.) ->  -game 122
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph\Archeage Beta.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.) ->  -game 122
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64\Audio decoder configuration x64.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\ffdshow\ffdshow.ax",configureAudio
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64\DXVA Video decoder configuration x64.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\ffdshow\ffdshow.ax",configureDXVA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64\VFW configuration x64.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Windows\system32\ff_vfw.dll",configureVFW
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64\Video decoder configuration x64.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\ffdshow\ffdshow.ax",configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX H.264 decoder\Configure DivX H.264 decoder.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> DivXDecH264.ax Config
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Joey\Desktop\Archeage.lnk -> C:\Program Files (x86)\Glyph\GlyphClient.exe (Trion Worlds Inc.) ->  -game 122
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4\IDLE (Python GUI).lnk -> C:\Users\Joey\AppData\Roaming\Microsoft\Installer\{D54842CB-F761-30BA-881F-1FF821DC44DF}\python_icon.exe () -> "C:\Python34\Lib\idlelib\idle.pyw"
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4\Module Docs.lnk -> C:\Users\Joey\AppData\Roaming\Microsoft\Installer\{D54842CB-F761-30BA-881F-1FF821DC44DF}\python_icon.exe () -> -m pydoc -b
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4\Uninstall Python.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x{d54842cb-f761-30ba-881f-1ff821dc44df}
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\PowerPoint\Lord%20of%20the%20Flies303097613231126504\Lord%20of%20the%20Flies.pptx.lnk -> C:\Users\Joey\Documents\Lord of the Flies.pptx () -> 27
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle
ShortcutWithArgument: C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\Browser Choice.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid\Xvid Homepage.url -> hxxp://www.xvid.org
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Broadcaster Release Notes.url -> hxxp://www.xsplit.com/issues.php?xsv=1.3.1306.0403
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org\Open Codecs\Website.url -> hxxp://xiph.org/dshow/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013\Try other Visual Studio 2013 products.url -> hxxp://go.microsoft.com/fwlink/?LinkId=251952&clcid=409
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy Homepage.url -> hxxp://www.piriform.com/speccy
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC\Documentation\VNC Server on the Web.url -> hxxp://www.realvnc.com/products/vnc/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64\Homepage.url -> hxxp://ffdshow-tryout.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Joey\Favorites\http--www.minecraftforum.net-topic-1509940-need-actors-builders-camera-people-and-all-that-good-stuff-for-a-series-called-faded-glory-page__st__20.url -> hxxp://www.minecraftforum.net/topic/1509940-need-actors-builders-camera-people-and-all-that-good-stuff-for-a-series-called-faded-glory/page__st__20
InternetURL: C:\Users\Joey\Favorites\Links for United Kingdom\Business Link - the site for business.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129728
InternetURL: C:\Users\Joey\Favorites\Links for United Kingdom\Directgov - the nation's official website.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129698
InternetURL: C:\Users\Joey\Favorites\Links for United Kingdom\NHS Choices - for health and social care.url -> hxxp://go.microsoft.com/fwlink/?LinkId=143271
InternetURL: C:\Users\Joey\Favorites\Links\Suggested Sites (2).url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Joey\Favorites\Links\Suggested Sites.url -> 0
InternetURL: C:\Users\Joey\Desktop\A Game of Dwarves.url -> steam://rungameid/200370
InternetURL: C:\Users\Joey\Desktop\Arma 2 Operation Arrowhead.url -> steam://rungameid/33930
InternetURL: C:\Users\Joey\Desktop\Arma 2.url -> steam://rungameid/33910
InternetURL: C:\Users\Joey\Desktop\Arma 3.url -> steam://rungameid/107410
InternetURL: C:\Users\Joey\Desktop\Assassin's Creed IV Black Flag.url -> uplay://launch/273
InternetURL: C:\Users\Joey\Desktop\Awesomenauts.url -> steam://rungameid/204300
InternetURL: C:\Users\Joey\Desktop\BattleBlock Theater.url -> steam://rungameid/238460
InternetURL: C:\Users\Joey\Desktop\Borderlands 2.url -> steam://rungameid/49520
InternetURL: C:\Users\Joey\Desktop\Castle Crashers.url -> steam://rungameid/204360
InternetURL: C:\Users\Joey\Desktop\Counter-Strike Global Offensive.url -> steam://rungameid/730
InternetURL: C:\Users\Joey\Desktop\Counter-Strike Source.url -> steam://rungameid/240
InternetURL: C:\Users\Joey\Desktop\DayZ.url -> steam://rungameid/221100
InternetURL: C:\Users\Joey\Desktop\Euro Truck Simulator 2.url -> steam://rungameid/227300
InternetURL: C:\Users\Joey\Desktop\Football Manager 2014.url -> steam://rungameid/231670
InternetURL: C:\Users\Joey\Desktop\Garry's Mod.url -> steam://rungameid/4000
InternetURL: C:\Users\Joey\Desktop\Guns of Icarus Online.url -> steam://rungameid/209080
InternetURL: C:\Users\Joey\Desktop\Half-Life 2 Episode Two.url -> steam://rungameid/420
InternetURL: C:\Users\Joey\Desktop\Insurgency.url -> steam://rungameid/222880
InternetURL: C:\Users\Joey\Desktop\Just Cause 2 Multiplayer Mod.url -> steam://rungameid/259080
InternetURL: C:\Users\Joey\Desktop\Just Cause 2.url -> steam://rungameid/8190
InternetURL: C:\Users\Joey\Desktop\Magicka Wizard Wars.url -> steam://rungameid/202090
InternetURL: C:\Users\Joey\Desktop\Metro 2033.url -> steam://rungameid/43110
InternetURL: C:\Users\Joey\Desktop\No More Room in [bleep].url -> steam://rungameid/224260
InternetURL: C:\Users\Joey\Desktop\Project Zomboid.url -> steam://rungameid/108600
InternetURL: C:\Users\Joey\Desktop\Quake Live.url -> steam://rungameid/282440
InternetURL: C:\Users\Joey\Desktop\Receiver.url -> steam://rungameid/234190
InternetURL: C:\Users\Joey\Desktop\Sanctum 2.url -> steam://rungameid/210770
InternetURL: C:\Users\Joey\Desktop\Sanctum.url -> steam://rungameid/91600
InternetURL: C:\Users\Joey\Desktop\Sid Meier's Civilization V.url -> steam://rungameid/8930
InternetURL: C:\Users\Joey\Desktop\Sniper Elite V2.url -> steam://rungameid/63380
InternetURL: C:\Users\Joey\Desktop\Space Engineers.url -> steam://rungameid/244850
InternetURL: C:\Users\Joey\Desktop\SpaceChem.url -> steam://rungameid/92800
InternetURL: C:\Users\Joey\Desktop\Star Wars - Battlefront II.url -> steam://rungameid/6060
InternetURL: C:\Users\Joey\Desktop\Team Fortress 2.url -> steam://rungameid/440
InternetURL: C:\Users\Joey\Desktop\Terraria.url -> steam://rungameid/105600
InternetURL: C:\Users\Joey\Desktop\The Elder Scrolls IV Oblivion.url -> steam://rungameid/22330
InternetURL: C:\Users\Joey\Desktop\The Elder Scrolls V Skyrim.url -> steam://rungameid/72850
InternetURL: C:\Users\Joey\Desktop\Tom Clancy's Rainbow Six Vegas 2.url -> steam://rungameid/15120
InternetURL: C:\Users\Joey\Desktop\Trine 2.url -> steam://rungameid/35720
InternetURL: C:\Users\Joey\Desktop\Tropico 3 - Steam Special Edition.url -> steam://rungameid/23490
InternetURL: C:\Users\Joey\Desktop\War of the Roses.url -> steam://rungameid/42160
InternetURL: C:\Users\Joey\Desktop\Wargame Red Dragon.url -> steam://rungameid/251060
InternetURL: C:\Users\Joey\Desktop\TechnicalWhizz\VCAC\Virtual Audio Cable 4.10\homepage.url -> hxxp://software.muzychenko.net/eng/vac.html
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Awesomenauts.url -> steam://rungameid/204300
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Castle Crashers.url -> steam://rungameid/204360
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Counter-Strike Global Offensive.url -> steam://rungameid/730
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Euro Truck Simulator 2.url -> steam://rungameid/227300
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Metro 2033.url -> steam://rungameid/43110
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\No More Room in [bleep].url -> steam://rungameid/224260
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Project Zomboid.url -> steam://rungameid/108600
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Quake Live.url -> steam://rungameid/282440
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Receiver.url -> steam://rungameid/234190
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Sanctum 2.url -> steam://rungameid/210770
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Sniper Elite V2.url -> steam://rungameid/63380
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Space Engineers.url -> steam://rungameid/244850
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\SpaceChem.url -> steam://rungameid/92800
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Terraria.url -> steam://rungameid/105600
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\The Elder Scrolls IV Oblivion.url -> steam://rungameid/22330
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Trine 2.url -> steam://rungameid/35720
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Tropico 3 - Steam Special Edition.url -> steam://rungameid/23490
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\War of the Roses.url -> steam://rungameid/42160
InternetURL: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Wargame Red Dragon.url -> steam://rungameid/251060

==================== End of log =============================

**Edit** I had to scan in Safe Mode as I couldn't login to Normal mode without BSOD.


Edited by JoeBenyon, 01 December 2014 - 10:54 AM.

  • 0

#4
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, it appears you previously ran combofix. Could you post the log from that please.

Also did the BSOD start before or after you ran it?


  • 0

#5
JoeBenyon

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Hi, I have never ran combofix, the people who changed my PSU must have.
  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi :D

 

The file is C:\ComboFix.txt

 

We would like to see what changes it made.


  • 0

#7
JoeBenyon

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Here you go :)

ComboFix 14-11-25.01 - Joey 26/11/2014   9:38.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8174.5882 [GMT 0:00]
Running from: e:\d7\3rd Party Tools\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joey\AppData\Local\assembly\tmp
c:\windows\msdownld.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-26 to 2014-11-26  )))))))))))))))))))))))))))))))
.
.
2014-11-26 09:48 . 2014-11-26 09:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-26 09:43 . 2014-11-26 09:43	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA516214-FB83-458E-8725-CC19755BE38D}\offreg.dll
2014-11-26 09:34 . 2014-11-26 09:34	3817136	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-26 09:26 . 2014-07-02 17:44	609240	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-11-25 13:17 . 2014-11-17 02:08	11632448	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA516214-FB83-458E-8725-CC19755BE38D}\mpengine.dll
2014-11-25 12:53 . 2014-11-25 12:53	--------	d-----w-	C:\6b3ce2e579a6fa3fdbdb5d2e
2014-11-25 11:57 . 2014-11-25 11:59	--------	d-----w-	c:\users\Joey\AppData\Local\NVIDIA
2014-11-25 11:57 . 2014-11-17 20:02	2197680	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-11-25 11:57 . 2014-11-17 20:02	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-11-25 11:57 . 2014-11-17 20:02	2800296	----a-w-	c:\windows\system32\nvspcap64.dll
2014-11-25 11:57 . 2014-11-17 20:02	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-11-25 11:57 . 2014-07-02 18:55	6783776	----a-w-	c:\windows\system32\nvcpl.dll
2014-11-25 11:57 . 2014-07-02 18:55	3522392	----a-w-	c:\windows\system32\nvsvc64.dll
2014-11-25 11:57 . 2014-07-02 18:55	935368	----a-w-	c:\windows\system32\nvvsvc.exe
2014-11-25 11:57 . 2014-07-02 18:55	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-11-25 11:57 . 2014-07-02 18:55	386520	----a-w-	c:\windows\system32\nvmctray.dll
2014-11-25 11:57 . 2014-07-02 18:55	2559960	----a-w-	c:\windows\system32\nvsvcr.dll
2014-11-25 11:57 . 2014-07-02 10:14	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2014-11-25 11:56 . 2014-08-19 22:15	75040	----a-w-	c:\windows\system32\OpenCL.dll
2014-11-25 11:56 . 2014-08-19 22:15	61912	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-11-25 11:55 . 2014-10-03 19:23	38216	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-11-25 11:55 . 2014-10-03 19:23	35144	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-11-25 11:55 . 2014-10-03 19:23	32584	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-11-25 11:55 . 2014-11-13 00:20	1876296	----a-w-	c:\windows\system32\nvdispco6434475.dll
2014-11-25 11:55 . 2014-11-13 00:20	1540424	----a-w-	c:\windows\system32\nvdispgenco6434475.dll
2014-11-25 10:57 . 2014-10-14 02:13	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-11-25 10:57 . 2014-10-14 02:09	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-11-25 10:57 . 2014-10-14 02:07	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-11-25 10:57 . 2014-10-14 01:47	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-11-25 10:57 . 2014-10-14 01:46	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-11-25 10:55 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-11-25 10:55 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-11-25 10:51 . 2014-08-21 06:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2014-11-25 10:51 . 2014-08-21 06:40	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-11-25 10:51 . 2014-08-21 06:26	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-11-25 10:51 . 2014-08-21 06:23	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2014-11-25 10:51 . 2014-08-12 02:02	878080	----a-w-	c:\windows\system32\IMJP10K.DLL
2014-11-25 10:51 . 2014-08-12 01:36	701440	----a-w-	c:\windows\SysWow64\IMJP10K.DLL
2014-11-25 10:49 . 2014-09-19 09:42	342016	----a-w-	c:\windows\system32\schannel.dll
2014-11-25 10:49 . 2014-09-19 09:42	309760	----a-w-	c:\windows\system32\ncrypt.dll
2014-11-25 10:49 . 2014-09-19 09:23	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2014-11-25 10:49 . 2014-09-19 09:23	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2014-11-25 10:49 . 2014-09-19 09:42	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-11-25 10:49 . 2014-09-19 09:42	86528	----a-w-	c:\windows\system32\TSpkg.dll
2014-11-25 10:49 . 2014-09-19 09:42	314880	----a-w-	c:\windows\system32\msv1_0.dll
2014-11-25 10:49 . 2014-09-19 09:23	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-11-25 10:49 . 2014-09-19 09:23	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-11-25 10:49 . 2014-09-19 09:42	22016	----a-w-	c:\windows\system32\credssp.dll
2014-11-25 10:49 . 2014-09-19 09:23	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-11-25 10:49 . 2014-09-19 09:23	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2014-11-25 10:47 . 2014-10-25 01:57	77824	----a-w-	c:\windows\system32\packager.dll
2014-11-25 10:47 . 2014-10-25 01:32	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-11-25 10:47 . 2014-10-10 00:57	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-11-25 10:47 . 2014-10-14 02:13	3241984	----a-w-	c:\windows\system32\msi.dll
2014-11-25 10:47 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-11-11 19:54 . 2014-11-11 19:54	--------	d-----w-	c:\programdata\NuGet
2014-11-11 19:54 . 2014-11-11 19:54	--------	d-----w-	c:\program files (x86)\NuGet
2014-11-11 19:46 . 2014-11-11 19:46	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2014-11-11 19:32 . 2014-11-11 19:32	--------	d-----w-	c:\program files (x86)\Common Files\Microsoft
2014-11-11 19:12 . 2014-11-11 19:12	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
2014-11-04 16:22 . 2014-11-04 16:22	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-10-27 22:40 . 2014-10-27 22:40	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-27 22:36 . 2014-10-27 22:36	319912	----a-w-	c:\windows\system32\javaws.exe
2014-10-27 22:36 . 2014-10-27 22:36	189352	----a-w-	c:\windows\system32\javaw.exe
2014-10-27 22:36 . 2014-10-27 22:36	189352	----a-w-	c:\windows\system32\java.exe
2014-10-27 22:36 . 2014-10-27 22:36	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-27 22:12 . 2014-10-27 22:12	--------	d-----w-	c:\users\Joey\AppData\Local\Secunia PSI
2014-10-27 22:12 . 2014-10-27 22:12	--------	d-----w-	c:\program files (x86)\Secunia
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 09:34 . 2013-02-13 20:48	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 09:34 . 2013-02-13 20:48	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-25 12:10 . 2013-10-20 16:17	1113664	----a-w-	c:\programdata\Microsoft\WDExpress\12.0\1033\ResourceCache.dll
2014-11-25 12:01 . 2012-10-12 15:32	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-11-04 14:30 . 2010-11-21 03:27	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-21 04:57 . 2014-05-31 21:50	107552	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
2014-10-10 02:05 . 2014-10-15 15:17	276480	----a-w-	c:\windows\system32\generaltel.dll
2014-10-10 02:05 . 2014-10-15 15:17	507392	----a-w-	c:\windows\system32\aepdu.dll
2014-10-10 02:00 . 2014-10-15 15:17	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-09-25 19:21 . 2013-12-25 21:47	348928	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-09-25 19:21 . 2013-03-08 15:52	348928	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-09-25 19:16 . 2013-03-08 15:45	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-09-25 02:08 . 2014-10-01 14:34	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 14:34	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-18 14:58 . 2014-09-18 14:58	92672	----a-r-	c:\users\Joey\AppData\Roaming\Microsoft\Installer\{D54842CB-F761-30BA-881F-1FF821DC44DF}\python_icon.exe
2014-09-13 23:48 . 2014-09-21 12:42	1876296	----a-w-	c:\windows\system32\nvdispco6434411.dll
2014-09-13 23:48 . 2014-09-21 12:42	1539272	----a-w-	c:\windows\system32\nvdispgenco6434411.dll
2014-09-09 22:11 . 2014-09-24 17:22	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 17:22	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-15 15:10	6584320	----a-w-	c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-15 15:10	5703168	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-09-05 00:39 . 2013-10-31 14:22	447752	----a-w-	c:\windows\SysWow64\vp6vfw.dll
2014-09-04 05:23 . 2014-10-15 15:11	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 15:11	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-15 15:11	3179520	----a-w-	c:\windows\system32\rdpcorets.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"GamingKeyboard"="c:\program files (x86)\SHARKOON Skiller\GameMon.exe" [2012-06-07 1803264]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-03 3835728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /k:E *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\D7Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 celavimushost;Celavimus Client Host;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe;c:\program files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [x]
R3 cpuz137;cpuz137;c:\users\Joey\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Joey\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ESEADriver2;ESEADriver2;c:\users\Joey\AppData\Local\Temp\ESEADriver2.sys;c:\users\Joey\AppData\Local\Temp\ESEADriver2.sys [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R3 GameKB;SHARKOON Skiller;c:\windows\system32\drivers\GameKB.sys;c:\windows\SYSNATIVE\drivers\GameKB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TSVAD_PCM;Wirecast Virtual Microphone Driver;c:\windows\system32\drivers\tsvadpcm.sys;c:\windows\SYSNATIVE\drivers\tsvadpcm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\CAM\CAM\CAM\CAM_Client.sys;c:\program files (x86)\CAM\CAM\CAM\CAM_Client.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 D7Service;D7 Service;e:\d7\d7.exe;e:\d7\d7.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0114.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0114.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 20:01	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-13 09:34]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 00:43]
.
2014-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24 00:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-17 2465088]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-17 2800296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*RestoreAutoChk"="chkntfs" [X]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2xzuyetn2y1l1qzuydtdyeycyd0d0btc0atayctctctc0fybtn0d0tzu0szzydybtn1l2xzutbtftbtdtfyctftdtn1l1czutcyetdtatdyd1v1ttn1l1g1b1v1n2y1l1qzu2stayc0cyc0f0d0ezztg0czztb0dtgtb0ctczztgydtbtb0etgycta0fycyctbtbyczz0fyeyb2qtn1m1f1b2z1v1n2y1l1qzu2sye0b0c0c0e0f0dtctgyc0aybtctg0e0c0byetgtczyyezytgyd0f0ftdye0b0f0fye0d0ctb2q&cr=1591304546&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Clownfish - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,ce,b3,75,14,98,bf,4b,a2,54,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,ce,b3,75,14,98,bf,4b,a2,54,22,\
.
[HKEY_USERS\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b0,3d,5f,30,b0,25,7b,17,2b,cd,5b,37,ed,3d,fe,8f,20,cb,f1,c6,9f,a1,a8,
   ae,e4,01,7b,5d,49,53,e8,4d,45,4c,0d,8c,73,23,04,c2,d1,9f,d6,89,a2,f5,ad,f2,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\SecuROM\License information*]
"datasecu"=hex:2f,31,70,2d,af,b4,a7,74,c0,90,a6,bb,76,3f,7e,1b,07,fb,a1,59,9d,
   da,de,01,1a,e9,d1,aa,f0,58,5e,75,a1,01,38,0d,4b,04,6c,32,42,c3,57,6b,af,2a,\
"rkeysecu"=hex:f7,f3,14,e3,94,10,1f,dd,95,84,a3,f5,9f,ad,94,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-26  09:51:07
ComboFix-quarantined-files.txt  2014-11-26 09:51
.
Pre-Run: 360,791,318,528 bytes free
Post-Run: 361,232,666,624 bytes free
.
- - End Of File - - 22A2398BC8B242094CB6E6C2C111235F
A36C5E4F47E84449FF07ED3517B43A31


  • 0

#8
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, thanks for the logs.

Firstly:
 

noentry32.png P2P WARNING!

It appears that there is at least one Peer to Peer(P2P) program on your computer:

uTorrent

Whilst some P2P programs themselves may be harmless, we at GeeksToGo do not recommend their use due to the extremely high likelyhood of obtaining an infection from files that have been downloaded. This may range from annoying adware to malicious trojans stealing your passwords and other personal information.

There is also the risk of inadvertently sharing information that wasn't intended due to incorrectly configured software.

It is highly likely that this is the source of the issue that brought you here today. And if not, probably what will bring you back at a later date.

Here are some useful links regarding the dangers of P2P software.

Step 1

FRST Fix

If FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   2.31KB   98 downloads and save it to your desktop <<< very important - it must be in the same location as FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Step 2

jrt.pngJunkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

adwcleaner.pngAdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Items I need to see in your next post:

  • FRST Fixlog
  • JRT Log
  • ADWcleaner Scan Only log

  • 0

#9
JoeBenyon

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Here are the logs :)

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Joey on 04/12/2014 at 16:02:45.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Browsee2save
Successfully deleted: [Folder] C:\ProgramData\SoftSafe
Successfully deleted: [Folder] "C:\Users\Joey\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Joey\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Joey\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Joey\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/12/2014 at 16:06:11.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Joey at 2014-12-04 15:37:46 Run:1
Running from C:\Users\Joey\Documents\dumps
Loaded Profile: Joey (Available profiles: Joey)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
start
closeprocesses:
emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {C0BFD167-FAD9-477C-A6AE-A7424F71D686} URL =
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> {C0BFD167-FAD9-477C-A6AE-A7424F71D686} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN21750495851226563&UM=2&SSPV=TB_T2
Toolbar: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S0 ctbhpnq; System32\drivers\kwijvpf.sys [X]
2014-11-30 12:33 - 2013-10-18 19:45 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Search Protection
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\...\Run: [Clownfish] =>
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> {8D7BB901-9EAA-4C2F-AD9B-F809F8A00828} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=
FF Plugin HKU\S-1-5-21-2828569535-3307695315-1286302524-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll No File
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
c:\windows\SYSNATIVE\EasyAntiCheat.exe
c:\windows\system32\EasyAntiCheat.exe
2014-11-25 12:53 - 2014-11-25 12:53 - 00000000 ____D () C:\6b3ce2e579a6fa3fdbdb5d2e
end
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0BFD167-FAD9-477C-A6AE-A7424F71D686}" => Key deleted successfully.
"HKCR\CLSID\{C0BFD167-FAD9-477C-A6AE-A7424F71D686}" => Key not found.
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
ctbhpnq => Service deleted successfully.
C:\Users\Joey\AppData\Roaming\Search Protection => Moved successfully.
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => value deleted successfully.
"HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8D7BB901-9EAA-4C2F-AD9B-F809F8A00828}" => Key deleted successfully.
"HKCR\CLSID\{8D7BB901-9EAA-4C2F-AD9B-F809F8A00828}" => Key not found.
"HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll not found.
EasyAntiCheat => Service deleted successfully.
"c:\windows\SYSNATIVE\EasyAntiCheat.exe" => File/Directory not found.
"c:\windows\system32\EasyAntiCheat.exe" => File/Directory not found.
C:\6b3ce2e579a6fa3fdbdb5d2e => Moved successfully.
EmptyTemp: => Removed 628.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

AdwCleaner

# AdwCleaner v4.103 - Report created 04/12/2014 at 16:09:43
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joey - JOEY-PC
# Running from : C:\Users\Joey\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Joey\AppData\Local\CrashRpt
Folder Found : C:\Users\Joey\AppData\Local\Mail.Ru
Folder Found : C:\Users\Joey\AppData\Roaming\NCdownloader

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v39.0.2171.71

[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg_14_19_ch&cd=2XzuyEtN2Y1L1QzuyDtDyEyCyD0D0BtC0AtAyCtCtCtC0FyBtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyC0CyC0F0D0EzztG0CzztB0DtGtB0CtCzztGyDtBtB0EtGyCtA0FyCyCtBtByCzz0FyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0B0C0C0E0F0DtCtGyC0AyBtCtG0E0C0ByEtGtCzyyEzytGyD0F0FtDyE0B0F0FyE0D0CtB2Q&cr=1591304546&ir=

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [2602 octets] - [04/12/2014 16:09:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2662 octets] ##########

  • 0

#10
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. Can I remind you, please just clean paste the contents of the logs in the thread, any formatting or tags makes it more awkward for us. Thanks.

Ok, lets let adwcleaner finish up and take a look at the services on your computer and get a fresh scan to see what is going on right now.

Step 1

adwcleaner.pngRe-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step 2

Farbar Service Scanner


Please download Farbar Service Scanner and save it to your Desktop.

  • RIght click FSS.exe and select Run As Administrator.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3

Supplemental FRST Scan
Please run FRST/FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click frst.png to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Items I need to see in your next post:

  • ADWcleaner Clean log
  • Farbar Service Scanner report
  • Fresh FRST log
  • How is it behaving now?

  • 1

Advertisements


#11
JoeBenyon

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Adware cleaner

 

# AdwCleaner v4.103 - Report created 05/12/2014 at 17:51:11
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joey - JOEY-PC
# Running from : C:\Users\Joey\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Joey\AppData\Local\Mail.Ru
Folder Deleted : C:\Users\Joey\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Joey\AppData\Roaming\NCdownloader
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\systweak
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v39.0.2171.71
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [2758 octets] - [04/12/2014 16:09:43]
AdwCleaner[R1].txt - [2175 octets] - [05/12/2014 17:48:50]
AdwCleaner[S0].txt - [2136 octets] - [05/12/2014 17:51:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2196 octets] ##########
 
 
 
 
FSS
 
Farbar Service Scanner Version: 21-07-2014
Ran by Joey (administrator) on 05-12-2014 at 17:59:11
Running from "C:\Users\Joey\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Joey (administrator) on JOEY-PC on 05-12-2014 18:00:31
Running from C:\Users\Joey\Documents\dumps
Loaded Profile: Joey (Available profiles: Joey)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Joey\Desktop\FSS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.1.0.24\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2828569535-3307695315-1286302524-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchURL = http://home.microsof...search.asp?p=%s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn...st/srchcust.htm
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-2828569535-3307695315-1286302524-1002 -> {1A4AA1F9-B855-4D77-93B1-E58948DEC367} URL = http://uk.search.yah...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2828569535-3307695315-1286302524-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-07-07]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2014-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2014-12-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Heroes & Generals) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-05-10]
CHR Extension: (AdBlock) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\Exts\Chrome.crx [2014-11-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [202752 2010-05-20] (AMD) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-28] () [File not signed]
S4 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [122584 2014-11-11] (altPUG LLC)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1570208 2013-11-29] (Echobit LLC)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe [143928 2012-08-19] (Symantec Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-13] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-17] ()
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6368256 2010-05-20] (ATI Technologies Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [188416 2010-05-20] (Advanced Micro Devices, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-05-20] (ATI Technologies, Inc.) [File not signed]
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [1385120 2012-08-11] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1401000.018\ccSetx64.sys [168096 2012-08-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-29] (Symantec Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-07-13] (Echobit, LLC)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-01-11] (REALiX™)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20141128.001\IDSvia64.sys [637656 2014-11-28] (Symantec Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141128.018\ENG64.SYS [129752 2014-11-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20141128.018\EX64.SYS [2137304 2014-11-29] (Symantec Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0114.sys [28768 2013-10-28] (SoftEther Project at University of Tsukuba, Japan.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
S3 SRTSP; C:\Windows\system32\drivers\N360x64\1401000.018\SRTSP64.SYS [776352 2012-08-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1401000.018\SRTSPX64.SYS [37496 2012-05-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1401000.018\SYMDS64.SYS [493216 2012-07-28] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1401000.018\SYMEFA64.SYS [1132192 2012-08-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-11-29] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1401000.018\Ironx64.SYS [224416 2012-07-28] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1401000.018\SYMNETS.SYS [432800 2012-07-23] (Symantec Corporation)
S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [33552 2012-08-22] (Windows ® Win 7 DDK provider)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Joey\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ESEADriver2; \??\C:\Users\Joey\AppData\Local\Temp\ESEADriver2.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\CAM\CAM\CAM\CAM_Client.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-05 17:59 - 2014-12-05 17:59 - 00002232 _____ () C:\Users\Joey\Desktop\FSS.txt
2014-12-05 17:58 - 2014-12-05 17:58 - 00415232 _____ (Farbar) C:\Users\Joey\Downloads\FSS.exe
2014-12-05 17:58 - 2014-12-05 17:58 - 00415232 _____ (Farbar) C:\Users\Joey\Desktop\FSS.exe
2014-12-05 17:55 - 2014-12-05 17:55 - 00002288 _____ () C:\Users\Joey\Desktop\AdwCleaner[S0].txt
2014-12-04 16:09 - 2014-12-05 17:51 - 00000000 ____D () C:\AdwCleaner
2014-12-04 16:08 - 2014-12-04 16:08 - 02154496 _____ () C:\Users\Joey\Downloads\AdwCleaner.exe
2014-12-04 16:08 - 2014-12-04 16:08 - 02154496 _____ () C:\Users\Joey\Desktop\AdwCleaner.exe
2014-12-04 16:06 - 2014-12-04 16:06 - 00002275 _____ () C:\Users\Joey\Desktop\JRT.txt
2014-12-04 16:02 - 2014-12-04 16:02 - 00000000 ____D () C:\Windows\ERUNT
2014-12-04 16:02 - 2014-12-04 16:01 - 01707646 _____ (Thisisu) C:\Users\Joey\Desktop\JRT.exe
2014-12-04 16:01 - 2014-12-04 16:01 - 01707646 _____ (Thisisu) C:\Users\Joey\Downloads\JRT.exe
2014-12-04 15:36 - 2014-12-04 15:36 - 00002368 _____ () C:\Users\Joey\Downloads\fixlist.txt
2014-12-01 16:36 - 2014-12-05 18:00 - 00000000 ____D () C:\FRST
2014-12-01 16:35 - 2014-12-01 16:35 - 02117120 _____ (Farbar) C:\Users\Joey\Downloads\FRST64.exe
2014-11-30 21:49 - 2014-11-30 21:49 - 00262144 ____N () C:\Windows\Minidump\113014-26473-01.dmp
2014-11-30 15:33 - 2014-11-30 15:33 - 00001011 _____ () C:\Users\Joey\Desktop\SpeedFan.lnk
2014-11-30 15:33 - 2014-11-30 15:33 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-11-30 15:33 - 2014-11-30 15:33 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-11-30 15:33 - 2014-11-30 15:33 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-30 15:33 - 2014-11-30 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-30 15:33 - 2002-01-01 18:47 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-11-30 15:32 - 2014-11-30 15:32 - 02174848 _____ () C:\Users\Joey\Downloads\instsf450.exe
2014-11-30 15:25 - 2014-11-30 15:25 - 01141408 _____ ( ) C:\Users\Joey\Downloads\hwmonitor_1.25-setup.exe
2014-11-30 15:25 - 2014-11-30 15:25 - 00798040 _____ ( ) C:\Users\Joey\Downloads\instsf450_inst.exe
2014-11-30 15:20 - 2014-11-30 15:20 - 00262144 ____N () C:\Windows\Minidump\113014-48204-01.dmp
2014-11-30 14:30 - 2014-11-30 14:30 - 00262144 ____N () C:\Windows\Minidump\113014-23836-01.dmp
2014-11-30 13:23 - 2014-12-05 18:00 - 00000000 ____D () C:\Users\Joey\Documents\dumps
2014-11-30 12:31 - 2014-11-30 12:31 - 00007613 _____ () C:\malwareresult.txt
2014-11-30 12:11 - 2014-11-30 13:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 12:11 - 2014-11-30 12:11 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Joey\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-30 12:11 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 12:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-30 12:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-30 11:59 - 2014-11-30 11:59 - 00262144 ____N () C:\Windows\Minidump\113014-52431-01.dmp
2014-11-29 23:42 - 2013-06-16 12:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-29 23:42 - 2013-06-16 12:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-29 23:42 - 2013-05-14 19:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-29 23:42 - 2013-05-14 19:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-29 23:42 - 2013-05-14 19:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-29 23:42 - 2013-01-29 08:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-29 23:25 - 2014-11-29 23:25 - 00850109 _____ () C:\Users\Joey\Downloads\M5A78L-M-USB3-ASUS-2001.zip
2014-11-29 19:48 - 2014-12-05 17:52 - 00007436 _____ () C:\Windows\PFRO.log
2014-11-29 19:36 - 2014-11-29 19:37 - 00000000 ____D () C:\NPE
2014-11-29 19:31 - 2014-11-29 19:57 - 00000000 ____D () C:\Users\Joey\AppData\Local\NPE
2014-11-29 19:30 - 2014-11-29 19:30 - 00262144 ____N () C:\Windows\Minidump\112914-28813-01.dmp
2014-11-29 19:29 - 2014-12-05 17:59 - 00172277 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 19:29 - 2014-11-29 19:30 - 03060320 ____N (Symantec Corporation) C:\Users\Joey\Downloads\NPE.exe
2014-11-29 19:26 - 2014-11-29 19:26 - 00262144 ____N () C:\Windows\Minidump\112914-41870-01.dmp
2014-11-29 19:25 - 2014-12-05 17:53 - 00004229 _____ () C:\Windows\setupact.log
2014-11-29 19:25 - 2014-11-29 19:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-29 18:37 - 2014-11-29 18:37 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-11-29 18:35 - 2014-11-29 18:35 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-29 18:28 - 2014-11-29 18:28 - 00177312 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-11-29 18:28 - 2014-11-29 18:28 - 00007466 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-11-29 18:28 - 2014-11-29 18:28 - 00000000 ____D () C:\Program Files\Symantec
2014-11-29 18:28 - 2014-11-29 18:28 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-29 18:26 - 2014-11-29 18:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-11-29 18:26 - 2014-11-29 18:26 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-11-29 18:26 - 2014-11-29 18:26 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-11-29 18:12 - 2014-11-29 18:12 - 00000000 ____D () C:\8836e1e23024d4b6e1
2014-11-29 17:42 - 2014-11-29 23:42 - 00000000 ____D () C:\Users\Joey\AppData\Local\NVIDIA Corporation
2014-11-29 17:41 - 2014-11-29 18:06 - 00000000 ____D () C:\Users\Joey\AppData\Local\NVIDIA
2014-11-27 10:33 - 2014-11-27 10:33 - 00001351 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-11-27 10:32 - 2014-11-27 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-27 10:32 - 2014-11-27 10:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-27 10:31 - 2014-11-30 15:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-27 10:31 - 2014-11-30 15:40 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-27 10:29 - 2014-11-30 15:40 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-26 10:27 - 2014-11-26 10:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2014-11-26 10:27 - 2014-11-26 10:27 - 00000000 ____D () C:\Program Files (x86)\Geeks3D
2014-11-26 09:51 - 2014-11-26 09:51 - 00026872 _____ () C:\ComboFix.txt
2014-11-26 09:36 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-26 09:36 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-26 09:36 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-26 09:36 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-26 09:35 - 2014-11-26 09:51 - 00000000 ____D () C:\Qoobox
2014-11-26 09:35 - 2014-11-26 09:51 - 00000000 ____D () C:\ComboFix
2014-11-26 09:35 - 2014-11-26 09:49 - 00000000 ____D () C:\Windows\erdnt
2014-11-25 12:13 - 2014-11-25 12:13 - 00262144 ____H () C:\Windows\DUMP739c.DMP
2014-11-25 12:10 - 2014-11-25 12:10 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
2014-11-25 12:10 - 2014-11-25 12:10 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
2014-11-25 11:38 - 2014-11-25 11:42 - 308364224 _____ (NVIDIA Corporation) C:\Users\Joey\Downloads\344.75-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-11-25 10:57 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-25 10:57 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-25 10:57 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-25 10:57 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-25 10:57 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-25 10:56 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-25 10:56 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-25 10:56 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-25 10:56 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-25 10:56 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-25 10:56 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-25 10:56 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-25 10:56 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-25 10:56 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-25 10:56 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-25 10:56 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-25 10:56 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-25 10:56 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-25 10:56 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-25 10:56 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-25 10:56 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-25 10:56 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-25 10:56 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-25 10:56 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-25 10:56 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-25 10:56 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-25 10:56 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-25 10:56 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-25 10:56 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-25 10:56 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-25 10:56 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-25 10:56 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-25 10:56 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-25 10:56 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-25 10:56 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-25 10:56 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-25 10:56 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-25 10:56 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-25 10:56 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-25 10:56 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-25 10:56 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-25 10:56 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-25 10:56 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-25 10:56 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-25 10:56 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-25 10:56 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-25 10:56 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-25 10:56 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-25 10:56 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-25 10:56 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-25 10:56 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-25 10:56 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-25 10:56 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-25 10:56 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-25 10:56 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-25 10:56 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-25 10:56 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-25 10:56 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-25 10:56 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-25 10:56 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-25 10:56 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-25 10:55 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-25 10:55 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-25 10:51 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-25 10:51 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-25 10:51 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-25 10:51 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-25 10:51 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-25 10:51 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-25 10:50 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-25 10:50 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-25 10:50 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 10:50 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-25 10:50 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-25 10:50 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-25 10:50 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-25 10:50 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-25 10:50 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-25 10:50 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-25 10:50 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-25 10:50 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-25 10:50 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-25 10:49 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-25 10:49 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-25 10:47 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-25 10:47 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-25 10:47 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-25 10:47 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-25 10:47 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:54 - 2014-11-11 19:54 - 00000000 ____D () C:\ProgramData\NuGet
2014-11-11 19:54 - 2014-11-11 19:54 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-11-11 19:33 - 2014-11-11 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-11-11 19:20 - 2014-11-11 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2014-11-11 19:10 - 2014-11-11 19:10 - 01158344 _____ (Microsoft Corporation) C:\Users\Joey\Downloads\wdexpress_full (2).exe
2014-11-08 17:23 - 2014-11-08 17:23 - 00000221 _____ () C:\Users\Joey\Desktop\Metro 2033.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-05 17:54 - 2013-02-24 00:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 17:53 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 17:51 - 2013-06-20 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-05 17:40 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 17:40 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 21:49 - 2013-08-24 00:02 - 00000000 ____D () C:\Windows\Minidump
2014-11-30 21:48 - 2013-02-13 16:05 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\.minecraft
2014-11-30 21:18 - 2013-02-24 00:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 20:34 - 2013-02-13 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 19:17 - 2013-03-13 17:11 - 00000000 ____D () C:\Users\Joey\AppData\Local\Adobe
2014-11-30 15:40 - 2013-02-07 15:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-30 15:33 - 2014-02-26 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-11-30 15:33 - 2014-02-26 16:17 - 00000000 ____D () C:\Program Files\CPUID
2014-11-30 15:32 - 2014-10-28 18:40 - 00003022 _____ () C:\Windows\System32\Tasks\RTSS
2014-11-30 15:22 - 2009-07-14 05:13 - 00799454 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 14:25 - 2013-02-12 21:20 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-30 12:52 - 2014-06-29 12:05 - 00000000 ____D () C:\Users\Joey\AppData\Local\LogMeIn Hamachi
2014-11-30 12:33 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help
2014-11-30 00:01 - 2013-02-13 15:48 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Skype
2014-11-29 23:57 - 2013-02-13 15:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-29 19:32 - 2013-02-13 15:49 - 00000000 ____D () C:\ProgramData\Norton
2014-11-29 19:13 - 2013-02-19 17:51 - 00000000 ____D () C:\Users\Joey\AppData\Local\CrashDumps
2014-11-29 18:47 - 2013-05-05 15:55 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-29 18:18 - 2013-02-12 10:43 - 00000000 ____D () C:\Users\Joey
2014-11-26 11:07 - 2013-02-24 00:45 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-26 10:34 - 2013-02-13 20:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 10:34 - 2013-02-13 20:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 10:34 - 2013-02-13 20:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 09:48 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-25 12:39 - 2014-05-27 14:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-25 12:15 - 2009-07-14 04:45 - 05054992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-25 12:11 - 2013-07-09 20:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-25 12:05 - 2013-08-14 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-25 12:01 - 2013-02-24 00:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-25 12:01 - 2013-02-24 00:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-25 12:01 - 2012-10-12 15:32 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-25 11:43 - 2013-08-04 00:19 - 00000000 ____D () C:\Users\Joey\AppData\Local\Windows Live
2014-11-25 11:32 - 2014-03-03 20:16 - 00000000 ____D () C:\temp
2014-11-24 14:04 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-24 12:20 - 2013-11-04 20:14 - 00007604 _____ () C:\Users\Joey\AppData\Local\Resmon.ResmonCfg
2014-11-11 22:52 - 2013-12-07 14:51 - 00000000 ____D () C:\Users\Joey\AppData\Local\Battle.net
2014-11-11 20:14 - 2013-08-09 13:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2014-11-11 20:08 - 2013-08-09 12:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-11-11 20:06 - 2013-08-09 12:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-11-11 20:05 - 2013-08-09 15:23 - 00000000 ____D () C:\Program Files\IIS Express
2014-11-11 20:05 - 2013-08-09 15:23 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-11-11 19:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-11 19:27 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-11 19:07 - 2013-03-27 13:44 - 00000000 ____D () C:\Users\Joey\Desktop\TechnicalWhizz
2014-11-09 19:34 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-08 17:23 - 2014-03-04 18:05 - 00000000 ____D () C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-08 00:47 - 2013-04-10 20:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-08 00:47 - 2013-02-13 15:48 - 00000000 ____D () C:\ProgramData\Skype
2014-11-07 19:24 - 2014-06-09 14:41 - 00000000 ____D () C:\Users\Joey\Documents\ArcheAge
 
Files to move or delete:
====================
C:\Users\Joey\jagex_cl_oldschool_LIVE.dat
C:\Users\Joey\jagex_cl_runescape_LIVE.dat
C:\Users\Joey\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Joey\AppData\Local\Temp\Quarantine.exe
C:\Users\Joey\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 13:11
 
==================== End Of Log ============================
 
 
As for behavior, after the Adware Cleaner reboot I have been able to Boot in Normal mode and haven't restarted at the time of posting these logs, I will keep my PC running to see if anything happens.
 
**Edit** After running for roughly 30 minutes I tried to launch Minecraft (Java Game/App) and I got the problem where my monitor says no signal and the PC will only turn off at the PSU. I then rebooted my PC still in normal mode and after roughly 5 minutes windows froze, I could still move the mouse but I couldn't click anything or Ctrl Alt Delete.

Edited by JoeBenyon, 05 December 2014 - 12:50 PM.

  • 0

#12
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hi. Let's scan for remnants and see if anything is lurking.
Also I need to let you know that I will not be available on Saturday due to a wedding so will follow up on sunday.
 
Step 1
Run Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • If threats are detected, click the Apply Actions button.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Step 2
ESET Online Scanner

Please run a free online scan with the ESET Online Scanner
>


  • Click Run Eset Online Scanner
Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan. If you need instructions on how to disable it, please check out this site: http://www.bleepingc...lware-programs/

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:
eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
 
Items I need to see in your next post:
 
  • IMalwarebytes Report
  • Eset Log
 
 
 
 
  • 0

#13
JoeBenyon

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Here you go:

 

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 06/12/2014
Scan Time: 11:17:41
Logfile: mbab.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.06.05
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joey
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377095
Time Elapsed: 17 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET:
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=77e9ede678409240a752092f0c224757
# engine=21428
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-06 04:26:05
# local_time=2014-12-06 04:26:05 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 79329 170348215 0 0
# scanned=514495
# found=5
# cleaned=0
# scan_time=16413
sh=C801555640BE8E513020E3758BE4D8694D8F250F ft=1 fh=c71c00117a32833e vn="a variant of Win32/InstallCore.OK potentially unwanted application" ac=I fn="C:\Users\Joey\Downloads\FileZilla_3.8.0_win32-setup.exe"
sh=D5DB2ED8F0C6FADBD0FAD59D79DB1CC78A24C131 ft=1 fh=a22252332ffd69b4 vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\Users\Joey\Downloads\instsf450_inst.exe"
sh=33B017C763E79F17E0F0D0A215033CA92E4E81C3 ft=1 fh=766597e0024fcdbd vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Joey\Downloads\spsetup124.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"

  • 0

#14
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. All looking good so far, just a couple of items to remove.
Any further problems?

Step 1

FRST Fix

If FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   235bytes   71 downloadsand save it to your desktop <<< very important - it must be in the same location as FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Step 2
51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

Items for next post

  • Fixlog
  • checkup.txt
  • how is your computer?

  • 0

#15
JoeBenyon

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02

Ran by Joey at 2014-12-08 18:25:37 Run:2
Running from C:\Users\Joey\Documents\dumps
Loaded Profile: Joey (Available profiles: Joey)
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
 
 
start
HKLM-x32\...\Run: [] => [X]
2014-11-29 18:12 - 2014-11-29 18:12 - 00000000 ____D () C:\8836e1e23024d4b6e1
C:\Users\Joey\Downloads\FileZilla_3.8.0_win32-setup.exe
C:\Users\Joey\Downloads\instsf450_inst.exe
emptytemp:
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\8836e1e23024d4b6e1 => Moved successfully.
C:\Users\Joey\Downloads\FileZilla_3.8.0_win32-setup.exe => Moved successfully.
C:\Users\Joey\Downloads\instsf450_inst.exe => Moved successfully.
EmptyTemp: => Removed 44.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
checkup.txt
 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Security with Backup   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 71  
 Java SE Development Kit 7 Update 71 
 Visual Studio Extensions for Windows Library for JavaScript 
 Adobe Flash Player 15.0.0.239  
 Google Chrome 38.0.2125.111 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 
 
I still find it very difficult to boot into normal mode, it takes a few attempts. I managed to stay booted long enough to do Step 2 and post this however.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP