[coleheideman]

So I have been getting a confusing pop up recently, and I am worried that it is some kind of virus. The pop up looks like an installation window, but it isn't prompted by anything I click to run. 

It says something about how the program is installing and to wait a moment, and there is a blue circle animation. It's very generic looking and that's what aroused my suspicion. I can close it via the red x, which I was doing recently every time it popped up but it doesn't seem to make any difference. If I leave it it finishes whatever it is doing and then nothing happens. I think it has opened my web browser maybe two or three times, but i can't be certain. I'll try and screen cap it and upload a picture of the window if that would be helpful.

 

I have webroot antivirus and the free trial of malwarebytes and I have run both, they haven't solved the problem. 

I have tried to run task manager when the pop up comes up and it never opens while the pop up is open. That seemed suspicious to me as well, but it could be because the pop up seems to open particularly when I open the laptop from being in standby or when I reboot the laptop. 

 

I could also potentially have other viruses I don't know about, so I am just curious if I could get any guidance on the issue. 

I am particularly worried that I accidentally installed something malicious and gave it permission to do whatever it is doing. 

 

Thanks! - Cole.

[Advertisements]

Hello, coleheideman. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

• Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
• If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
• Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
• You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
• Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
• The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
• I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
• Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
• Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
• Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
• Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started

 
FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop:

• Click here to download 32-bit version
• Click here to download 64-bit version

If you don't know which one you should choose, just try one of them. If it doesn't work, download the other one and then try again. Once you're done:

• Right click FRST64.exe (or FRST.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
• Make sure that Addition.txt is checked and press the Scan button.
• It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
• Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

 
Things that should appear in your next post:

• FRST.txt log content
• Addition.txt log content

[Nevan]

Hello, coleheideman. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

• Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
• If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
• Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
• You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
• Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
• The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
• I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
• Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
• Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
• Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
• Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started

 
FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop:

• Click here to download 32-bit version
• Click here to download 64-bit version

If you don't know which one you should choose, just try one of them. If it doesn't work, download the other one and then try again. Once you're done:

• Right click FRST64.exe (or FRST.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
• Make sure that Addition.txt is checked and press the Scan button.
• It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
• Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

 
Things that should appear in your next post:

• FRST.txt log content
• Addition.txt log content

[Nevan]

Oh, and also, please attach a screenshot of that popup that pops up

[coleheideman]

Alright I am going to do all that tonight if the program you asked me to download is not very big- I am on cellular data. 

 

One question though, as far as backing things up goes, if I am infected what is to stop the infection from going to my flash drive as well, and then when I am all clean my flash drive reinfecting my computer? 

[coleheideman]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015

Ran by Owner (administrator) on SAMSUNG on 04-01-2015 22:50:50

Running from C:\Users\Owner\Desktop

Loaded Profile: Owner (Available profiles: Owner)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Windows\System32\Locator.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

() C:\Program Files (x86)\Samsung\Side Sync\adb.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe

() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe

(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe

(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-06] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [770728 2014-12-10] (Webroot)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoViewOnDrive] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

HKLM\...\Policies\Explorer: [NoShellSearchButton] 0

HKLM\...\Policies\Explorer: [NoFind] 0

HKLM\...\Policies\Explorer: [NoFile] 0

HKLM\...\Policies\Explorer: [HideClock] 0

HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0

HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKLM\...\Policies\Explorer: [NoSetFolders] 0

HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKLM\...\Policies\Explorer: [NoSetTaskbar] 0

HKLM\...\Policies\Explorer: [NoDeletePrinter] 0

HKLM\...\Policies\Explorer: [NoDFSTab] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKLM\...\Policies\Explorer: [NoLogoff] 0

HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0

HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0

HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKLM\...\Policies\Explorer: [NoResolveSearch] 0

HKLM\...\Policies\Explorer: [NoSaveSettings] 0

HKLM\...\Policies\Explorer: [NoHardwareTab] 0

HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKLM\...\Policies\Explorer: [NoDesktop] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-09] (Adobe Systems Incorporated)

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk

ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk

ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {EA04D7BC-4759-4ED2-940F-EC79668CC447} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()

ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {EA04D7BC-4759-4ED2-940F-EC79668CC447} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyServer: [S-1-5-21-3345471694-2689826623-465696368-1001] => 192.168.173.111:8080

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com

SearchScopes: HKU\S-1-5-21-3345471694-2689826623-465696368-1001 -> DefaultScope {EF320E4E-B48A-4407-8B14-9C26DE49E08B} URL = 

SearchScopes: HKU\S-1-5-21-3345471694-2689826623-465696368-1001 -> {EF320E4E-B48A-4407-8B14-9C26DE49E08B} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File

BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File

BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File

Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.137.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3345471694-2689826623-465696368-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKU\S-1-5-21-3345471694-2689826623-465696368-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-3345471694-2689826623-465696368-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

 

Chrome: 

=======

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-04-29]

CHR Extension: (Webroot Filtering Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-01-30]

CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-20]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]

CHR Extension: (Webroot Password Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-10-24]

CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2013-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-04] (BitRaider, LLC)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)

R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-04-22] (Samsung Electronics CO., LTD.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1580448 2014-12-08] (Echobit LLC)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-11-19] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [770728 2014-12-10] (Webroot)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-13] (Advanced Micro Devices, Inc.)

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-05-05] (BitRaider)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)

R3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2014-10-26] (Echobit, LLC)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)

R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)

R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-12-29] (Webroot)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)

R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)

S3 SBIOSIO; \??\C:\Users\Owner\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-04 22:50 - 2015-01-04 22:51 - 00029524 _____ () C:\Users\Owner\Desktop\FRST.txt

2015-01-04 22:43 - 2015-01-04 22:50 - 00000000 ____D () C:\FRST

2015-01-04 22:43 - 2015-01-04 22:43 - 02123776 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2014-12-28 15:05 - 2014-12-28 15:05 - 00000000 ____D () C:\Users\Owner\Documents\Paradox Interactive

2014-12-28 15:02 - 2014-12-28 15:02 - 00353413 _____ () C:\Users\Owner\Desktop\Think riots have never caused change in America  Think again   Al Jazeera America.html

2014-12-28 15:02 - 2014-12-28 15:02 - 00000000 ____D () C:\Users\Owner\Desktop\Think riots have never caused change in America  Think again   Al Jazeera America_files

2014-12-28 15:00 - 2014-12-28 15:00 - 00029843 _____ () C:\Users\Owner\Desktop\glbtq    social sciences    Stonewall Riots.html

2014-12-28 15:00 - 2014-12-28 15:00 - 00000000 ____D () C:\Users\Owner\Desktop\glbtq    social sciences    Stonewall Riots_files

2014-12-28 14:59 - 2014-12-28 14:59 - 00053170 _____ () C:\Users\Owner\Desktop\The Stonewall Riots – 1969   Socialist Alternative.html

2014-12-28 14:59 - 2014-12-28 14:59 - 00028894 _____ () C:\Users\Owner\Desktop\Situationist International Online.html

2014-12-28 14:59 - 2014-12-28 14:59 - 00000000 ____D () C:\Users\Owner\Desktop\The Stonewall Riots – 1969   Socialist Alternative_files

2014-12-28 14:59 - 2014-12-28 14:59 - 00000000 ____D () C:\Users\Owner\Desktop\Situationist International Online_files

2014-12-28 14:58 - 2014-12-28 14:58 - 00183703 _____ () C:\Users\Owner\Desktop\Watts Riots - Wikipedia, the free encyclopedia.html

2014-12-28 14:58 - 2014-12-28 14:58 - 00020189 _____ () C:\Users\Owner\Desktop\The Thin Blue Line Is a Burning Fuse   CrimethInc. Ex-Workers' Collective.html

2014-12-28 14:58 - 2014-12-28 14:58 - 00000000 ____D () C:\Users\Owner\Desktop\Watts Riots - Wikipedia, the free encyclopedia_files

2014-12-28 14:58 - 2014-12-28 14:58 - 00000000 ____D () C:\Users\Owner\Desktop\The Thin Blue Line Is a Burning Fuse   CrimethInc. Ex-Workers' Collective_files

2014-12-28 14:57 - 2014-12-28 14:57 - 00070792 _____ () C:\Users\Owner\Desktop\Watts Riot 1965.html

2014-12-28 14:57 - 2014-12-28 14:57 - 00027954 _____ () C:\Users\Owner\Desktop\A Journey Into the Mind of Watts.html

2014-12-28 14:57 - 2014-12-28 14:57 - 00000000 ____D () C:\Users\Owner\Desktop\Watts Riot 1965_files

2014-12-27 20:46 - 2015-01-04 20:45 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-12-27 20:45 - 2014-12-27 20:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-27 20:45 - 2014-12-27 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-27 20:45 - 2014-12-27 20:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-27 20:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-12-27 20:45 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-12-27 20:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-12-23 23:52 - 2014-12-23 23:52 - 00000000 ____D () C:\WINDOWS\pss

2014-12-23 22:26 - 2014-12-23 22:26 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-12-23 22:26 - 2014-12-23 22:26 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-12-23 22:26 - 2014-12-23 22:26 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-12-23 22:26 - 2014-12-23 22:26 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-12-23 22:26 - 2014-12-23 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-12-23 22:26 - 2014-12-23 22:26 - 00000000 ____D () C:\Program Files (x86)\Java

2014-12-23 22:08 - 2014-12-23 22:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox

2014-12-23 22:08 - 2014-12-23 22:10 - 00000000 ____D () C:\WINDOWS\system32\vbox

2014-12-23 22:03 - 2014-12-30 17:38 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-12-23 22:03 - 2014-12-23 22:03 - 05006864 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe

2014-12-23 20:43 - 2014-12-23 20:43 - 00000000 __SHD () C:\ProgramData\DSS

2014-12-21 20:20 - 2014-12-21 20:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\PixelPiracy

2014-12-17 21:30 - 2014-12-17 21:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.StarMade

2014-12-15 19:37 - 2014-12-15 19:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\Risk_of_Rain

2014-12-15 19:09 - 2014-12-15 19:09 - 00002059 _____ () C:\Users\Owner\Downloads\Re_ Course Evaluation for credit- Cole Heideman.txt

2014-12-11 15:26 - 2014-12-11 15:26 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-12-11 15:26 - 2014-12-11 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-12-11 15:25 - 2014-12-11 15:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2014-12-11 15:25 - 2014-12-11 15:26 - 00000000 ____D () C:\Program Files\iTunes

2014-12-11 15:25 - 2014-12-11 15:25 - 00000000 ____D () C:\Program Files\iPod

2014-12-08 15:15 - 2014-12-08 15:15 - 00000000 ____H () C:\Users\Owner\Documents\~WRL1816.tmp

2014-12-07 20:36 - 2014-12-07 20:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\PackageStaging

2014-12-07 16:15 - 2014-12-20 01:16 - 00000000 ___RD () C:\Users\Owner\Dropbox

2014-12-07 16:15 - 2014-12-16 14:26 - 00001029 _____ () C:\Users\Owner\Desktop\Dropbox.lnk

2014-12-07 16:14 - 2014-12-16 14:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-12-07 16:11 - 2014-12-16 14:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox

2014-12-07 16:11 - 2014-12-07 16:11 - 00323712 _____ (Dropbox, Inc.) C:\Users\Owner\Downloads\DropboxInstaller.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-04 22:45 - 2014-07-28 14:09 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-01-04 22:43 - 2013-07-14 18:12 - 00000000 ____D () C:\ProgramData\WRData

2015-01-04 22:36 - 2013-07-22 16:50 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4A842D78-3327-4ADC-BC16-A9E4262A1E24}

2015-01-04 22:18 - 2013-10-24 16:27 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-04 22:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-04 22:00 - 2014-03-03 00:01 - 01264447 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-04 21:51 - 2013-11-07 15:46 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3345471694-2689826623-465696368-1001UA.job

2015-01-04 20:18 - 2013-10-24 16:27 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-04 16:39 - 2013-07-17 21:07 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-04 02:00 - 2013-07-14 14:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe

2015-01-04 00:48 - 2013-05-28 20:30 - 00020150 _____ () C:\Setup.log

2015-01-02 02:02 - 2013-08-17 20:39 - 00000000 ____D () C:\Program Files (x86)\Origin

2015-01-01 23:33 - 2013-07-19 23:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\Last.fm

2015-01-01 15:51 - 2013-11-07 15:46 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3345471694-2689826623-465696368-1001Core.job

2015-01-01 13:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-12-31 17:06 - 2013-07-19 13:41 - 00000000 __RDO () C:\Users\Owner\SkyDrive

2014-12-30 18:57 - 2013-07-14 14:58 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3345471694-2689826623-465696368-1001

2014-12-30 18:03 - 2013-05-28 20:32 - 00000000 ____D () C:\ProgramData\WinClon

2014-12-30 17:44 - 2013-11-14 02:28 - 00901488 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-30 17:39 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-12-30 17:38 - 2014-11-19 21:08 - 00440030 _____ () C:\WINDOWS\PFRO.log

2014-12-30 17:38 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-12-29 23:33 - 2014-02-23 19:59 - 00153256 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll

2014-12-29 23:33 - 2014-02-23 19:59 - 00103816 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll

2014-12-29 23:33 - 2013-07-14 18:12 - 00114176 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys

2014-12-28 03:39 - 2014-05-07 19:11 - 00000000 ____D () C:\ProgramData\Zoom Player

2014-12-27 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PLA

2014-12-27 20:00 - 2014-06-19 16:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Skyrim

2014-12-27 17:49 - 2014-02-19 02:21 - 00000000 ____D () C:\Users\Owner\Documents\Universe Sandbox

2014-12-25 17:33 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-12-25 14:42 - 2014-11-19 11:39 - 00000726 _____ () C:\WINDOWS\DirectX.log

2014-12-25 10:44 - 2013-08-10 14:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Audacity

2014-12-24 22:27 - 2014-05-27 15:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\The Path

2014-12-24 03:23 - 2014-08-18 20:12 - 00000000 ____D () C:\Users\Owner\Desktop\philosophy [bleep]

2014-12-23 22:29 - 2013-10-13 21:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\Razer

2014-12-23 22:29 - 2013-10-13 21:29 - 00000000 ____D () C:\ProgramData\Razer

2014-12-23 20:42 - 2013-08-17 20:39 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-23 20:05 - 2014-09-26 15:42 - 00000000 ____D () C:\Users\Owner\Documents\My Digital Editions

2014-12-21 14:41 - 2013-09-19 00:31 - 00000000 ____D () C:\Users\Owner\Documents\Klei

2014-12-17 21:17 - 2014-01-26 15:55 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Sword of the Stars - The Pit

2014-12-15 19:18 - 2013-07-14 14:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Packages

2014-12-14 01:32 - 2014-09-26 15:05 - 00000000 ____D () C:\Users\Owner\Desktop\Bibliography [bleep]

2014-12-12 17:19 - 2013-10-24 16:28 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-11 15:26 - 2013-07-18 11:44 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-12-11 15:25 - 2014-09-28 01:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-12-11 15:25 - 2013-07-18 11:44 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-12-09 14:45 - 2014-07-28 14:09 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2014-12-08 15:27 - 2014-04-07 00:27 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\BitTorrent

2014-12-08 15:20 - 2013-08-22 09:44 - 08106800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-12-07 21:08 - 2014-12-04 18:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ScoreCloud

2014-12-07 16:15 - 2014-03-02 17:35 - 00000000 ____D () C:\Users\Owner

2014-12-06 23:20 - 2013-08-01 11:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype

 

Files to move or delete:

====================

C:\ProgramData\MakeMarkerFile.exe

C:\Users\EasySurvey\EasySurvey.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-30 17:50

 

==================== End Of Log ============================

[coleheideman]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015

Ran by Owner at 2015-01-04 22:51:32

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

3079 -- Block Action RPG (HKLM-x32\...\Steam App 259620) (Version:  - Phr00t's Software)

3089 -- Futuristic Action RPG (HKLM-x32\...\Steam App 263360) (Version:  - Phr00t's Software)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

A Virus Named TOM (HKLM-x32\...\Steam App 207650) (Version:  - Misfits Attic)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software)

AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)

Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)

Bad Mojo Redux (HKLM-x32\...\Steam App 255960) (Version:  - Pulse Entertainment)

Bass Audio Decoder (remove only) (HKLM-x32\...\Bass Audio Decoder) (Version:  - )

Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version:  - Threaks)

Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)

Beneath a Steel Sky (HKLM-x32\...\GOGPACKBENEATH_is1) (Version: 2.0.0.9 - GOG.com)

Bitcasa version 1.0.1.5005 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.0.1.5005 - Bitcasa Inc.)

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)

BitTorrent (HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)

Blockland (HKLM-x32\...\Steam App 250340) (Version:  - Eric Hartman)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)

Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)

CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)

Chronicles of Mystery: The Scorpio Ritual (HKLM-x32\...\Steam App 34800) (Version:  - City Interactive)

Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version:  - EA Los Angeles)

Critter Crunch (HKLM-x32\...\Steam App 61730) (Version:  - Capybara Games)

Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)

Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)

Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)

CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )

Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden

Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)

Deadly Sin 2 (HKLM-x32\...\Steam App 285420) (Version:  - Dancing Dragon Games)

Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)

DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )

Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)

Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)

Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dropbox (HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version:  - Gaslamp Games, Inc.)

Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)

Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)

EAX Unified (HKLM-x32\...\EAX Unified) (Version:  - )

Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Enclave (HKLM-x32\...\Steam App 253980) (Version:  - Topware)

ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)

Ethan: Meteor Hunter (HKLM-x32\...\Steam App 266330) (Version:  - Seaven Studio)

Euro Truck Simulator 2 v1.14.0.4s (18 DLC) (HKLM-x32\...\Euro Truck Simulator 2 v1.14.0.4s (18 DLC)1.14.0.4s) (Version: 1.14.0.4s - Friends in War)

Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.9 - Echobit, LLC)

Expeditions: Conquistador (HKLM-x32\...\Steam App 237430) (Version:  - Logic Artists)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)

Fallout Tactics (HKLM-x32\...\Steam App 38420) (Version:  - 14° East)

Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)

FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)

ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )

FFMPEG Core Files (remove only) (HKLM-x32\...\FFMPEG Core Files) (Version:  - )

Finding Teddy (HKLM-x32\...\Steam App 259600) (Version:  - LookAtMyGames)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)

Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Game Character Hub (HKLM-x32\...\Steam App 292230) (Version:  - Sebastien Bini)

Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - Black Forest Games)

GoldenEye: Source (HKLM-x32\...\GoldenEye Source) (Version: 4.2.4 - Team GoldenEye: Source)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

Hack, Slash, Loot (HKLM-x32\...\Steam App 207430) (Version:  - David Williamson)

Harvester (HKLM-x32\...\Steam App 287020) (Version:  - DigiFX Interactive)

Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)

Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)

How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )

Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Jets'n'Guns Gold (HKLM-x32\...\Steam App 262260) (Version:  - Rake in Grass)

Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)

Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)

LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)

Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Legacy of Kain: Defiance (HKLM-x32\...\Steam App 224300) (Version:  - Crystal Dynamics)

Legacy of Kain: Soul Reaver 2 (HKLM-x32\...\Steam App 224940) (Version:  - Crystal Dynamics)

Lichdom: Battlemage (HKLM-x32\...\Lichdom: Battlemage_is1) (Version:  - Xaviant Games)

LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)

MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)

Medal of Honor™ Single Player (HKLM-x32\...\Steam App 47790) (Version:  - Electronic Arts)

Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)

Mount & Blade (HKLM-x32\...\Steam App 22100) (Version:  - TaleWorlds Entertainment)

Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

My Game Long Name (HKLM\...\UDK-7550746e-f8b6-46e9-9ba9-1323d86d8487) (Version:  - Epic Games, Inc.)

Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)

No More Room in [bleep] (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in [bleep] Team)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version:  - Timeslip)

OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden

Oknytt (HKLM-x32\...\Steam App 286320) (Version:  - Nemoria Entertainment)

One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)

Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)

ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)

Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)

Paranautical Activity (HKLM-x32\...\Steam App 250580) (Version:  - Code Avarice)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)

Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 1.3.0.1 - RSUPPORT)

Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)

PixelJunk™ Monsters Ultimate (HKLM-x32\...\Steam App 243780) (Version:  - )

Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 1.0.0.0 - Electronic Arts)

POSTAL (HKLM-x32\...\Steam App 232770) (Version:  - Running With Scissors)

POSTAL 2 Complete (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)

PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)

Puzzle Kingdoms (HKLM-x32\...\Steam App 23700) (Version:  - Infinite Interactive)

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)

Realms of Arkania 1 - Blade of Destiny Classic (HKLM-x32\...\Steam App 267670) (Version:  - attic Entertainment Software GmbH)

Realms of Arkania 2 - Star Trail Classic (HKLM-x32\...\Steam App 270750) (Version:  - attic Entertainment Software GmbH)

Realms of Arkania 3 - Shadows over Riva Classic (HKLM-x32\...\Steam App 270760) (Version:  - attic Entertainment Software GmbH)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6890 - Realtek Semiconductor Corp.)

Receiver (HKLM-x32\...\Steam App 234190) (Version:  - Wolfire Games)

Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.10.0 - Samsung Electronics CO., LTD.)

Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)

Risen (HKLM-x32\...\Steam App 40300) (Version:  - Piranha – Bytes )

Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)

Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )

Rock of Ages (HKLM-x32\...\Steam App 22230) (Version:  - ACE Team)

Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.2.0.10 - GOG.com)

RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)

RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)

S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden

Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version:  - Ascaron)

Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)

Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version:  - Artifice Studio)

ScoreCloud (HKLM-x32\...\ScoreCloud) (Version: 3.2 - DoReMIR Music Research)

Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)

Shadow Man (HKLM-x32\...\Steam App 251770) (Version:  - Acclaim Studios Teeside)

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)

Side Sync (HKLM-x32\...\{C6DA306C-B288-452A-B85C-01265DBFF0DA}) (Version: 1.1.12 - Samsung Electronics CO., LTD.)

Skyborn (HKLM-x32\...\Steam App 278460) (Version:  - Dancing Dragon Games)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)

Space Hack (HKLM-x32\...\Steam App 315260) (Version:  - Rebelmind)

SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)

Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

StarMade Demo (HKLM-x32\...\Steam App 335180) (Version:  - Schine, GmbH)

Starseed Pilgrim (HKLM-x32\...\Steam App 230980) (Version:  - Droqen)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Steel Storm: Burning Retribution (HKLM-x32\...\Steam App 96200) (Version:  - Kot in Action Creative Artel)

Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)

Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)

Support Center (HKLM\...\{843A1BDC-0879-4E5B-83E1-B81CC0CF3580}) (Version: 2.1.1201 - Samsung Electronics CO., LTD.)

Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden

Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)

SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)

Sweet Lily Dreams (HKLM-x32\...\Steam App 300540) (Version:  - RosePortal Games)

Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions)

System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)

System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)

Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)

The Cat Lady (HKLM-x32\...\GOGPACKCATLADY_is1) (Version: 2.1.0.4 - GOG.com)

The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Path (HKLM-x32\...\Steam App 27000) (Version:  - Tale of Tales)

The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)

The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)

The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)

The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)

To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)

Treasure Adventure Game (HKLM-x32\...\GOGPACKTREASUREADVENTUREGAME_is1) (Version: 2.0.0.4 - GOG.com)

Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)

Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)

Typing of The Dead Overkill version 1.0 (HKLM-x32\...\{06C8C4F1-CE5E-464D-B85D-725E9D61FE46}_is1) (Version: 1.0 - SEGA)

Unity Web Player (HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)

Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)

Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)

User Guide (HKLM-x32\...\{C7343D0D-E05B-4561-AAF1-8EDF0FEA1EAE}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)

Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.28 - Webroot)

Weird Worlds: Return to Infinite Space (HKLM-x32\...\Steam App 226120) (Version:  - Digital Eel)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Wizardry 6: Bane of the Cosmic Forge (HKLM-x32\...\Steam App 245410) (Version:  - Sir-Tech)

Wizardry 7: Crusaders of the Dark Savant (HKLM-x32\...\Steam App 245430) (Version:  - Sir-Tech)

Wizardry 8 (HKLM-x32\...\Steam App 245450) (Version:  - Sir-Tech Canada)

Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: 9.5.0 - Inmatrix LTD)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3345471694-2689826623-465696368-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

11-12-2014 15:57:11 Scheduled Checkpoint

22-12-2014 17:37:18 Scheduled Checkpoint

23-12-2014 22:04:20 avast! antivirus system restore point

25-12-2014 14:41:28 Installed DirectX

04-01-2015 17:28:57 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0935FBF4-94EE-49DB-B0A8-4FCA4FD36A09} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-04-22] (Samsung Electronics CO., LTD.)

Task: {40D3C254-78BC-44A5-99D2-BB5CB67A928F} - System32\Tasks\{21B59969-14DD-4072-B988-9061EF1E3EC0} => Iexplore.exe http://www.skype.com...LastError=12002

Task: {4E5C9939-BE1E-4D2D-93C5-A8C931137BC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)

Task: {5622D770-4C5F-43F2-A39B-EF98A577892C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)

Task: {7368BD26-DD54-4B6A-9656-1287D1D6C92A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3345471694-2689826623-465696368-1001Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-07] (Facebook Inc.)

Task: {77E823B6-1EEA-4757-A12A-40DB268535C9} - System32\Tasks\{28B12B42-3625-4837-BA88-62AE06355021} => pcalua.exe -a "C:\Program Files\Mafia\MafiaSetup.exe" -d "C:\Program Files\Mafia"

Task: {7E062A6D-1D77-419D-BFB9-1544342F334D} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-03-08] (Realtek Semiconductor)

Task: {99EF7507-5F2B-4578-8450-DAA83652C52A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)

Task: {AEA241F1-2A81-46DB-BB61-C897CF7E8B89} - System32\Tasks\SideSyncAutoRun => C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe [2013-06-24] (Samsung Electronics CO., LTD.)

Task: {C3407ABB-C725-4EBC-85D6-3DB5C76A5EF8} - System32\Tasks\{6E3572A6-A99A-4DC2-B166-B685F09546D2} => pcalua.exe -a D:\MafiaSetup.exe -d D:\

Task: {CA09345E-3122-4880-87E2-98695FF29321} - System32\Tasks\{1F153F78-AE27-48E3-AD34-11755AE2CC26} => pcalua.exe -a D:\MafiaGame\Setup.exe -d D:\MafiaGame

Task: {CB1EC8FF-FD71-4FF3-9FB3-09E4C273790A} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)

Task: {CD8C3FC2-9B7C-49E7-AB06-4AB27F3569E3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)

Task: {CF6AAD3C-4429-49C6-A01D-FEBFA3F2774B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-04-22] (Realtek Semiconductor)

Task: {D9DBE8A2-FFD8-4954-B3CE-400525C53E74} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-propertyisrobbery@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {DFD4C1BB-8EFD-4E1F-90BF-94B52C040157} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)

Task: {E11DD743-4473-4209-B7FE-066E03947CB7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3345471694-2689826623-465696368-1001UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-07] (Facebook Inc.)

Task: {EC304230-AA49-4485-870F-21BEFAA22034} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)

Task: {EC7E7012-5645-4817-82AD-C7917CA1AE16} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)

Task: {ED12DC78-94F6-4A4E-A197-87B8BAC3AFC8} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)

Task: {FA2A7D03-4B5E-4905-941F-342CD69F3560} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-24] (Google Inc.)

Task: {FCEE9178-9CDA-479C-94DA-353A97376118} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-03-08] (Realtek Semiconductor)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3345471694-2689826623-465696368-1001Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3345471694-2689826623-465696368-1001UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-02-28 14:00 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2010-08-12 16:45 - 2010-08-12 16:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

2013-08-17 23:37 - 2014-11-19 11:49 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe

2013-04-22 20:44 - 2013-04-22 20:44 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

2014-11-19 22:06 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-05-28 20:34 - 2013-05-07 01:10 - 00154112 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll

2013-05-28 20:34 - 2013-05-07 01:18 - 01645056 _____ () C:\Program Files\Bitcasa\bitcasaui.dll

2008-08-05 13:01 - 2008-08-05 13:01 - 00092160 _____ () C:\Program Files (x86)\Zoom Player\zpshlext64.dll

2014-01-25 02:22 - 2014-01-25 02:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll

2013-06-24 23:04 - 2013-06-24 23:04 - 00815104 _____ () C:\Program Files (x86)\Samsung\Side Sync\adb.exe

2013-05-09 17:58 - 2013-05-09 17:58 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2009-07-05 05:35 - 2009-07-05 05:35 - 00028160 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd

2009-07-05 05:35 - 2009-07-05 05:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll

2009-07-05 05:35 - 2009-07-05 05:35 - 00041472 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd

2009-07-05 05:35 - 2009-07-05 05:35 - 00096256 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd

2009-10-26 08:27 - 2009-10-26 08:27 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd

2009-10-26 08:25 - 2009-10-26 08:25 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd

2009-10-26 08:25 - 2009-10-26 08:25 - 00645120 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd

2010-03-16 12:05 - 2010-03-16 12:05 - 00020480 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd

2009-10-26 08:27 - 2009-10-26 08:27 - 00311808 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd

2009-10-26 08:25 - 2009-10-26 08:25 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd

2009-10-26 08:27 - 2009-10-26 08:27 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd

2010-05-05 12:44 - 2010-05-05 12:44 - 00010752 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd

2010-05-05 12:44 - 2010-05-05 12:44 - 00051200 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd

2010-05-05 12:44 - 2010-05-05 12:44 - 00039936 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd

2009-07-05 05:35 - 2009-07-05 05:35 - 00036352 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd

2010-05-05 12:43 - 2010-05-05 12:43 - 00008192 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd

2009-07-05 05:35 - 2009-07-05 05:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd

2009-07-05 05:35 - 2009-07-05 05:35 - 00017920 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd

2009-07-06 03:16 - 2009-07-06 03:16 - 00111104 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd

2009-07-05 05:35 - 2009-07-05 05:35 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd

2014-03-02 23:35 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2013-04-22 20:44 - 2013-04-22 20:44 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll

2013-04-22 20:45 - 2013-04-22 20:45 - 01121328 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll

2013-04-22 20:44 - 2013-04-22 20:44 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll

2013-04-22 20:44 - 2013-04-22 20:44 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll

2013-04-22 20:44 - 2013-04-22 20:44 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll

2013-04-22 20:44 - 2013-04-22 20:44 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll

2013-04-22 20:45 - 2013-04-22 20:45 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll

2013-04-22 20:44 - 2013-04-22 20:44 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll

2013-04-22 20:44 - 2013-04-22 20:44 - 00103984 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

2011-08-15 06:12 - 2011-08-15 06:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll

2013-03-07 12:53 - 2013-03-07 12:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll

2011-08-15 06:12 - 2011-08-15 06:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll

2011-08-15 06:15 - 2011-08-15 06:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll

2011-08-17 02:41 - 2011-08-17 02:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll

2011-08-17 02:48 - 2011-08-17 02:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll

2011-08-17 02:48 - 2011-08-17 02:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll

2011-08-15 05:23 - 2011-08-15 05:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll

2013-03-07 12:55 - 2013-03-07 12:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll

2013-03-07 12:58 - 2013-03-07 12:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll

2013-03-07 12:54 - 2013-03-07 12:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll

2011-07-19 02:05 - 2011-07-19 02:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll

2011-08-15 06:17 - 2011-08-15 06:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll

2011-07-19 02:04 - 2011-07-19 02:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll

2013-09-10 10:07 - 2013-09-03 13:01 - 00736768 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll

2013-09-10 10:07 - 2013-09-03 13:01 - 00126976 _____ () C:\Program Files (x86)\Last.fm\listener.dll

2013-09-10 10:07 - 2013-09-03 13:01 - 00032768 _____ () C:\Program Files (x86)\Last.fm\logger.dll

2013-09-10 10:07 - 2013-09-03 09:54 - 00351232 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll

2013-09-10 10:07 - 2013-01-18 11:39 - 00302592 _____ () C:\Program Files (x86)\Last.fm\phonon.dll

2013-09-10 10:07 - 2013-01-18 11:49 - 00182784 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll

2013-09-10 10:07 - 2012-12-13 00:12 - 00111104 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll

2013-09-10 10:07 - 2012-12-13 00:13 - 02286592 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll

2013-09-10 10:07 - 2012-12-13 00:13 - 00049664 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll

2014-08-31 12:51 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-31 12:51 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-08-31 12:51 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-02-19 16:17 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-05-21 15:43 - 2014-11-18 15:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-31 12:51 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-31 12:51 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2014-03-02 15:43 - 2014-11-18 15:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-01-29 16:35 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-08-14 16:14 - 2014-11-11 13:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

2014-12-12 17:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-12 17:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-12 17:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-12 17:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Owner\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk => C:\WINDOWS\pss\OpenVPN Client.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnk.Startup

MSCONFIG\startupreg: BitTorrent => "C:\Users\Owner\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED

MSCONFIG\startupreg: EvolveClient => "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun

MSCONFIG\startupreg: SkyDrive => "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

HKLM\...\StartupApproved\Run: => "Bitcasa"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

HKLM\...\StartupApproved\Run: => "XboxStat"

HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "BTMTrayAgent"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "RemoteControl10"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\StartupApproved\Run: => "SkyDrive"

HKU\S-1-5-21-3345471694-2689826623-465696368-1001\...\StartupApproved\Run: => "Facebook Update"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3345471694-2689826623-465696368-500 - Administrator - Disabled)

Guest (S-1-5-21-3345471694-2689826623-465696368-501 - Limited - Disabled)

Owner (S-1-5-21-3345471694-2689826623-465696368-1001 - Administrator - Enabled) => C:\Users\Owner

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/04/2015 05:34:33 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

 

Error: (01/04/2015 04:33:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 22131563

 

Error: (01/04/2015 04:33:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 22131563

 

Error: (01/04/2015 04:33:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/04/2015 04:33:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 22127672

 

Error: (01/04/2015 04:33:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 22127672

 

Error: (01/04/2015 04:33:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/04/2015 10:25:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 19047

 

Error: (01/04/2015 10:25:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 19047

 

Error: (01/04/2015 10:25:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (01/04/2015 08:51:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Device Setup Manager service depends on the HTTP Service service which failed to start because of the following error: 

%%1009

 

Error: (01/04/2015 08:51:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HTTP Service service failed to start due to the following error: 

%%1009

 

Error: (01/04/2015 08:51:20 PM) (Source: HTTP) (EventID: 15021) (User: )

Description: \Device\Http\ReqQueueType=0 Index=0

 

Error: (01/04/2015 05:29:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Device Setup Manager service depends on the HTTP Service service which failed to start because of the following error: 

%%1009

 

Error: (01/04/2015 05:29:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HTTP Service service failed to start due to the following error: 

%%1009

 

Error: (01/04/2015 05:29:01 PM) (Source: HTTP) (EventID: 15021) (User: )

Description: \Device\Http\ReqQueueType=0 Index=0

 

Error: (01/04/2015 04:36:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/04/2015 00:45:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/02/2015 10:34:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (01/01/2015 06:15:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Device Setup Manager service depends on the HTTP Service service which failed to start because of the following error: 

%%1009

 

 

Microsoft Office Sessions:

=========================

Error: (01/04/2015 05:34:33 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Program Files (x86)\Samsung\Side Sync\SideSync.exe

 

Error: (01/04/2015 04:33:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 22131563

 

Error: (01/04/2015 04:33:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 22131563

 

Error: (01/04/2015 04:33:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/04/2015 04:33:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 22127672

 

Error: (01/04/2015 04:33:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 22127672

 

Error: (01/04/2015 04:33:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/04/2015 10:25:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 19047

 

Error: (01/04/2015 10:25:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 19047

 

Error: (01/04/2015 10:25:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-3635QM CPU @ 2.40GHz

Percentage of memory in use: 27%

Total physical RAM: 8076.87 MB

Available physical RAM: 5856.19 MB

Total Pagefile: 11148.87 MB

Available Pagefile: 6564.06 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:906.88 GB) (Free:226.38 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 86461094)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

[coleheideman]

As far as the screenshot goes, I haven't had the pop up today. It used to be pretty frequent a while back, but now it happens maybe twice a day that I notice, on average. Sometimes I don't notice because it might happen while I am playing a game or something. Regardless, I will upload a screenshot as soon as I can get one. Thanks!

[Nevan]

Hello, coleheideman.

There's something to do before we start cleaning your system.

P2P Warning

I noticed that you have or have had a P2P (Peer-to-Peer) file sharing program on your machine:

• BitTorrent

It is important to stay away from them as they are used to share pirated material. The programs themselves can be safe, but majority of the files shared through them is infected.

Some of things to keep in mind when using P2P programs:

• Your computer is more likely to get infected with malware, which will result in coming back to our or other forums for help.
• You may have your important data stolen, including passwords, photos or personal information.
• You help to share pirated material, which may result in arrest, fines, or even jail time for illegal downloads of copyrighted material.

If I still didn't convince you, please read these short reports about how dangerous it can be to use P2P programs:

• FBI - Risks of Peer-to-Peer Systems
• File sharing infects 500,000 computers
• P2P File-Sharing Risks.

Whether you remove them or not is your decision. Though I strongly recommend you to uninstall your P2P programs as they most likely will cause problems in the future.

If you choose not to remove them, please refrain from using them until we are done on cleaning your computer.

 
CKScanner

• Download CKScanner and save it to your Desktop.
• Right click CKScanner.exe and select Run as administrator.
• Give permission if necessary, and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify the file saved. Please run the program once only.
• Double-click the CKFiles.txt on your desktop and copy/paste the content in your next reply.

[Nevan]

Oh, and about your question regarding protection of your USB Drive, we will take care of that once we're done with cleaning your computer

[coleheideman]

Is this sub closed? I hadn't responded cuz I hadn't had the issue but just now, for the first time I noticed in the past however many days, I had it!  

[coleheideman]

Here's a screenshot of it. 

Attached Thumbnails

• 

[coleheideman]

I'll get to work on the next step as soon as possible, if you will still help, thank you. 

[Nevan]

This is why I always write this on the beginning of the topic:

I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.

If you still need help, ignore the latest instructions and please give me new FRST logs, as it's been a week since you gave the first ones. Use these instructions:

FRST Scan

If you still have FRST64.exe on your desktop, remove it and download a new one.

• Download Farbar Recovery Scan Tool and save it to your Desktop.
• Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
• Make sure that Addition.txt is checked and press the Scan button.
• It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
• Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.