Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Windows Defender [Solved]


  • This topic is locked This topic is locked

#1
Twatson31

Twatson31

    Member

  • Member
  • PipPip
  • 15 posts

Hello,

 

I began to run Window's Defender and it said it was cleaning malware and told me to restart my comp to clean it. Before I could do it , Window's Defender dissapeared and when I tried to open it I was told that this app was turned off due to group policy and I am unable to figure out how to turn it on.

 

I would like to remedy this situation in the very least cleaning my system of the malware that is lagging my comp.

 

Please Help sad.png.pagespeed.ce.cyRRGRfa7C9wcnWdZpQ

 

I was on the malware self removal section but I am not even saavy enough to understand what on earth I am to do. 


  • 0

Advertisements


#2
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Here is my OTL

 

OTL logfile created on: 3/4/2015 9:39:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Digital Storm\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
31.89 Gb Total Physical Memory | 29.37 Gb Available Physical Memory | 92.10% Memory free
51.42 Gb Paging File | 48.77 Gb Available in Paging File | 94.84% Paging File free
Paging file location(s): c:\pagefile.sys 10000 30000d:\pag [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.23 Gb Total Space | 48.99 Gb Free Space | 21.95% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 284.24 Gb Free Space | 30.51% Space Free | Partition Type: NTFS
Drive E: | 6.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: DIGITALSTORM | User Name: Digital Storm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/03/04 09:39:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Digital Storm\Downloads\OTL.exe
PRC - [2015/03/04 09:00:53 | 000,103,424 | ---- | M] () -- C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\jnsrFF8E.tmp
PRC - [2015/03/04 09:00:41 | 000,122,880 | ---- | M] () -- C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\nscCED3.tmpfs
PRC - [2015/02/27 11:23:44 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/02/14 14:55:47 | 001,949,592 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2015/02/06 13:21:14 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
PRC - [2015/01/30 18:53:30 | 000,177,560 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/05/18 15:04:33 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/02/05 04:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/02/05 04:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/06 13:21:13 | 016,852,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
MOD - [2015/01/10 03:07:47 | 000,011,920 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2014/10/03 17:36:28 | 016,810,624 | ---- | M] () -- C:\Windows\SysWOW64\igd11dxva32.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/13 23:20:30 | 002,711,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/12/05 20:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/28 22:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/28 21:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/28 21:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/28 21:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/28 21:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/28 21:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/28 20:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/28 20:48:36 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/10/28 20:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/28 20:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/28 20:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/10/28 20:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/28 20:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/28 20:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/28 20:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/28 20:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/28 20:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/28 20:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/28 20:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/28 20:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/28 20:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/28 20:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/10/28 20:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/28 19:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/10/28 19:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/28 19:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/10/28 19:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/10/03 17:36:52 | 000,329,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 23:29:40 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/02/05 04:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/01/15 19:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/01 11:04:08 | 000,772,064 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2013/04/16 19:56:32 | 003,379,440 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/04/16 19:56:20 | 000,273,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/04/16 19:56:12 | 000,624,368 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/04/16 19:55:58 | 000,149,744 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/03/15 14:22:42 | 000,495,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)
SRV:64bit: - [2013/02/13 14:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 14:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/09 14:43:02 | 000,067,904 | ---- | M] (OrdinarySoft) [Disabled | Stopped] -- C:\Program Files\Start Menu X\StartMenuXService.exe -- (StartMenuXService)
SRV:64bit: - [2012/09/12 20:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2015/03/04 09:00:53 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\jnsrFF8E.tmp -- (nerelefe)
SRV - [2015/03/04 09:00:41 | 000,122,880 | ---- | M] () [Auto | Running] -- C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\nscCED3.tmpfs -- (ducesuvy)
SRV - [2015/02/27 11:23:44 | 000,148,080 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/02/27 10:54:36 | 001,910,640 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2015/02/18 18:51:18 | 000,835,776 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015/02/06 13:21:14 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/30 18:53:30 | 000,177,560 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/10/28 20:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 20:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/28 19:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/03 17:36:56 | 000,279,952 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/08/15 23:29:40 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/05/18 15:04:33 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2014/02/28 10:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe -- (iumsvc)
SRV - [2014/02/08 16:35:06 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\free steam games\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2014/02/05 04:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/16 12:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013/08/16 19:06:23 | 000,031,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2013/03/12 15:20:08 | 000,366,552 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/12 15:19:38 | 000,169,432 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/03/12 15:19:38 | 000,131,544 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/10 03:07:47 | 000,299,848 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2015/01/10 03:07:47 | 000,031,376 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2014/12/11 19:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014/11/10 13:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/11/04 14:33:40 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2014/10/28 22:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/28 22:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/28 22:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/28 21:47:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2014/10/28 21:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/28 21:46:41 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/10/28 21:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/28 21:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/28 21:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/28 21:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/16 23:56:24 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/16 23:56:23 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/16 22:35:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/15 03:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/08 04:24:09 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/10/07 01:54:45 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/10/07 01:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/07 01:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/10/03 17:36:38 | 004,753,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/09/18 20:58:48 | 000,038,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2014/09/18 20:58:48 | 000,027,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/05/27 01:13:18 | 000,034,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xb1usb.sys -- (xb1usb)
DRV:64bit: - [2014/05/19 21:44:03 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/03/19 22:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/18 03:18:42 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/02/22 10:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 07:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/27 13:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/12/04 13:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/29 23:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 22:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/25 22:52:42 | 003,589,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwbw02.sys -- (NETwNb64)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/05/14 12:27:14 | 003,597,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64)
DRV:64bit: - [2013/05/01 11:04:36 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/03/15 14:23:42 | 000,074,096 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bwcW8x64.sys -- (BfLwf)
DRV:64bit: - [2013/03/15 14:23:40 | 000,174,448 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22w8x64.sys -- (Ke2200)
DRV:64bit: - [2013/03/12 15:19:38 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/02/01 03:08:18 | 000,448,072 | ---- | M] (RTS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER)
DRV:64bit: - [2012/08/24 04:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/11/17 18:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...28AD64F85&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 4E 47 CB 43 54 D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Trovi"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Trovi"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trovi.com...8AD64F85&SSPV="
FF - prefs.js..extensions.enabledAddons: bookmarkcurrenttabset%40jake.kasprzak.ca:0.2.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/09/19 19:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Digital Storm\AppData\Roaming\mozilla\Extensions
[2014/10/16 09:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Digital Storm\AppData\Roaming\mozilla\Firefox\Profiles\jmty1bro.default\extension-data
[2014/05/17 08:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Digital Storm\AppData\Roaming\mozilla\Firefox\Profiles\jmty1bro.default\extension-data\[email protected]
[2014/10/16 09:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Digital Storm\AppData\Roaming\mozilla\Firefox\Profiles\jmty1bro.default\extension-data\[email protected]
[2015/02/27 19:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Digital Storm\AppData\Roaming\mozilla\Firefox\Profiles\jmty1bro.default\Extensions
[2014/11/19 07:14:31 | 000,011,859 | ---- | M] () (No name found) -- C:\Users\Digital Storm\AppData\Roaming\mozilla\firefox\profiles\jmty1bro.default\Extensions\[email protected]
[2015/01/15 09:42:22 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\Digital Storm\AppData\Roaming\mozilla\firefox\profiles\jmty1bro.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/10/16 09:26:08 | 000,002,533 | ---- | M] () -- C:\Users\Digital Storm\AppData\Roaming\mozilla\firefox\profiles\jmty1bro.default\searchplugins\ask-search.xml
[2013/11/26 15:47:47 | 000,003,725 | ---- | M] () -- C:\Users\Digital Storm\AppData\Roaming\mozilla\firefox\profiles\jmty1bro.default\searchplugins\safeguard-secure-search.xml
[2015/03/04 09:03:01 | 000,002,976 | ---- | M] () -- C:\Users\Digital Storm\AppData\Roaming\mozilla\firefox\profiles\jmty1bro.default\searchplugins\trovi.xml
[2014/02/14 23:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/02/27 11:23:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.114.0.1_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng\1.6.680_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.785_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8_0\
 
O1 HOSTS File: ([2015/02/12 15:59:26 | 000,450,771 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 15471 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" File not found
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_CC051D5897F5F3AEBC9A803FAFD6A26A] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Lync] C:\Program Files\Microsoft Office 15\root\office15\lync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\Digital Storm\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Digital Storm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [StartMenuX] C:\Program Files\Start Menu X\StartMenuX.exe (OrdinarySoft)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Digital Storm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB9DD52-DED0-446C-8D2B-21AF4C544674}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF2C532D-01F3-4B1C-BF00-22C0475829C5}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{238df597-ad37-11e4-bf2c-8c89a50b7a12}\Shell - "" = AutoRun
O33 - MountPoints2\{238df597-ad37-11e4-bf2c-8c89a50b7a12}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{26edb116-6011-11e3-be8a-0c8bfd2c5a64}\Shell - "" = AutoRun
O33 - MountPoints2\{26edb116-6011-11e3-be8a-0c8bfd2c5a64}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{4670df28-ac59-11e3-beb9-0c8bfd2c5a64}\Shell - "" = AutoRun
O33 - MountPoints2\{4670df28-ac59-11e3-beb9-0c8bfd2c5a64}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{4670df35-ac59-11e3-beb9-0c8bfd2c5a64}\Shell - "" = AutoRun
O33 - MountPoints2\{4670df35-ac59-11e3-beb9-0c8bfd2c5a64}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{e7854d6a-adfe-11e4-bf2d-8c89a50b7a12}\Shell - "" = AutoRun
O33 - MountPoints2\{e7854d6a-adfe-11e4-bf2d-8c89a50b7a12}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/03/04 09:01:22 | 000,000,000 | ---D | C] -- C:\Users\Digital Storm\AppData\Local\03000200-1425459681-0500-0006-000700080009
[2015/03/04 09:00:56 | 000,000,000 | ---D | C] -- C:\Users\Digital Storm\AppData\Local\Pro_PC_Cleaner
[2015/03/04 09:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\micron
[2015/03/04 09:00:52 | 000,000,000 | ---D | C] -- C:\Users\Digital Storm\Documents\ProPCCleaner
[2015/03/04 09:00:20 | 000,000,000 | ---D | C] -- C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009
[2015/02/19 08:03:33 | 000,000,000 | ---D | C] -- C:\Users\Digital Storm\AppData\Local\Steam
[2015/02/18 20:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox One Controller for Windows
[2015/02/13 10:49:08 | 000,000,000 | ---D | C] -- C:\Users\Digital Storm\AppData\Local\Logitech
[2015/02/13 10:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2015/02/13 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2015/02/13 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2015/02/12 15:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2015/02/12 15:45:16 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\SysNative\sdnclean64.exe
[2015/02/12 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/02/12 08:48:57 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/02/11 10:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/02/11 10:13:30 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2015/02/11 10:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2015/02/10 16:35:07 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\scesrv.dll
[2015/02/10 16:35:07 | 000,393,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\scesrv.dll
[2015/02/10 16:35:05 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2015/02/10 16:35:05 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2015/02/10 16:35:03 | 001,762,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2015/02/10 16:35:02 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2015/02/10 16:35:02 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2015/02/10 16:34:40 | 000,788,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2015/02/10 16:34:35 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/02/10 16:34:35 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/02/10 16:34:35 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/02/10 16:34:35 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/02/10 16:34:35 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/02/10 16:34:35 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/02/10 16:34:35 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/02/10 16:34:35 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll
[2015/02/10 16:34:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll
[2015/02/10 16:34:34 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/02/10 16:34:34 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/02/10 16:34:34 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/02/10 16:34:34 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015/02/10 16:34:34 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015/02/10 16:34:34 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll
[2015/02/10 16:33:33 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/02/10 16:33:33 | 000,894,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2015/02/10 16:33:33 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/02/10 16:33:32 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/02/10 16:33:32 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/02/10 16:33:30 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll
[2015/02/10 16:33:25 | 001,487,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2015/02/04 18:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Democracy 3
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/03/04 09:27:21 | 000,001,101 | ---- | M] () -- C:\Users\Digital Storm\Desktop\Continue Live Installation.lnk
[2015/03/04 09:23:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/03/04 09:20:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001UA.job
[2015/03/04 09:13:51 | 000,864,642 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/03/04 09:13:51 | 000,732,090 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/03/04 09:13:51 | 000,136,062 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/03/04 09:08:32 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/03/04 09:06:44 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/03/04 09:06:35 | 000,001,529 | -HS- | M] () -- C:\WINDOWS\SysWow64\mmf.sys
[2015/03/04 09:06:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/03/04 09:06:30 | 1624,276,986 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/04 09:01:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015/03/04 08:20:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001Core.job
[2015/02/19 23:24:17 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/02/12 15:59:26 | 000,450,771 | R--- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2015/02/12 15:45:20 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/02/12 15:40:48 | 000,000,085 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2015/02/12 08:33:23 | 000,484,208 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/02/11 10:13:21 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll
[2015/02/03 18:38:41 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll
[2015/02/03 18:08:38 | 000,761,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/02/03 18:08:37 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/02/03 14:31:19 | 000,714,720 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/02/03 14:31:19 | 000,106,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/02 18:11:29 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/02/02 18:11:24 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/02/02 18:11:24 | 000,894,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/03/04 09:27:21 | 000,001,101 | ---- | C] () -- C:\Users\Digital Storm\Desktop\Continue Live Installation.lnk
[2015/02/12 15:45:20 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2015/02/12 15:45:20 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/02/12 15:40:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2015/02/10 16:34:40 | 000,391,526 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/12/30 08:51:39 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/12/30 08:51:27 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014/12/05 08:09:14 | 000,000,017 | ---- | C] () -- C:\Users\Digital Storm\AppData\Local\resmon.resmoncfg
[2014/10/03 17:36:30 | 000,186,368 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/10/03 17:36:28 | 016,810,624 | ---- | C] () -- C:\WINDOWS\SysWow64\igd11dxva32.dll
[2014/07/18 22:18:29 | 000,000,040 | ---- | C] () -- C:\Users\Digital Storm\AppData\Roaming\TheHunterSettings_steam_live.cfg
[2014/07/18 21:44:59 | 000,000,097 | ---- | C] () -- C:\Users\Digital Storm\AppData\Roaming\LauncherSettings_live.cfg
[2014/05/18 15:04:33 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2014/05/18 15:04:33 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe
[2014/05/18 15:04:33 | 000,001,529 | -HS- | C] () -- C:\WINDOWS\SysWow64\mmf.sys
[2014/04/22 21:21:23 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/13 19:45:45 | 002,250,024 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2013/12/29 10:28:06 | 000,000,101 | ---- | C] () -- C:\Users\Digital Storm\AppData\Local\fusioncache.dat
[2013/12/29 10:27:27 | 000,881,814 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/26 12:01:10 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/17 04:25:35 | 002,601,752 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc_moh.exe
 
========== ZeroAccess Check ==========
 
[2013/11/05 18:40:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/11/10 19:39:20 | 022,290,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/11/10 19:17:34 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 20:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 19:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 20:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Digital Storm\SkyDrive:ms-properties

< End of report >
 


  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi as you are using windows 8 I will need to use a different scanner

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#4
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015
Ran by Digital Storm at 2015-03-04 13:32:35
Running from C:\Users\Digital Storm\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Game of Thrones version 0.8 (HKU\S-1-5-21-748073090-314025420-2060316-1001\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.8 - AGOT TEAM)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version:  - Remedy Entertainment)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - Ubisoft Montreal)
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version:  - Stunlock Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
ChromecastApp (HKU\S-1-5-21-748073090-314025420-2060316-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
Crysis (HKLM-x32\...\Steam App 17300) (Version:  - Crytek)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DC Universe Online (HKLM-x32\...\Steam App 24200) (Version:  - Sony Online Entertainment)
DC Universe Online Live (HKU\S-1-5-21-748073090-314025420-2060316-1001\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Visceral Games)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Democracy 3 Corruption Mod (HKLM-x32\...\Democracy 3_is1) (Version:  - Positech Games)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.4 - Electronic Arts)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry (HKLM-x32\...\Steam App 13520) (Version:  - Crytek Studios)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.8.0.0 - Electronic Arts)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version:  - Paradox Development Studio)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version:  - NetherRealm Studios)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6ec41eb7-bff8-4dd4-9278-57f45f6e6e0e}) (Version: 16.0.5 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version:  - TT Games)
LEGO Harry Potter: Years 5-7 (HKLM-x32\...\Steam App 204120) (Version:  - Traveller's Tales )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version:  - Ubisoft Quebec)
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NBA 2K13 (HKLM-x32\...\Steam App 219600) (Version:  - Visual Concepts)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Post Mortem (HKLM-x32\...\Steam App 46550) (Version:  - Anuman / Microids)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.550 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.550 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 6.2.9200.21219 - Realtek Semiconductor Corp.)
Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version:  - Gray Matter Studios)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Scrivener (HKLM-x32\...\Scrivener 1610) (Version: 1610 - Literature and Latte)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1902}) (Version: 12.25.2.60 - APN, LLC) <==== ATTENTION
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1831.1 - Hi-Rez Studios)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Start Menu X version 4.87 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 4.87 - OrdinarySoft)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Still Life (HKLM-x32\...\Steam App 46480) (Version:  - Anuman / Microids)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TEW2013 (HKLM-x32\...\TEW2013) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)
The Lord of the Rings Online™ v03.08.00.8029 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.08.00.8029 - Turbine, Inc.)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
theHunter (HKLM-x32\...\Steam App 253710) (Version:  - Expansive Worlds)
Tom Clancy's Splinter Cell (HKLM-x32\...\Steam App 13560) (Version:  - Ubisoft)
Tom Clancy's Splinter Cell: Chaos Theory (HKLM-x32\...\Steam App 13570) (Version:  - Ubisoft Montreal)
Tom Clancy's Splinter Cell: Conviction (HKLM-x32\...\Steam App 33220) (Version:  - Ubisoft Montreal)
Tom Clancy's Splinter Cell: Double Agent (HKLM-x32\...\Steam App 13580) (Version:  - Ubisoft Montreal)
TreeSheets (HKLM-x32\...\TreeSheets) (Version:  - )
Tribes: Ascend (HKLM-x32\...\Steam App 17080) (Version:  - Hi-Rez Studios)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
Vindictus (HKLM-x32\...\Steam App 212160) (Version:  - Nexon)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Wolfenstein 3D (HKLM-x32\...\Steam App 2270) (Version:  - id Software)
Wolfenstein 3D: Spear of Destiny (HKLM-x32\...\Steam App 9000) (Version:  - id Software)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version:  - Machine Games)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-748073090-314025420-2060316-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

10-02-2015 17:16:02 Windows Update
17-02-2015 18:00:19 Scheduled Checkpoint
18-02-2015 20:17:34 Installed Microsoft Xbox One Controller for Windows
24-02-2015 16:51:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-02-12 15:59 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F5D385A-E3EB-48E5-B2F3-49B06D1BE7CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {220EC5EC-5CB4-4C30-8CF8-FCB813C0B8B8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001UA => C:\Users\Digital Storm\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {2FBEAD16-A11D-41ED-B597-E1B21DAA0E76} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DIGITALSTORM-Digital Storm DigitalStorm => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {331B0EA3-01E5-47F4-9477-5AFDEEE0898B} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {3D7FE4B7-2BBE-41CD-B7EA-9B0945903275} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {510CFF61-D56B-48E3-8D0E-9E258801562F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {57369DDC-260E-4569-B86B-1C1FDABF7D46} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6D8E9579-F018-48EF-8BF9-44266D39D91D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001Core => C:\Users\Digital Storm\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.)
Task: {6F6A2339-FDAC-4230-ACC6-05D3AF76F2FF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {79726FF0-5883-4C2A-B4AC-5260B15A7BD3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7C62F835-C6F8-4A28-886A-D3EE8B08195F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7E1AA75A-69D2-4A96-8855-71F24F7DCA6F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {8122429F-375C-4A4B-BB9F-E93FF177A217} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9E1CE873-7C20-414D-A59A-0B64E676A310} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {A07B38AE-8D21-46BF-9028-590F5E34C63F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {AFCB9E43-F5A4-41B1-9058-5D2F407F6F04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {B8A6BDC3-DF88-49AE-B623-BEF69C975276} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {CE37DFED-804C-4F2A-872F-AC62B17BE81A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {CFDC526F-E7E4-4F79-AD2D-0AD263A7CAA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09] (Google Inc.)
Task: {F72A3418-E024-421B-A857-DD0CF80340A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001Core.job => C:\Users\Digital Storm\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001UA.job => C:\Users\Digital Storm\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-28 21:00 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-19 07:06 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-04 09:00 - 2015-03-04 09:00 - 00122880 _____ () C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\nscCED3.tmpfs
2014-05-18 15:04 - 2014-05-18 15:04 - 00002560 _____ () C:\WINDOWS\runservice.exe
2015-03-04 09:00 - 2015-03-04 09:00 - 00103424 _____ () C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\jnsrFF8E.tmp
2015-02-27 06:03 - 2014-12-23 14:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-21 00:02 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-03-15 14:22 - 2013-03-15 14:22 - 00553984 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2011-05-09 22:46 - 2011-05-09 22:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 22:56 - 2011-05-09 22:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 22:48 - 2011-05-09 22:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2011-05-09 22:47 - 2011-05-09 22:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 14:32 - 2011-05-10 14:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2013-03-15 14:22 - 2013-03-15 14:22 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2015-03-04 13:23 - 2015-03-04 13:23 - 09092688 _____ () C:\Program Files (x86)\Google\Update\Install\{647D920B-614B-41CD-ADF8-34D5F2F4B9E8}\41.0.2272.76_40.0.2214.115_chrome_updater.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-18 15:04 - 2014-05-18 15:04 - 00048640 _____ () C:\WINDOWS\mmfs.dll
2015-02-12 15:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-12 15:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-12 15:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-12 15:45 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-12 15:45 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-19 23:24 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 23:24 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 23:24 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-12-21 01:04 - 2013-12-21 01:04 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2015-02-19 23:24 - 2015-02-17 17:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Digital Storm\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\twats_000\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-748073090-314025420-2060316-1001\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Qualcomm Atheros Killer Service => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: StartMenuXService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: ZeroConfigService => 2
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_CC051D5897F5F3AEBC9A803FAFD6A26A"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Accounts: =============================

Administrator (S-1-5-21-748073090-314025420-2060316-500 - Administrator - Disabled)
ASPNET (S-1-5-21-748073090-314025420-2060316-1003 - Administrator - Enabled)
Digital Storm (S-1-5-21-748073090-314025420-2060316-1001 - Administrator - Enabled) => C:\Users\Digital Storm
Guest (S-1-5-21-748073090-314025420-2060316-501 - Limited - Disabled)
twats_000 (S-1-5-21-748073090-314025420-2060316-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 11:31:28 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (03/04/2015 09:05:51 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/03/2015 08:13:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (03/03/2015 08:13:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (03/03/2015 08:12:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (03/03/2015 04:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.0.5531, time stamp: 0x54eb029a
Faulting module name: mozalloc.dll, version: 36.0.0.5531, time stamp: 0x54eaf3b7
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0xd24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (03/03/2015 01:11:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (03/03/2015 01:02:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (03/03/2015 11:58:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (03/03/2015 10:35:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (03/04/2015 09:04:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Quick Ref 1.10.0.9 Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/03/2015 07:54:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:53:04 AM on ‎3/‎3/‎2015 was unexpected.

Error: (03/01/2015 09:16:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (02/28/2015 07:22:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (02/28/2015 07:22:27 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (02/23/2015 08:57:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:55:41 AM on ‎2/‎23/‎2015 was unexpected.

Error: (02/22/2015 09:55:56 AM) (Source: DCOM) (EventID: 10001) (User: DIGITALSTORM)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXkswwm8byjteqyeznb7hq06yvbrx5arrg.mca31App.AppXna5ytkgkf35wfa8ybk33vvnaq1av7jps.mcaUnavailableUnavailable

Error: (02/22/2015 09:55:56 AM) (Source: DCOM) (EventID: 10001) (User: DIGITALSTORM)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXkswwm8byjteqyeznb7hq06yvbrx5arrg.mca31App.AppXna5ytkgkf35wfa8ybk33vvnaq1av7jps.mcaUnavailableUnavailable

Error: (02/22/2015 09:55:56 AM) (Source: DCOM) (EventID: 10001) (User: DIGITALSTORM)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXkswwm8byjteqyeznb7hq06yvbrx5arrg.mca31App.AppXna5ytkgkf35wfa8ybk33vvnaq1av7jps.mcaUnavailableUnavailable

Error: (02/22/2015 09:55:56 AM) (Source: DCOM) (EventID: 10001) (User: DIGITALSTORM)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXkswwm8byjteqyeznb7hq06yvbrx5arrg.mca31App.AppXna5ytkgkf35wfa8ybk33vvnaq1av7jps.mcaUnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (03/04/2015 11:31:28 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (03/04/2015 09:05:51 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/03/2015 08:13:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (03/03/2015 08:13:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (03/03/2015 08:12:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (03/03/2015 04:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.0.553154eb029amozalloc.dll36.0.0.553154eaf3b78000000300001e02d2401d055eced75d8f6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7a1cd0da-c1ec-11e4-bf41-8c89a50b7a12

Error: (03/03/2015 01:11:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (03/03/2015 01:02:16 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (03/03/2015 11:58:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)

Error: (03/03/2015 10:35:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)


CodeIntegrity Errors:
===================================
  Date: 2015-02-28 04:38:27.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-28 04:38:26.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-28 01:13:55.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-28 01:13:53.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-16 09:00:39.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-16 09:00:39.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-12 16:08:22.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-12 16:08:22.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-12 16:08:22.360
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-12 16:08:07.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4900MQ CPU @ 2.80GHz
Percentage of memory in use: 11%
Total physical RAM: 32656.29 MB
Available physical RAM: 28826.92 MB
Total Pagefile: 52656.29 MB
Available Pagefile: 48728.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.23 GB) (Free:48.84 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:284.24 GB) NTFS
Drive e: (JEZDVD001) (CDROM) (Total:6.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 92429F33)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 352B6146)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#5
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015
Ran by Digital Storm (administrator) on DIGITALSTORM on 04-03-2015 13:31:22
Running from C:\Users\Digital Storm\Downloads
Loaded Profiles: Digital Storm (Available profiles: Digital Storm)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\nscCED3.tmpfs
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\Runservice.exe
() C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\jnsrFF8E.tmp
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\Google\Update\Install\{647D920B-614B-41CD-ADF8-34D5F2F4B9E8}\41.0.2272.76_40.0.2214.115_chrome_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949592 2015-02-14] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7657792 2013-06-28] (OrdinarySoft)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Spotify Web Helper] => C:\Users\Digital Storm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-02] (Spotify Ltd)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Google Update] => C:\Users\Digital Storm\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-31] (Google Inc.)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Spotify] => C:\Users\Digital Storm\AppData\Roaming\Spotify\spotify.exe [6737976 2015-02-02] (Spotify Ltd)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [GoogleChromeAutoLaunch_CC051D5897F5F3AEBC9A803FAFD6A26A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [19053720 2015-01-13] (Microsoft Corporation)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {238df597-ad37-11e4-bf2c-8c89a50b7a12} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {26edb116-6011-11e3-be8a-0c8bfd2c5a64} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {4670df28-ac59-11e3-beb9-0c8bfd2c5a64} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {4670df35-ac59-11e3-beb9-0c8bfd2c5a64} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {e7854d6a-adfe-11e4-bf2d-8c89a50b7a12} - "F:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Digital Storm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-748073090-314025420-2060316-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...28AD64F85&SSPV=
HKU\S-1-5-21-748073090-314025420-2060316-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-748073090-314025420-2060316-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-748073090-314025420-2060316-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=55&CUI=&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\user.js
FF SearchPlugin: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\searchplugins\trovi.xml
FF Extension: TopArcadeHits - C:\Users\Digital Storm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-09-19]
FF Extension: Bookmark Current Tab Set - C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\Extensions\[email protected] [2014-11-19]
FF Extension: Adblock Plus - C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11]

Chrome:
=======
CHR HomePage: Default -> hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=2E490C8BFD2C5A61&affID=119794&tsp=5011
CHR StartupUrls: Default -> "hxxp://popurls.com/", "hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=55&CUI=&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85&SSPV="
CHR DefaultSearchKeyword: Default -> delta-search.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-09]
CHR Extension: (Google Drive) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-09]
CHR Extension: (Google Cast) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-08-31]
CHR Extension: (McAfee Security Scan+) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-23]
CHR Extension: (Google Search) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-09]
CHR Extension: (Hola Better Internet Engine) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-01-03]
CHR Extension: (Hola Better Internet) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-03]
CHR Extension: (No Name) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-09]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S3 DAUpdaterSvc; D:\free steam games\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-02-08] (BioWare)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-12-16] (Hi-Rez Studios) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LicCtrlService; C:\WINDOWS\runservice.exe [2560 2014-05-18] () [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] ()
R2 nerelefe; C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\jnsrFF8E.tmp [103424 2015-03-04] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S4 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 StartMenuXService; C:\Program Files\Start Menu X\StartMenuXService.exe [67904 2013-02-09] (OrdinarySoft)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation)
R2 ducesuvy; C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\nscCED3.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3597792 2013-05-14] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299848 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 cgqddukf; \??\C:\WINDOWS\system32\drivers\cgqddukf.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 13:31 - 2015-03-04 13:31 - 00026319 _____ () C:\Users\Digital Storm\Downloads\FRST.txt
2015-03-04 13:29 - 2015-03-04 13:31 - 00000000 ____D () C:\FRST
2015-03-04 13:28 - 2015-03-04 13:29 - 02093056 _____ (Farbar) C:\Users\Digital Storm\Downloads\FRST64.exe
2015-03-04 09:56 - 2015-03-04 09:56 - 00188218 _____ () C:\Users\Digital Storm\Downloads\Extras.Txt
2015-03-04 09:53 - 2015-03-04 09:53 - 00145008 _____ () C:\Users\Digital Storm\Downloads\OTL.Txt
2015-03-04 09:39 - 2015-03-04 09:39 - 00602112 _____ (OldTimer Tools) C:\Users\Digital Storm\Downloads\OTL.exe
2015-03-04 09:27 - 2015-03-04 09:27 - 00001101 _____ () C:\Users\Digital Storm\Desktop\Continue Live Installation.lnk
2015-03-04 09:01 - 2015-03-04 09:02 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\03000200-1425459681-0500-0006-000700080009
2015-03-04 09:00 - 2015-03-04 09:02 - 00000000 ____D () C:\Users\Digital Storm\Documents\ProPCCleaner
2015-03-04 09:00 - 2015-03-04 09:00 - 00003220 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-03-04 09:00 - 2015-03-04 09:00 - 00000000 ____D () C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009
2015-03-04 09:00 - 2015-03-04 09:00 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Pro_PC_Cleaner
2015-03-04 09:00 - 2015-03-04 09:00 - 00000000 ____D () C:\ProgramData\micron
2015-03-04 08:57 - 2015-03-04 08:57 - 00626248 _____ () C:\Users\Digital Storm\Downloads\CCleaner 4.11.4619.exe
2015-02-25 15:41 - 2015-02-25 15:41 - 24547328 _____ () C:\Users\Digital Storm\Downloads\TEW2013.mdb
2015-02-25 15:38 - 2015-02-25 15:38 - 02043556 _____ () C:\Users\Digital Storm\Downloads\Chronicles Nov.rar
2015-02-25 15:35 - 2015-02-25 15:35 - 54079185 _____ () C:\Users\Digital Storm\Downloads\TEW2013_TrialToRetail.EXE
2015-02-24 16:00 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 16:00 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-19 08:03 - 2015-02-19 08:03 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Steam
2015-02-18 20:17 - 2015-02-18 20:17 - 00000000 ____D () C:\Program Files\Microsoft Xbox One Controller for Windows
2015-02-18 20:12 - 2015-02-18 20:12 - 02854912 _____ () C:\Users\Digital Storm\Downloads\xb1usb.11059.0.140526x64.msi
2015-02-13 10:49 - 2015-02-13 10:49 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Logitech
2015-02-13 10:48 - 2015-02-13 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-13 10:48 - 2015-02-13 10:48 - 00000000 ____D () C:\Program Files\Logitech
2015-02-13 10:48 - 2015-02-13 10:48 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2015-02-13 10:47 - 2015-02-13 10:47 - 17276616 _____ (Logitech ) C:\Users\Digital Storm\Downloads\lgs510_x64.exe
2015-02-12 15:59 - 2013-08-22 08:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150212-155926.backup
2015-02-12 15:45 - 2015-02-12 15:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-12 15:45 - 2015-02-12 15:45 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-12 15:45 - 2015-02-12 15:45 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-12 15:45 - 2015-02-12 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-12 15:45 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-02-12 15:40 - 2015-02-12 15:40 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-02-12 15:39 - 2015-02-12 15:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Digital Storm\Downloads\spybot-2.4.exe
2015-02-12 08:48 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 08:48 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 10:13 - 2015-02-11 10:13 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-02-11 10:13 - 2015-02-11 10:13 - 00000000 ____D () C:\Program Files\Java
2015-02-11 10:12 - 2015-02-11 10:13 - 93427112 _____ (Oracle Corporation) C:\Users\Digital Storm\Downloads\jre-8u31-windows-x64.exe
2015-02-10 16:35 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 16:35 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 16:35 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 16:35 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 16:35 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 16:35 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 16:35 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 16:35 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 16:35 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 16:35 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 16:35 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 16:35 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 16:35 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 16:34 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 16:34 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 16:34 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 16:34 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 16:34 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 16:34 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 16:34 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 16:34 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 16:34 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 16:34 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 16:34 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 16:34 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 16:34 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 16:34 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 16:34 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 16:34 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 16:34 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 16:34 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 16:34 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 16:34 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 16:34 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 16:34 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 16:34 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 16:34 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 16:34 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 16:34 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 16:34 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 16:34 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 16:34 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 16:34 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 16:34 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 16:34 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 16:34 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 16:34 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 16:34 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 16:34 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 16:34 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 16:33 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 16:33 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 16:33 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 16:33 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 16:33 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 16:33 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 16:33 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 16:33 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-04 18:22 - 2015-02-04 18:22 - 00323280 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\Corruption.exe
2015-02-04 18:22 - 2015-02-04 18:22 - 00316744 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\Infrastructure Spending.exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00461912 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\India.exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00461912 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\India(2).exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00461912 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\India(1).exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00330496 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\Fascist.exe
2015-02-04 18:20 - 2015-02-04 18:22 - 00000000 ____D () C:\Program Files (x86)\Democracy 3
2015-02-04 18:20 - 2015-02-04 18:20 - 00347856 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\DepartmentForEducationAndFamilies.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 13:23 - 2013-08-09 04:33 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 13:22 - 2013-10-28 21:00 - 01273845 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-04 13:21 - 2013-08-31 16:30 - 00000966 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001UA.job
2015-03-04 13:01 - 2013-09-09 19:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-04 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-04 11:31 - 2013-07-25 11:11 - 00003590 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-748073090-314025420-2060316-1001
2015-03-04 09:18 - 2015-01-26 07:50 - 00005022 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DIGITALSTORM-Digital Storm DigitalStorm
2015-03-04 09:14 - 2013-08-12 07:12 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-04 09:13 - 2013-09-29 23:04 - 00864642 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-04 09:08 - 2013-10-28 21:24 - 00000000 ___DO () C:\Users\Digital Storm\SkyDrive
2015-03-04 09:06 - 2014-05-18 15:04 - 00001529 ___SH () C:\WINDOWS\SysWOW64\mmf.sys
2015-03-04 09:06 - 2014-04-26 08:52 - 00025422 _____ () C:\WINDOWS\setupact.log
2015-03-04 09:06 - 2013-09-29 22:55 - 00269688 _____ () C:\WINDOWS\PFRO.log
2015-03-04 09:06 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 09:06 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-04 09:06 - 2013-08-09 04:33 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 09:06 - 2013-07-25 11:33 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-03-04 09:05 - 2013-10-28 21:01 - 00000000 ____D () C:\Users\Digital Storm
2015-03-04 08:20 - 2013-08-31 16:30 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001Core.job
2015-03-04 07:35 - 2013-12-29 16:10 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7B2DCD38-D12F-4CA2-8E48-8D6AC04A8363}
2015-03-03 20:17 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-03 08:17 - 2013-07-27 01:46 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 20:31 - 2013-08-17 04:07 - 00000000 ____D () C:\Users\Digital Storm\AppData\Roaming\Spotify
2015-03-02 19:32 - 2013-08-17 04:07 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Spotify
2015-03-02 17:58 - 2013-08-19 11:57 - 00000000 ____D () C:\Users\Digital Storm\Documents\FIFA 13
2015-03-02 16:20 - 2013-08-16 11:50 - 00000000 ____D () C:\ProgramData\Origin
2015-03-02 11:03 - 2013-07-25 11:05 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Packages
2015-03-02 07:33 - 2013-09-01 00:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-27 20:32 - 2014-03-02 23:47 - 00000000 ____D () C:\Users\Digital Storm\AppData\Roaming\Bioshock
2015-02-27 11:23 - 2014-02-14 23:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 10:54 - 2013-08-16 11:50 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-27 06:04 - 2014-01-02 17:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 16:52 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-19 23:24 - 2013-08-09 04:34 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 00:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 16:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 15:45 - 2013-08-09 04:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 08:33 - 2013-08-22 09:44 - 00484208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 08:32 - 2014-12-11 09:38 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 08:32 - 2014-07-10 06:39 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 10:13 - 2013-12-29 15:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 17:19 - 2013-08-09 09:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-10 17:19 - 2013-07-25 11:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 17:16 - 2013-07-27 01:56 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-06 13:21 - 2014-09-16 17:41 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Adobe
2015-02-06 13:21 - 2013-09-09 19:19 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-05 08:15 - 2013-08-31 16:30 - 00003928 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001UA
2015-02-05 08:15 - 2013-08-31 16:30 - 00003548 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001Core
2015-02-04 07:18 - 2013-08-09 04:33 - 00003904 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 07:18 - 2013-08-09 04:33 - 00003668 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-18 21:44 - 2014-07-20 08:52 - 0000097 _____ () C:\Users\Digital Storm\AppData\Roaming\LauncherSettings_live.cfg
2014-07-18 22:18 - 2014-07-18 22:18 - 0000040 _____ () C:\Users\Digital Storm\AppData\Roaming\TheHunterSettings_steam_live.cfg
2013-12-29 10:28 - 2013-12-29 10:28 - 0000101 _____ () C:\Users\Digital Storm\AppData\Local\fusioncache.dat
2013-07-25 11:32 - 2013-07-25 11:37 - 0000300 _____ () C:\Users\Digital Storm\AppData\Local\killertool.log
2014-12-05 08:09 - 2014-12-05 08:09 - 0000017 _____ () C:\Users\Digital Storm\AppData\Local\resmon.resmoncfg
2013-11-26 12:01 - 2013-11-26 12:01 - 0000025 ____H () C:\ProgramData\.811261211181235583101118113995

Some content of TEMP:
====================
C:\Users\Digital Storm\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-04 11:31

==================== End Of Log ============================


  • 0

#6
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-03-04 13:37:36
-----------------------------
13:37:36.208    OS Version: Windows x64 6.2.9200
13:37:36.209    Number of processors: 8 586 0x3C03
13:37:36.210    ComputerName: DIGITALSTORM  UserName:
13:37:36.889    Initialize success
13:37:36.926    VM: initialized successfully
13:37:36.929    VM: Intel CPU supported
13:37:40.642    VM: supported disk I/O storport.sys
13:37:49.419    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003d
13:37:49.436    Disk 0 Vendor: Corsair_Neutron_GTX_SSD M306 Size: 228936MB BusType: 11
13:37:49.445    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000003f
13:37:49.450    Disk 1 Vendor: TOSHIBA_MQ01ABD100 AX0R2J Size: 953869MB BusType: 11
13:37:49.465    VM: Disk 0 MBR read successfully
13:37:49.485    Disk 0 MBR scan
13:37:49.491    Disk 0 Windows 7 default MBR code
13:37:49.498    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          350 MB offset 2048
13:37:49.511    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       228584 MB offset 718848
13:37:49.532    Disk 0 scanning C:\WINDOWS\system32\drivers
13:37:52.419    Service scanning
13:37:57.454    Modules scanning
13:37:57.474    Disk 0 trace - called modules:
13:37:57.494    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys
13:37:57.505    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000ad6dd740]
13:37:57.516    3 CLASSPNP.SYS[fffff8011be2a170] -> nt!IofCallDriver -> [0xffffe000ac5a84e0]
13:37:57.527    5 ACPI.sys[fffff8011b772c21] -> nt!IofCallDriver -> \Device\0000003d[0xffffe000ac5a3060]
13:37:57.538    Disk 0 statistics 126098/0/9 @ 51.02 MB/s
13:37:57.550    Scan finished successfully
13:38:14.956    Disk 0 MBR has been saved successfully to "C:\Users\Digital Storm\Downloads\MBR.dat"
13:38:14.969    The log file has been saved successfully to "C:\Users\Digital Storm\Downloads\aswMBR.txt"

 


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
After the reboot from this fix could you let me know if defender opens. Do you have an anti-virus installed ?



CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-748073090-314025420-2060316-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...28AD64F85&SSPV=
SearchScopes: HKU\S-1-5-21-748073090-314025420-2060316-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-748073090-314025420-2060316-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=55&CUI=&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85&SSPV=
FF user.js: detected! => C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\user.js
FF SearchPlugin: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\searchplugins\trovi.xml
CHR HomePage: Default -> hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=2E490C8BFD2C5A61&affID=119794&tsp=5011
CHR StartupUrls: Default -> "hxxp://popurls.com/", "hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=55&CUI=&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85&SSPV="
CHR DefaultSearchKeyword: Default -> delta-search.com
CHR Extension: (No Name) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-09-19]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.)
R2 nerelefe; C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\jnsrFF8E.tmp [103424 2015-03-04] () [File not signed]
R2 ducesuvy; C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009\nscCED3.tmpfs [X]
S1 cgqddukf; \??\C:\WINDOWS\system32\drivers\cgqddukf.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
2015-03-04 09:01 - 2015-03-04 09:02 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\03000200-1425459681-0500-0006-000700080009
2015-03-04 09:00 - 2015-03-04 09:02 - 00000000 ____D () C:\Users\Digital Storm\Documents\ProPCCleaner
2015-03-04 09:00 - 2015-03-04 09:00 - 00003220 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-03-04 09:00 - 2015-03-04 09:00 - 00000000 ____D () C:\Users\Digital Storm\AppData\Roaming\03000200-1425459619-0500-0006-000700080009
2015-03-04 09:00 - 2015-03-04 09:00 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Pro_PC_Cleaner
2013-11-26 12:01 - 2013-11-26 12:01 - 0000025 ____H () C:\ProgramData\.811261211181235583101118113995
C:\WINDOWS\system32\drivers\cgqddukf.sys
C:\WINDOWS\system32\drivers\qrnfd_1_10_0_9.sys
Hosts:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#8
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I did have a virus protector but it looks like it recently expired. What is the best protection. Also, where do I find the script for the fix I just did . Last time it just came up when it was done. This time it didn't.

 

And lastly. Thank you so much for your help so far. I truly appreciate it. Amazing work. I am downloading the second part now.


  • 0

#9
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Here is the second Script for the adwcleaner . And unfortunately the Windows defender still says it need to be opened by group policy.

 

# AdwCleaner v4.111 - Logfile created 04/03/2015 at 18:26:09
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Digital Storm - DIGITALSTORM
# Running from : C:\Users\Digital Storm\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\DIGITA~1\AppData\Local\Temp\apn
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Digital Storm\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Digital Storm\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Users\Digital Storm\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\bprotector_extensions.sqlite

***** [ Scheduled tasks ] *****

Task Deleted : ProPCCleaner_Start

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\QuickRef_1.10.0.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Democracy 3_is1
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v36.0 (x86 en-US)

[jmty1bro.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Amazon.com,Ask Search,AVG Secure Search,Bing,eBay,Trovi");
[jmty1bro.default\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.domain", "\"www.search.ask.com\"");
[jmty1bro.default\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11408&pf=V7&trgb=FF&p2=%5EBBG%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_32.[...]
[jmty1bro.default\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.newTabSearchURL", "\"hxxp://www.search.ask.com/web?o=APN11408&p2=%5EBBG%5EOSJ000%5EYY%5EUS&tpid=ORJ-SPE&gct=tab&apn_uid=CFFC9BD3-3A96-44A1-AC06-28AB6B99DE19&apn_ptnrs=BBG[...]
[jmty1bro.default\prefs.js] - Line Deleted : user_pref("extensions.ORJ-SPE.searchURL", "\"hxxp://www.search.ask.com/web?o=APN11408&p2=%5EBBG%5EOSJ000%5EYY%5EUS&tpid=ORJ-SPE&gct=bar&apn_uid=CFFC9BD3-3A96-44A1-AC06-28AB6B99DE19&apn_ptnrs=BBG&apn_d[...]
[jmty1bro.default\prefs.js] - Line Deleted : user_pref("extensions.ORJ-V7C.DataStore.toolbar", "{\"BLACKLIST_SUBDOMAINS_OF\":[\"join.me\",\"Bing.com\",\"Hotmail.com\",\"Live.com\"],\"BLACKLIST_DOMAIN\":{\"touch.facebook.com\":true,\"nvmodules.ne[...]
[jmty1bro.default\prefs.js] - Line Deleted : user_pref("extensions.ORJ-V7C.domain", "\"www.search.ask.com\"");
[jmty1bro.default\prefs.js] - Line Deleted : user_pref("extensions.ORJ-V7C.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11408&pf=V7&trgb=FF&p2=%5EBBG%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_29.[...]

-\\ Google Chrome v40.0.2214.115

[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2E490C8BFD2C5A61&affID=119794&tsp=5011
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40760265271246413&ctid=CT3294791&UM=2
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={467FF177-895F-4FCA-88BD-24611819AFF9}&mid=705e037fd63647d0b5e2d16fd87b0724-a57d5cd4ceb9639150edf08c8dcf3fb8f3232656&lang=en&ds=gl011&pr=sa&d=2012-08-06 21:07:38&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2E490C8BFD2C5A61&affID=119794&tsp=5011
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=58&CUI=&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85&q={searchTerms}&SSPV=

-\\ Chromium v

[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2E490C8BFD2C5A61&affID=119794&tsp=5011
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN40760265271246413&ctid=CT3294791&UM=2
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={467FF177-895F-4FCA-88BD-24611819AFF9}&mid=705e037fd63647d0b5e2d16fd87b0724-a57d5cd4ceb9639150edf08c8dcf3fb8f3232656&lang=en&ds=gl011&pr=sa&d=2012-08-06 21:07:38&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2E490C8BFD2C5A61&affID=119794&tsp=5011
[C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=MC0636440-98AA-4CA6-A440-9387C9A69279&SearchSource=58&CUI=&UM=8&UP=SP0AB43F9F-EE10-4DDA-9453-17B28AD64F85&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [6831 bytes] - [04/03/2015 18:22:06]
AdwCleaner[S0].txt - [8364 bytes] - [04/03/2015 18:26:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8423  bytes] ##########
 


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have a fresh FRST scan please to see if the drivers I deleted really have gone

We will look at a fresh AV next
  • 0

Advertisements


#11
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Sorry for the delay. I was out of town for a job interview. Here is the scan as requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Digital Storm (administrator) on DIGITALSTORM on 06-03-2015 07:43:39
Running from C:\Users\Digital Storm\Downloads
Loaded Profiles: Digital Storm (Available profiles: Digital Storm)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\Runservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{C159DEFD-4CF1-4825-AAB1-A81997279FF6}\41.0.2272.76_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_C8A20.tmp\setup.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7657792 2013-06-28] (OrdinarySoft)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Spotify Web Helper] => C:\Users\Digital Storm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-02] (Spotify Ltd)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Google Update] => C:\Users\Digital Storm\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-31] (Google Inc.)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Spotify] => C:\Users\Digital Storm\AppData\Roaming\Spotify\spotify.exe [6737976 2015-02-02] (Spotify Ltd)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [GoogleChromeAutoLaunch_CC051D5897F5F3AEBC9A803FAFD6A26A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [19053720 2015-01-13] (Microsoft Corporation)
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {238df597-ad37-11e4-bf2c-8c89a50b7a12} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {26edb116-6011-11e3-be8a-0c8bfd2c5a64} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {4670df28-ac59-11e3-beb9-0c8bfd2c5a64} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {4670df35-ac59-11e3-beb9-0c8bfd2c5a64} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-748073090-314025420-2060316-1001\...\MountPoints2: {e7854d6a-adfe-11e4-bf2d-8c89a50b7a12} - "F:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Digital Storm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-748073090-314025420-2060316-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Digital Storm\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-748073090-314025420-2060316-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: TopArcadeHits - C:\Users\Digital Storm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-09-19]
FF Extension: Bookmark Current Tab Set - C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\Extensions\[email protected] [2014-11-19]
FF Extension: Adblock Plus - C:\Users\Digital Storm\AppData\Roaming\Mozilla\Firefox\Profiles\jmty1bro.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-11]

Chrome:
=======
CHR Profile: C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\Digital Storm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [31904 2013-08-16] (Microsoft Corporation)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S3 DAUpdaterSvc; D:\free steam games\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-02-08] (BioWare)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-12-16] (Hi-Rez Studios) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LicCtrlService; C:\WINDOWS\runservice.exe [2560 2014-05-18] () [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-16] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-27] (Electronic Arts)
S4 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 StartMenuXService; C:\Program Files\Start Menu X\StartMenuXService.exe [67904 2013-02-09] (OrdinarySoft)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3379440 2013-04-16] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3597792 2013-05-14] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299848 2015-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 07:43 - 2015-03-06 07:43 - 00000000 ____D () C:\Users\Digital Storm\Downloads\FRST-OlderVersion
2015-03-04 18:21 - 2015-03-04 18:26 - 00000000 ____D () C:\AdwCleaner
2015-03-04 18:19 - 2015-03-04 18:20 - 02126848 _____ () C:\Users\Digital Storm\Downloads\AdwCleaner.exe
2015-03-04 13:38 - 2015-03-04 13:38 - 00001964 _____ () C:\Users\Digital Storm\Downloads\aswMBR.txt
2015-03-04 13:38 - 2015-03-04 13:38 - 00000512 _____ () C:\Users\Digital Storm\Downloads\MBR.dat
2015-03-04 13:37 - 2015-03-04 13:37 - 05200384 _____ (AVAST Software) C:\Users\Digital Storm\Downloads\aswmbr.exe
2015-03-04 13:32 - 2015-03-04 13:33 - 00047706 _____ () C:\Users\Digital Storm\Downloads\Addition.txt
2015-03-04 13:31 - 2015-03-06 07:43 - 00021250 _____ () C:\Users\Digital Storm\Downloads\FRST.txt
2015-03-04 13:29 - 2015-03-06 07:43 - 00000000 ____D () C:\FRST
2015-03-04 13:28 - 2015-03-06 07:43 - 02092544 _____ (Farbar) C:\Users\Digital Storm\Downloads\FRST64.exe
2015-03-04 09:56 - 2015-03-04 09:56 - 00188218 _____ () C:\Users\Digital Storm\Downloads\Extras.Txt
2015-03-04 09:53 - 2015-03-04 09:53 - 00145008 _____ () C:\Users\Digital Storm\Downloads\OTL.Txt
2015-03-04 09:39 - 2015-03-04 09:39 - 00602112 _____ (OldTimer Tools) C:\Users\Digital Storm\Downloads\OTL.exe
2015-03-04 09:00 - 2015-03-04 09:00 - 00000000 ____D () C:\ProgramData\micron
2015-03-04 08:57 - 2015-03-04 08:57 - 00626248 _____ () C:\Users\Digital Storm\Downloads\CCleaner 4.11.4619.exe
2015-02-25 15:41 - 2015-02-25 15:41 - 24547328 _____ () C:\Users\Digital Storm\Downloads\TEW2013.mdb
2015-02-25 15:38 - 2015-02-25 15:38 - 02043556 _____ () C:\Users\Digital Storm\Downloads\Chronicles Nov.rar
2015-02-25 15:35 - 2015-02-25 15:35 - 54079185 _____ () C:\Users\Digital Storm\Downloads\TEW2013_TrialToRetail.EXE
2015-02-24 16:00 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 16:00 - 2014-12-13 16:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-19 08:03 - 2015-02-19 08:03 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Steam
2015-02-18 20:17 - 2015-02-18 20:17 - 00000000 ____D () C:\Program Files\Microsoft Xbox One Controller for Windows
2015-02-18 20:12 - 2015-02-18 20:12 - 02854912 _____ () C:\Users\Digital Storm\Downloads\xb1usb.11059.0.140526x64.msi
2015-02-13 10:49 - 2015-02-13 10:49 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Logitech
2015-02-13 10:48 - 2015-02-13 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-13 10:48 - 2015-02-13 10:48 - 00000000 ____D () C:\Program Files\Logitech
2015-02-13 10:48 - 2015-02-13 10:48 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2015-02-13 10:47 - 2015-02-13 10:47 - 17276616 _____ (Logitech ) C:\Users\Digital Storm\Downloads\lgs510_x64.exe
2015-02-12 15:59 - 2013-08-22 08:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150212-155926.backup
2015-02-12 15:45 - 2015-02-12 15:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-12 15:45 - 2015-02-12 15:45 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-12 15:45 - 2015-02-12 15:45 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-12 15:45 - 2015-02-12 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-12 15:45 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-02-12 15:40 - 2015-02-12 15:40 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-02-12 15:39 - 2015-02-12 15:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Digital Storm\Downloads\spybot-2.4.exe
2015-02-12 08:48 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 08:48 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 10:13 - 2015-02-11 10:13 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-02-11 10:13 - 2015-02-11 10:13 - 00000000 ____D () C:\Program Files\Java
2015-02-11 10:12 - 2015-02-11 10:13 - 93427112 _____ (Oracle Corporation) C:\Users\Digital Storm\Downloads\jre-8u31-windows-x64.exe
2015-02-10 16:35 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 16:35 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 16:35 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 16:35 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 16:35 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 16:35 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 16:35 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 16:35 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 16:35 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 16:35 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 16:35 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 16:35 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 16:35 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 16:34 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 16:34 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 16:34 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 16:34 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 16:34 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 16:34 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 16:34 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 16:34 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 16:34 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 16:34 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 16:34 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 16:34 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 16:34 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 16:34 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 16:34 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 16:34 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 16:34 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 16:34 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 16:34 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 16:34 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 16:34 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 16:34 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 16:34 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 16:34 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 16:34 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 16:34 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 16:34 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 16:34 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 16:34 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 16:34 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 16:34 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 16:34 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 16:34 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 16:34 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 16:34 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 16:34 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 16:34 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 16:33 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 16:33 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 16:33 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 16:33 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 16:33 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 16:33 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 16:33 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 16:33 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-04 18:22 - 2015-02-04 18:22 - 00323280 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\Corruption.exe
2015-02-04 18:22 - 2015-02-04 18:22 - 00316744 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\Infrastructure Spending.exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00461912 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\India.exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00461912 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\India(2).exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00461912 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\India(1).exe
2015-02-04 18:21 - 2015-02-04 18:21 - 00330496 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\Fascist.exe
2015-02-04 18:20 - 2015-02-04 18:22 - 00000000 ____D () C:\Program Files (x86)\Democracy 3
2015-02-04 18:20 - 2015-02-04 18:20 - 00347856 _____ (Positech Games ) C:\Users\Digital Storm\Downloads\DepartmentForEducationAndFamilies.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 07:40 - 2013-12-29 16:10 - 00003974 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7B2DCD38-D12F-4CA2-8E48-8D6AC04A8363}
2015-03-06 02:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-05 23:23 - 2013-08-09 04:33 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-05 23:21 - 2013-10-28 21:00 - 01842879 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-05 23:20 - 2013-08-31 16:30 - 00000966 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001UA.job
2015-03-05 23:01 - 2013-09-09 19:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-05 08:20 - 2013-08-31 16:30 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001Core.job
2015-03-05 08:08 - 2013-07-25 11:11 - 00003590 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-748073090-314025420-2060316-1001
2015-03-05 07:23 - 2013-08-09 04:33 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 05:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 04:24 - 2013-08-09 04:34 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-05 00:11 - 2015-01-26 07:50 - 00005022 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DIGITALSTORM-Digital Storm DigitalStorm
2015-03-04 21:27 - 2013-08-12 07:12 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-04 18:33 - 2013-09-29 23:04 - 00864642 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-04 18:27 - 2013-10-28 21:24 - 00000000 ___DO () C:\Users\Digital Storm\SkyDrive
2015-03-04 18:27 - 2013-07-25 11:33 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-03-04 18:26 - 2014-05-18 15:04 - 00001529 ___SH () C:\WINDOWS\SysWOW64\mmf.sys
2015-03-04 18:26 - 2014-04-26 08:52 - 00025884 _____ () C:\WINDOWS\setupact.log
2015-03-04 18:26 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-04 18:18 - 2013-09-29 22:55 - 00270354 _____ () C:\WINDOWS\PFRO.log
2015-03-04 18:18 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-04 09:05 - 2013-10-28 21:01 - 00000000 ____D () C:\Users\Digital Storm
2015-03-03 08:17 - 2013-07-27 01:46 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 20:31 - 2013-08-17 04:07 - 00000000 ____D () C:\Users\Digital Storm\AppData\Roaming\Spotify
2015-03-02 19:32 - 2013-08-17 04:07 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Spotify
2015-03-02 17:58 - 2013-08-19 11:57 - 00000000 ____D () C:\Users\Digital Storm\Documents\FIFA 13
2015-03-02 16:20 - 2013-08-16 11:50 - 00000000 ____D () C:\ProgramData\Origin
2015-03-02 11:03 - 2013-07-25 11:05 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Packages
2015-03-02 07:33 - 2013-09-01 00:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-27 20:32 - 2014-03-02 23:47 - 00000000 ____D () C:\Users\Digital Storm\AppData\Roaming\Bioshock
2015-02-27 11:23 - 2014-02-14 23:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-27 10:54 - 2013-08-16 11:50 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-27 06:04 - 2014-01-02 17:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 16:52 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 00:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 16:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 15:45 - 2013-08-09 04:39 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 08:33 - 2013-08-22 09:44 - 00484208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 08:32 - 2014-12-11 09:38 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 08:32 - 2014-07-10 06:39 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 10:13 - 2013-12-29 15:51 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 17:19 - 2013-08-09 09:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-10 17:19 - 2013-07-25 11:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 17:16 - 2013-07-27 01:56 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-06 13:21 - 2014-09-16 17:41 - 00000000 ____D () C:\Users\Digital Storm\AppData\Local\Adobe
2015-02-06 13:21 - 2013-09-09 19:19 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-05 08:15 - 2013-08-31 16:30 - 00003928 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001UA
2015-02-05 08:15 - 2013-08-31 16:30 - 00003548 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-748073090-314025420-2060316-1001Core
2015-02-04 07:18 - 2013-08-09 04:33 - 00003904 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 07:18 - 2013-08-09 04:33 - 00003668 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-07-18 21:44 - 2014-07-20 08:52 - 0000097 _____ () C:\Users\Digital Storm\AppData\Roaming\LauncherSettings_live.cfg
2014-07-18 22:18 - 2014-07-18 22:18 - 0000040 _____ () C:\Users\Digital Storm\AppData\Roaming\TheHunterSettings_steam_live.cfg
2013-12-29 10:28 - 2013-12-29 10:28 - 0000101 _____ () C:\Users\Digital Storm\AppData\Local\fusioncache.dat
2013-07-25 11:32 - 2013-07-25 11:37 - 0000300 _____ () C:\Users\Digital Storm\AppData\Local\killertool.log
2014-12-05 08:09 - 2014-12-05 08:09 - 0000017 _____ () C:\Users\Digital Storm\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Digital Storm\AppData\Local\Temp\Quarantine.exe
C:\Users\Digital Storm\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-04 19:20

==================== End Of Log ============================


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It may be that McAfee has left the registry keys that stop defender from running

Download the following tool to your desktop
http://us.mcafee.com...s/mcpr/mcpr.asp

Now run this programme, after the reboot let me know if defender is up and running.

With regards to AV and security set up, here is a suggestion that I posted yesterday http://www.geekstogo...-2#entry2484544 this is the same set up I have on my 8.1 system. I would also recommend that you uninstall Spybot as currently it is behind the malware curve.
  • 0

#13
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I have removed Spybot and ran the program you gave me. Unfortunately, Windows defender is still giving me the same message when I try to run it.

 

Thank you for the link. I am using it now.


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK whilst you are perusing that lets have a quick look at the settings for defender


Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#15
Twatson31

Twatson31

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Farbar Service Scanner Version: 17-01-2015
Ran by Digital Storm (administrator) on 07-03-2015 at 09:34:03
Running from "C:\Users\Digital Storm\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP