Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware Infection [Solved]


  • This topic is locked This topic is locked

#1
Sindrono

Sindrono

    New Member

  • Member
  • Pip
  • 6 posts

So I believe I have malware or some type of infections despite the fact I use adblock getting ads on the sides and bottom of my browser. As well as malwarebytes picking up some viruses. Its installing Tencent SSO Platform, NyxLauncher, and OpenH264 plugins into firefox or at least I don't recognize these three programs in my browser. Through taskmanager I'm also seeing some suspicious task which I'll list below.

 

nvstreamsvc.exe

nvvsvc.exe

nvxdsync.exe

conhost.exe

csrss.exe

 

Short update I've run adwcleaner, malwarbytes, still running avast at this moment. Its detected one infection. The ads on my browser are gone but I'm worried I might still have something lingering.

 

Farbar Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-04-2015 01
Ran by Sotomone (administrator) on SOTOMONE-HP on 18-04-2015 06:47:38
Running from C:\Users\Sotomone\Downloads
Loaded Profiles: Sotomone &  (Available profiles: Sotomone)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
() C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5\cnso3EE8.tmp
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5\snst789B.tmp
() C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\nshFA20.tmpfs
() C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\jnsc41A1.tmp
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5\ansi38FD.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-03] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4547872 2015-03-23] (iolo technologies, LLC)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Sotomone\AppData\Local\322A9F80-1429332467-11E1-BD97-E840F2A6B1F5\bnsxF144.exe [193536 2015-04-17] ()
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\Run: [C3] => [X]
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\Run: [MyComGames] => C:\Users\Sotomone\AppData\Local\MyComGames\MyComGames.exe [3838408 2015-04-18] ()
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\Run: [BitTorrent] => C:\Users\Sotomone\AppData\Roaming\BitTorrent\BitTorrent.exe [1742936 2015-03-24] (BitTorrent Inc.)
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [C3] => [X]
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyComGames] => C:\Users\Sotomone\AppData\Local\MyComGames\MyComGames.exe [3838408 2015-04-18] ()
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BitTorrent] => C:\Users\Sotomone\AppData\Roaming\BitTorrent\BitTorrent.exe [1742936 2015-03-24] (BitTorrent Inc.)
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
BootExecute: """""""autocheck autochk /p \??\C:""""""""""""""""""""""autocheck autochk /p \??\C:"""""""""""""""1"""""""볹ݍӤ"""""""0㈵〠‰㕅䄠⁁㔲㔠‶䍆ㄠ⁁㘸䔠⁄㘹䌠‹㑄㐠⁂㌳䌠‷d."""""""媉ݍӤ"""""""0㠱䐠⁁ㅄ㤠⁅㘲㜠⁄㡅䈠⁂䄴㈠‱㠵䌠⁄䍃㘠⁂䈳㐠⁁d.剀ݍ皰ጠꏜጝ00000"""""""牀ǥҰ"""""""h"""""""Find references to installed Windows services and device drivers that no longer exist or have been moved""""""""""""""""""""""it"""""""">"""""""儊牀ǥꀬፄ64&sg=0110CE4A8F6"""""""8""""""""""""""Ұ"""""""þ000000006E000000000000006E000000B6FCFE033C1846065C1305016E00080248FCFE03AA18460600000000000000000000000001000000030000006E000000B8E248000000000011DC097A4CFBFE031CFCFE0330FFFE03F571FA76000000000000000058FEFE035FA8F67698F6670C48FCFE036E00000090F6670CE4A8F61贰ݷⲔፆ✀ϓ㼜ݫs>""" 2E B4 DA 3A 9C 4B A1 34 0E 34 4F 1D C7 7F E2 89 6A D3 74 67 67 41 02 62 80 32 05 50 03 F3 F4 B6 B0 55 56 BA 4E E6 20 4C B9 08 49 0B 52 B6 00 E7 F0 67 22 31 6B 0C 92 31 85 A6 14 88 A0 26 """root>"-912533357-4246775236-1158634775-1000 ""C:\Users\Sotomone\ntuser.dat"" /Y""echo Copying S-1-5-21-912533357-4246775236-1158634775-1000_Classes hive...""copy .\S-1-5-21-912533357-4246775236-1158634775-1000_Classes ""C:\Users\Sotomone\AppData\Local\Microsoft\Windows\UsrClass.dat"" /Y""echo Restore complete...please reboot"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll No File
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-01] (Oracle Corporation)
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-01] (Oracle Corporation)
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} ->  No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
Winsock: Catalog9 11 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 12 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 13 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 14 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

FireFox:
========
FF ProfilePath: C:\Users\Sotomone\AppData\Roaming\Mozilla\Firefox\Profiles\1j04sf04.default-1429359519930
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll [2013-12-30] (Tencent)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [2013-03-29] ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: iTechnologie/Burster -> C:\Program Files (x86)\iTechnologie\Burster\npburster.dll [2013-04-05] (iTechnologie, Ltd.)
FF Plugin HKU\S-1-5-21-912533357-4246775236-1158634775-1000: @my.com/Games -> C:\Users\Sotomone\AppData\Local\MyComGames\NPMyComDetector.dll [2015-04-18] (My.com, Inc)
FF Plugin HKU\S-1-5-21-912533357-4246775236-1158634775-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sotomone\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @my.com/Games -> C:\Users\Sotomone\AppData\Local\MyComGames\NPMyComDetector.dll [2015-04-18] (My.com, Inc)
FF Plugin HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sotomone\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-18] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Sotomone\AppData\Roaming\Mozilla\Firefox\Profiles\1j04sf04.default-1429359519930\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-18]
FF Extension: Adblock Edge - C:\Users\Sotomone\AppData\Roaming\Mozilla\Firefox\Profiles\1j04sf04.default-1429359519930\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-04-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-12]

Chrome:
=======
CHR Profile: C:\Users\Sotomone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sotomone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-21]
CHR Extension: (YouTube) - C:\Users\Sotomone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-21]
CHR Extension: (Google Search) - C:\Users\Sotomone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-21]
CHR Extension: (Yahoo! Toolbar for Chrome) - C:\Users\Sotomone\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-12-23]
CHR Extension: (Google Wallet) - C:\Users\Sotomone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Sotomone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-03-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-30] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4703432 2015-03-23] (iolo technologies, LLC)
R2 lupuzyky; C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5\cnso3EE8.tmp [94720 2015-04-18] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-04-01] (Electronic Arts)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [File not signed]
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-21] ()
S4 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 tycubyto; C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5\snst789B.tmp [98304 2015-04-18] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 zorevige; C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\jnsc41A1.tmp [226304 2015-04-18] () [File not signed]
R2 vipifumo; C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\nshFA20.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2014-10-28] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-30] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-30] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-30] ()
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation)
S3 GunBod; C:\Game\SoftnyxGame\GunboundIS\avital\gunbod64.sys [82320 2014-01-03] () [File not signed]
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 nocashio; C:\Windows\SysWOW64\drivers\nocashio.sys [4096 2014-09-10] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2014-09-21] (TENCENT)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S1 QMUdisk; \??\c:\program files (x86)\bladensoul\QQPCMgr\8.11.11347.801\QMUdisk64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 sclbl; \??\C:\AeriaGames\ScarletBlade\avital\scarbt64.sys [X]
S3 sjcst; \??\C:\AeriaGames\EdenEternal\avital\sjcsu64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 06:47 - 2015-04-18 06:47 - 00026026 _____ () C:\Users\Sotomone\Downloads\FRST.txt
2015-04-18 06:46 - 2015-04-18 06:47 - 00000000 ____D () C:\FRST
2015-04-18 06:45 - 2015-04-18 06:45 - 02098176 _____ (Farbar) C:\Users\Sotomone\Downloads\FRST64.exe
2015-04-18 06:18 - 2015-04-18 06:18 - 00000000 ____D () C:\Users\Sotomone\Desktop\Old Firefox Data
2015-04-18 05:13 - 2015-04-18 06:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 05:12 - 2015-04-18 05:12 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-18 05:12 - 2015-04-18 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-18 05:12 - 2015-04-18 05:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-18 05:12 - 2015-04-18 05:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-18 05:12 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-18 05:12 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-18 05:12 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-18 05:10 - 2015-04-18 05:10 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Sotomone\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-18 05:03 - 2015-04-18 05:04 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429333431-11E1-BD97-E840F2A6B1F5
2015-04-18 05:01 - 2015-04-18 05:01 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.14
2015-04-18 04:50 - 2015-04-18 06:14 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5
2015-04-18 04:50 - 2015-04-18 04:50 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5
2015-04-18 04:49 - 2015-04-18 04:49 - 00000000 ____D () C:\ProgramData\8ca32d2b00000451
2015-04-18 04:47 - 2015-04-18 04:47 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332467-11E1-BD97-E840F2A6B1F5
2015-04-18 04:46 - 2015-04-18 06:29 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5
2015-04-18 04:46 - 2015-04-18 04:46 - 00000000 ____D () C:\ProgramData\{fbeb714d-19fa-4f20-fbeb-b714d19fc534}
2015-04-18 04:35 - 2015-04-18 04:35 - 00001848 _____ () C:\Users\Sotomone\Desktop\Play Grand Theft Auto V.lnk
2015-04-18 01:53 - 2015-04-18 01:53 - 00000000 ____D () C:\Users\Sotomone\Downloads\3DMGAME-Middle-earth.Shadow.of.Mordor.Update.6.Incl.DLC.and.Crack-3DM
2015-04-17 10:32 - 2015-04-17 10:32 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\openvr
2015-04-17 10:17 - 2015-04-17 10:17 - 00003304 _____ () C:\Windows\System32\Tasks\{742488F0-E98B-4BEE-AC2C-61880202892E}
2015-04-17 08:35 - 2015-04-17 09:15 - 00000000 ____D () C:\Users\Sotomone\Downloads\Middle Earth Shadow of Mordor Update Build v1808 19 incl DLC-CODEX
2015-04-17 08:32 - 2015-04-17 08:38 - 00000000 ____D () C:\Users\Sotomone\Downloads\Shadow Of Mordor by xatab
2015-04-17 04:52 - 2015-04-17 04:52 - 00000880 _____ () C:\Users\Sotomone\Desktop\Launcher - Shortcut.lnk
2015-04-17 03:52 - 2015-04-17 03:52 - 00000080 _____ () C:\Users\Sotomone\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-17 03:48 - 2015-04-17 03:48 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\Rockstar Games
2015-04-17 03:47 - 2015-04-17 03:47 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-17 03:47 - 2015-02-10 16:36 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-16 17:04 - 2015-04-16 17:04 - 00001662 _____ () C:\Users\Sotomone\Desktop\Morrowind Launcher - Shortcut.lnk
2015-04-15 07:44 - 2015-04-08 14:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-15 07:41 - 2015-04-08 18:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-15 07:41 - 2015-04-08 18:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-15 07:41 - 2015-04-08 18:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-15 05:26 - 2015-04-15 05:26 - 00001347 _____ () C:\Users\Sotomone\Desktop\obse_loader - Shortcut.lnk
2015-04-15 05:22 - 2015-04-15 06:39 - 00000023 _____ () C:\Windows\BlendSettings.ini
2015-04-15 05:21 - 2015-04-15 05:21 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\Oblivion
2015-04-15 05:17 - 2015-04-15 05:17 - 00001137 _____ () C:\Users\Public\Desktop\Oblivion.lnk
2015-04-15 05:17 - 2015-04-15 05:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion
2015-04-15 05:13 - 2015-04-15 05:34 - 00000000 ____D () C:\Program Files (x86)\Oblivion
2015-04-15 03:40 - 2015-04-15 04:00 - 00000000 ____D () C:\Users\Sotomone\Downloads\Monsters Dark Continent 2014 1080P WEB-DL H264 AAC - KiNGDOM
2015-04-15 03:33 - 2015-04-15 03:45 - 00000000 ____D () C:\Users\Sotomone\Downloads\Pacific Rim (2013) [1080p]
2015-04-15 01:30 - 2015-04-15 01:30 - 00003072 _____ () C:\Windows\System32\Tasks\{BBA56C63-3700-4EB4-BCA3-50428B78E188}
2015-04-15 01:23 - 2015-04-15 01:24 - 24173486 _____ () C:\Users\Sotomone\Downloads\Mirillis Action! 1.18.0 Multilanguage Crack .rar
2015-04-14 04:08 - 2015-04-18 05:31 - 00000000 ____D () C:\Program Files (x86)\GTA V
2015-04-12 03:09 - 2015-04-12 03:09 - 00001244 _____ () C:\Users\Sotomone\Desktop\LOOT - Shortcut.lnk
2015-04-11 05:05 - 2015-04-12 03:09 - 00000000 ____D () C:\Program Files (x86)\LOOT
2015-04-11 05:05 - 2015-04-11 05:09 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\LOOT
2015-04-11 05:05 - 2015-04-11 05:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT
2015-04-10 13:56 - 2015-04-10 13:56 - 00058224 _____ (Infonaut) C:\Windows\system32\Drivers\innfd_1_10_0_14.sys
2015-04-10 05:06 - 2015-04-10 05:06 - 00001914 _____ () C:\Users\Sotomone\Desktop\GenerateFNISforUsers - Shortcut.lnk
2015-04-10 03:18 - 2015-04-12 07:19 - 00001854 _____ () C:\Users\Sotomone\Desktop\Skyrim (SKSE).lnk
2015-04-10 03:04 - 2015-04-10 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim
2015-04-10 02:49 - 2015-04-13 23:38 - 00000000 ____D () C:\Program Files (x86)\skyrim
2015-04-10 02:21 - 2015-04-10 02:41 - 2385252352 _____ () C:\Users\Sotomone\Downloads\SKYRIM_EN_WWW_V2.iso
2015-04-10 00:52 - 2015-04-10 00:52 - 00000060 _____ () C:\Users\Sotomone\Documents\Info.txt
2015-04-10 00:23 - 2015-04-10 02:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2015-04-09 14:40 - 2015-04-09 14:40 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\NVIDIA
2015-04-08 20:58 - 2015-04-08 20:58 - 00000933 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-08 20:58 - 2015-04-08 20:58 - 00000921 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-07 09:56 - 2015-04-07 09:56 - 00001100 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2015-04-07 09:56 - 2015-04-07 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-04-05 23:01 - 2015-04-05 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 01:53 - 2015-04-05 01:53 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 01:53 - 2015-04-05 01:53 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-02 22:07 - 2015-04-02 22:07 - 00000020 _____ () C:\Users\Sotomone\Documents\ESOKey.txt
2015-04-02 19:39 - 2015-04-02 19:39 - 00000000 ____D () C:\Users\Sotomone\Documents\Elder Scrolls Online
2015-04-02 19:39 - 2015-04-02 19:39 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2015-04-02 19:18 - 2015-04-02 19:18 - 00000000 ____D () C:\Windows\jre
2015-04-02 19:18 - 2015-04-02 19:18 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2015-04-02 19:17 - 2015-04-02 19:18 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2015-04-02 19:17 - 2015-04-02 19:17 - 00000000 ___HD () C:\Users\Sotomone\InstallAnywhere
2015-04-02 08:24 - 2015-04-02 08:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-01 19:27 - 2015-04-01 19:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-01 19:27 - 2015-04-01 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-01 19:24 - 2015-04-01 19:24 - 00000000 ____D () C:\ProgramData\Sun
2015-04-01 19:19 - 2015-04-01 19:19 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2015-04-01 18:04 - 2015-04-01 18:04 - 00028770 _____ () C:\Users\Sotomone\Downloads\DxDiag.txt
2015-04-01 16:43 - 2015-03-13 13:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-01 16:43 - 2015-03-13 13:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-01 16:43 - 2015-03-13 13:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-01 16:43 - 2015-03-13 13:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-01 16:25 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-01 16:25 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-01 16:04 - 2015-04-01 16:04 - 00003146 _____ () C:\Windows\System32\Tasks\{B9F03B3E-28D6-4A2C-8716-0B090446D680}
2015-04-01 15:00 - 2015-04-01 16:25 - 00001339 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-04-01 14:57 - 2015-04-15 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-01 14:57 - 2015-04-01 16:24 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\NVIDIA Corporation
2015-04-01 14:57 - 2015-04-01 16:24 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\NVIDIA
2015-04-01 14:57 - 2015-03-27 21:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-01 14:57 - 2015-03-27 21:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-01 14:57 - 2015-03-27 21:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-01 14:57 - 2015-03-27 21:43 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-01 14:55 - 2015-04-08 18:58 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-01 14:55 - 2015-04-08 18:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-01 14:55 - 2015-04-08 18:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-01 14:55 - 2015-04-08 18:58 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-01 14:55 - 2015-04-08 18:58 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-01 14:55 - 2015-04-08 18:58 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-01 14:55 - 2014-11-22 04:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-04-01 14:55 - 2014-10-29 22:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2015-04-01 14:55 - 2014-10-29 22:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2015-04-01 14:51 - 2015-04-18 06:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-01 14:50 - 2015-04-15 07:44 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-01 14:50 - 2015-04-08 15:30 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-01 14:50 - 2015-04-08 15:30 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-01 14:50 - 2015-04-08 15:30 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-01 14:50 - 2015-04-08 15:30 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-01 14:50 - 2015-04-08 15:30 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-01 14:50 - 2015-04-08 15:30 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-01 14:50 - 2015-04-08 11:52 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-01 14:50 - 2015-04-01 16:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 07:07 - 2015-04-01 07:10 - 00000000 ____D () C:\Users\Sotomone\Documents\InfiniteCrisis
2015-04-01 07:07 - 2015-04-01 07:07 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\InfiniteCrisis
2015-04-01 04:21 - 2015-04-01 04:21 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\Turbine
2015-04-01 04:15 - 2015-04-15 05:20 - 00050227 _____ () C:\Windows\DirectX.log
2015-04-01 04:13 - 2015-04-01 04:13 - 00000000 ____D () C:\ProgramData\Turbine
2015-04-01 04:13 - 2015-04-01 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis
2015-03-30 05:25 - 2015-03-30 05:25 - 00000000 ____D () C:\ProgramData\ATI
2015-03-30 05:24 - 2015-03-30 05:24 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\AppEx Networks
2015-03-28 10:53 - 2015-03-31 15:24 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\CoCEd
2015-03-27 20:56 - 2015-03-23 23:37 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2015-03-26 22:14 - 2015-03-26 22:14 - 00000012 _____ () C:\Users\Sotomone\Documents\GFXSize.txt
2015-03-26 19:35 - 2015-04-08 21:04 - 00000285 _____ () C:\Users\Sotomone\Documents\BetaKeys.txt
2015-03-26 17:32 - 2015-03-26 17:32 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201503261732197208.log
2015-03-26 17:32 - 2015-03-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-03-26 17:32 - 2015-03-26 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-03-26 17:32 - 2015-03-26 17:32 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2015-03-26 17:32 - 2015-03-26 17:32 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-03-26 17:32 - 2014-10-28 14:24 - 00229056 _____ (AppEx Networks Corporation) C:\Windows\system32\Drivers\appexDrv.sys
2015-03-25 21:27 - 2015-03-26 15:41 - 00000195 _____ () C:\Users\Sotomone\Documents\Parts.txt
2015-03-25 18:05 - 2015-03-25 18:05 - 00000202 _____ () C:\Users\Sotomone\Documents\Instructions.txt
2015-03-25 03:57 - 2015-03-25 03:57 - 00000000 __SHD () C:\Users\Sotomone\AppData\Local\EmieBrowserModeList
2015-03-24 22:19 - 2015-03-10 22:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 22:19 - 2015-03-10 22:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 22:19 - 2015-03-10 22:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 22:19 - 2015-03-10 22:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 22:19 - 2015-03-10 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 22:19 - 2015-03-10 22:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 22:19 - 2015-03-10 22:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 22:19 - 2015-03-10 22:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 19:16 - 2015-03-24 19:16 - 00008373 _____ () C:\Users\Sotomone\Documents\Tara Phoenix.txt
2015-03-23 11:22 - 2015-03-23 11:22 - 00000000 ____D () C:\NVIDIA
2015-03-20 00:39 - 2015-03-20 00:39 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2015-03-20 00:31 - 2015-03-20 00:31 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2015-03-19 22:48 - 2015-03-19 22:48 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-03-19 22:48 - 2015-03-19 22:48 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-03-19 22:48 - 2015-03-19 22:48 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-03-19 22:48 - 2015-03-19 22:48 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-03-19 22:45 - 2015-03-19 22:45 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-03-19 22:43 - 2015-03-19 22:43 - 19338752 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-03-19 22:22 - 2015-03-19 22:22 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2015-03-19 22:21 - 2015-03-19 22:21 - 47902208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-03-19 22:21 - 2015-03-19 22:21 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-03-19 22:21 - 2015-03-19 22:21 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-03-19 22:21 - 2015-03-19 22:21 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-03-19 22:21 - 2015-03-19 22:21 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-03-19 22:17 - 2015-03-19 22:17 - 40989696 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-03-19 22:13 - 2015-03-19 22:13 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-19 22:13 - 2015-03-19 22:13 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-19 20:52 - 2015-03-19 20:52 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-03-19 20:48 - 2015-03-19 20:48 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-03-19 20:48 - 2015-03-19 20:48 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-03-19 20:47 - 2015-03-19 20:47 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-03-19 20:32 - 2015-03-19 20:32 - 23626752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-03-19 20:32 - 2015-03-19 20:32 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-03-19 20:28 - 2015-03-19 20:28 - 00639088 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2015-03-19 20:28 - 2015-03-19 20:28 - 00639088 _____ () C:\Windows\system32\atiapfxx.blb
2015-03-19 20:27 - 2015-03-19 20:27 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-03-19 20:27 - 2015-03-19 20:27 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-03-19 20:27 - 2015-03-19 20:27 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-03-19 20:27 - 2015-03-19 20:27 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-03-19 20:27 - 2015-03-19 20:27 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-03-19 20:27 - 2015-03-19 20:27 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-03-19 20:23 - 2015-03-19 20:23 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-03-19 20:18 - 2015-03-19 20:18 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-03-19 20:18 - 2015-03-19 20:18 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-03-19 20:11 - 2015-03-19 20:11 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-03-19 20:10 - 2015-03-19 20:10 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-03-19 20:09 - 2015-03-19 20:09 - 00776192 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-03-19 20:09 - 2015-03-19 20:09 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-03-19 20:09 - 2015-03-19 20:09 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-03-19 20:08 - 2015-03-19 20:08 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-03-19 20:07 - 2015-03-19 20:07 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-03-19 20:06 - 2015-03-19 20:06 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2015-03-19 19:55 - 2015-03-19 19:55 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2015-03-19 19:51 - 2015-03-19 19:51 - 00846848 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-03-19 19:44 - 2015-03-19 19:44 - 01218560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-03-19 19:44 - 2015-03-19 19:44 - 00905728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-03-19 19:44 - 2015-03-19 19:44 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-03-19 19:44 - 2015-03-19 19:44 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-03-19 19:44 - 2015-03-19 19:44 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-03-19 19:44 - 2015-03-19 19:44 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-03-19 19:44 - 2015-03-19 19:44 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-03-19 19:43 - 2015-03-19 19:43 - 00591872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-03-19 19:36 - 2015-03-19 19:36 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-18 06:42 - 2015-03-13 09:18 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\MyComGames
2015-04-18 06:42 - 2012-10-01 21:01 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\BitTorrent
2015-04-18 06:30 - 2012-10-01 23:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-18 06:16 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-18 06:16 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-18 06:13 - 2015-03-12 16:39 - 01706952 _____ () C:\Windows\WindowsUpdate.log
2015-04-18 06:08 - 2015-03-12 16:34 - 00008810 _____ () C:\Windows\setupact.log
2015-04-18 06:08 - 2015-03-12 16:33 - 00428736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 06:08 - 2012-10-01 20:33 - 00000000 ____D () C:\Users\Sotomone
2015-04-18 06:08 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-18 06:07 - 2015-03-13 14:25 - 00023420 _____ () C:\Windows\PFRO.log
2015-04-18 06:07 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-18 06:01 - 2014-04-15 22:43 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\TB
2015-04-18 06:01 - 2012-10-01 21:02 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\CRE
2015-04-18 01:30 - 2012-10-03 18:14 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\CrashDumps
2015-04-17 13:57 - 2012-10-13 13:50 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\SKIDROW
2015-04-17 13:53 - 2012-12-16 07:47 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-17 11:46 - 2012-10-11 05:35 - 00000000 ____D () C:\Games
2015-04-17 11:43 - 2012-12-19 02:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-17 11:41 - 2014-01-04 00:34 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-04-17 11:41 - 2014-01-04 00:34 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2015-04-17 11:41 - 2012-04-25 11:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-17 11:24 - 2012-12-26 18:38 - 00000000 ____D () C:\Program Files (x86)\Little Inferno
2015-04-17 11:15 - 2013-01-07 16:02 - 00000000 ____D () C:\Users\Sotomone\Documents\PCSX2
2015-04-17 11:14 - 2013-12-18 08:04 - 00000000 ____D () C:\illusion
2015-04-17 11:07 - 2014-09-12 12:32 - 00000000 ____D () C:\Program Files\OBS
2015-04-17 11:07 - 2014-09-12 12:32 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-17 11:00 - 2014-12-23 04:17 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-04-17 10:58 - 2012-12-15 23:47 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\vlc
2015-04-17 10:21 - 2012-12-19 02:07 - 00000000 ____D () C:\ProgramData\NexonUS
2015-04-16 11:58 - 2014-08-28 03:23 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSotomone
2015-04-16 11:58 - 2014-08-28 03:23 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForSotomone.job
2015-04-15 08:42 - 2012-10-04 03:11 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\Skype
2015-04-15 05:21 - 2012-10-20 22:57 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-15 05:21 - 2012-10-03 12:56 - 00000000 ____D () C:\Users\Sotomone\Documents\My Games
2015-04-14 19:31 - 2012-10-01 23:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 19:31 - 2012-10-01 23:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 19:31 - 2012-04-25 11:32 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 17:29 - 2012-10-03 12:12 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-13 12:09 - 2012-10-03 12:56 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\Skyrim
2015-04-12 13:17 - 2012-10-11 05:34 - 00000000 ____D () C:\Users\Sotomone\Documents\Nexus Mod Manager
2015-04-10 02:47 - 2013-06-15 11:43 - 00000000 ____D () C:\Program Files (x86)\Activision
2015-04-10 00:37 - 2012-12-16 07:47 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-04-09 22:42 - 2014-11-03 22:01 - 00000852 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2015-04-09 22:42 - 2014-11-03 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-04-09 22:41 - 2014-11-03 22:01 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2015-04-09 19:27 - 2010-11-21 01:16 - 00000000 ____D () C:\Windows\ShellNew
2015-04-09 19:23 - 2013-08-03 21:57 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\Battle.net
2015-04-09 19:21 - 2012-11-01 18:53 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\TeamViewer
2015-04-09 14:42 - 2013-10-15 21:14 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\.minecraft
2015-04-08 21:21 - 2015-03-12 16:35 - 00113688 _____ () C:\Users\Sotomone\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 20:58 - 2012-11-01 18:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-08 18:58 - 2015-02-20 01:18 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 16:39 - 2009-07-13 23:13 - 00006418 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 12:29 - 2013-03-12 09:04 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-04-08 11:55 - 2012-10-04 17:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-08 11:52 - 2012-10-01 20:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 09:53 - 2013-08-03 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-04-06 21:00 - 2013-08-03 21:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-04 11:16 - 2014-01-04 00:35 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\Awesomium
2015-04-02 15:40 - 2013-05-24 02:10 - 00000000 ____D () C:\ProgramData\Origin
2015-04-02 15:27 - 2014-11-02 11:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-01 19:28 - 2013-10-21 21:16 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-01 19:26 - 2013-08-02 05:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-01 19:19 - 2012-11-01 19:06 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-04-01 17:19 - 2014-11-14 13:13 - 00001286 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2015-04-01 17:03 - 2013-05-24 02:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-01 14:57 - 2013-10-28 08:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-01 14:50 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
2015-03-30 13:30 - 2012-10-03 20:20 - 00000000 ____D () C:\ProgramData\iolo
2015-03-27 20:56 - 2013-12-12 22:22 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2015-03-27 20:56 - 2013-12-12 22:22 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-03-27 20:56 - 2012-10-03 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-03-27 20:56 - 2009-07-13 21:20 - 00000000 __RSD () C:\Windows\Media
2015-03-26 17:32 - 2012-12-31 23:05 - 00000000 ____D () C:\ProgramData\AMD
2015-03-26 17:32 - 2012-04-25 11:20 - 00000000 ____D () C:\Program Files\AMD
2015-03-26 17:25 - 2013-02-25 14:16 - 00000000 ____D () C:\AMD
2015-03-26 14:50 - 2014-12-15 10:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 14:50 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 18:34 - 2013-07-23 01:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-25 03:57 - 2012-10-04 17:06 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-24 16:39 - 2014-07-15 14:10 - 00000881 _____ () C:\Users\Sotomone\Desktop\BitTorrent.lnk
2015-03-24 16:39 - 2013-08-15 08:15 - 00000861 _____ () C:\Users\Sotomone\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-23 23:52 - 2012-10-03 20:23 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2015-03-23 23:52 - 2012-10-03 20:23 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2015-03-23 23:37 - 2012-10-03 20:23 - 02096960 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2015-03-19 22:48 - 2011-10-24 06:20 - 01133664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-03-19 22:48 - 2011-10-24 06:19 - 01357168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-03-19 22:48 - 2011-10-24 06:12 - 09406112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-03-19 22:48 - 2011-10-24 06:03 - 11083488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-03-19 22:48 - 2011-10-24 05:55 - 07559840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-03-19 22:48 - 2011-10-24 05:53 - 07077264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-03-19 22:48 - 2011-10-24 05:39 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-03-19 22:48 - 2011-10-24 05:39 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-03-19 22:48 - 2011-10-24 05:39 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-03-19 22:48 - 2011-10-24 05:38 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-03-19 22:47 - 2011-10-24 06:04 - 08381280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-03-19 22:47 - 2011-10-24 05:48 - 08368872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll

==================== Files in the root of some directories =======

2012-11-14 08:26 - 2012-11-14 08:26 - 0000120 _____ () C:\Users\Sotomone\AppData\Roaming\8ed45aaf.dat
2012-10-26 02:29 - 2013-02-07 23:27 - 0703117 _____ () C:\Users\Sotomone\AppData\Roaming\technic-launcher.jar
2012-10-26 02:30 - 2012-10-26 02:30 - 0046080 ___SH () C:\Users\Sotomone\AppData\Roaming\Thumbs.db
2014-02-14 19:05 - 2014-02-14 19:05 - 0000000 ___SH () C:\Users\Sotomone\AppData\Local\LumaEmu
2014-12-31 10:45 - 2014-12-31 10:47 - 0007605 _____ () C:\Users\Sotomone\AppData\Local\Resmon.ResmonCfg
2014-03-15 14:18 - 2014-09-21 20:40 - 0000040 _____ () C:\ProgramData\DT0001.dat
2014-09-21 10:11 - 2014-09-21 20:40 - 0000040 _____ () C:\ProgramData\DT0006.dat

Files to move or delete:
====================
C:\ProgramData\DT0001.dat
C:\ProgramData\DT0006.dat
C:\Users\Sotomone\jagex_cl_runescape_LIVE.dat
C:\Users\Sotomone\random.dat


Some content of TEMP:
====================
C:\Users\Sotomone\AppData\Local\Temp\1377.exe
C:\Users\Sotomone\AppData\Local\Temp\coi.exe
C:\Users\Sotomone\AppData\Local\Temp\mox.exe
C:\Users\Sotomone\AppData\Local\Temp\Nexus Mod Manager-0.53.7.exe
C:\Users\Sotomone\AppData\Local\Temp\NGM.exe
C:\Users\Sotomone\AppData\Local\Temp\NGMDll.dll
C:\Users\Sotomone\AppData\Local\Temp\NGMResource.dll
C:\Users\Sotomone\AppData\Local\Temp\npnv3dv.dll
C:\Users\Sotomone\AppData\Local\Temp\nvImage.dll
C:\Users\Sotomone\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Sotomone\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Sotomone\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Sotomone\AppData\Local\Temp\nvStInst.exe
C:\Users\Sotomone\AppData\Local\Temp\oo2.exe
C:\Users\Sotomone\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sotomone\AppData\Local\Temp\SRLDetectionLibrary712873655054779341.dll
C:\Users\Sotomone\AppData\Local\Temp\supoptsetup.exe
C:\Users\Sotomone\AppData\Local\Temp\Uninstall.exe
C:\Users\Sotomone\AppData\Local\Temp\upcli.exe
C:\Users\Sotomone\AppData\Local\Temp\Vlc media player.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 16:55

==================== End Of Log ============================


Edited by Sindrono, 18 April 2015 - 10:37 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the AdwCleaner and MBAM logs please

Did you install MyComGames ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [WinCheck] => C:\Users\Sotomone\AppData\Local\322A9F80-1429332467-11E1-BD97-E840F2A6B1F5\bnsxF144.exe [193536 2015-04-17] ()
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\Run: [C3] => [X]
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [C3] => [X]
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Winsock: Catalog9 11 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 12 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 13 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 14 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll [2013-12-30] (Tencent)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [2013-03-29] ( )
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 lupuzyky; C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5\cnso3EE8.tmp [94720 2015-04-18] () [File not signed]
R2 tycubyto; C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5\snst789B.tmp [98304 2015-04-18] () [File not signed]
R2 zorevige; C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\jnsc41A1.tmp [226304 2015-04-18] () [File not signed]
R2 vipifumo; C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\nshFA20.tmpfs [X]
S3 GunBod; C:\Game\SoftnyxGame\GunboundIS\avital\gunbod64.sys [82320 2014-01-03] () [File not signed]
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
S3 nocashio; C:\Windows\SysWOW64\drivers\nocashio.sys [4096 2014-09-10] () [File not signed]
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2014-09-21] (TENCENT)
S1 QMUdisk; \??\c:\program files (x86)\bladensoul\QQPCMgr\8.11.11347.801\QMUdisk64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
2015-04-18 05:03 - 2015-04-18 05:04 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429333431-11E1-BD97-E840F2A6B1F5
2015-04-18 05:01 - 2015-04-18 05:01 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.14
2015-04-18 04:50 - 2015-04-18 06:14 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5
2015-04-18 04:50 - 2015-04-18 04:50 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5
2015-04-18 04:49 - 2015-04-18 04:49 - 00000000 ____D () C:\ProgramData\8ca32d2b00000451
2015-04-18 04:47 - 2015-04-18 04:47 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332467-11E1-BD97-E840F2A6B1F5
2015-04-18 04:46 - 2015-04-18 06:29 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5
2015-04-18 04:46 - 2015-04-18 04:46 - 00000000 ____D () C:\ProgramData\{fbeb714d-19fa-4f20-fbeb-b714d19fc534}
2015-04-15 01:30 - 2015-04-15 01:30 - 00003072 _____ () C:\Windows\System32\Tasks\{BBA56C63-3700-4EB4-BCA3-50428B78E188}
2015-04-15 01:23 - 2015-04-15 01:24 - 24173486 _____ () C:\Users\Sotomone\Downloads\Mirillis Action! 1.18.0 Multilanguage Crack .rar
2015-03-25 03:57 - 2015-03-25 03:57 - 00000000 __SHD () C:\Users\Sotomone\AppData\Local\EmieBrowserModeList
2012-11-14 08:26 - 2012-11-14 08:26 - 0000120 _____ () C:\Users\Sotomone\AppData\Roaming\8ed45aaf.dat
2014-03-15 14:18 - 2014-09-21 20:40 - 0000040 _____ () C:\ProgramData\DT0001.dat
2014-09-21 10:11 - 2014-09-21 20:40 - 0000040 _____ () C:\ProgramData\DT0006.dat
2015-04-17 03:52 - 2015-04-17 03:52 - 00000080 _____ () C:\Users\Sotomone\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
C:\Users\Sotomone\jagex_cl_runescape_LIVE.dat
C:\Users\Sotomone\random.dat
C:\Windows\SysWOW64\ierd_tgp_lsp.dll
C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5
C:\Program Files (x86)\Common Files\Tencent
C:\Game\SoftnyxGame
C:\Program Files (x86)\Infonaut_1.10.0.14
C:\Windows\SysWOW64\drivers\nocashio.sys
C:\Windows\system32\TesSafe.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
Sindrono

Sindrono

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Yes I did its the game launcher provided by Skyforge. I ran Avast and it detected a Malware and Adware and did a boot up clean not sure if anything is still in my computer here is the fixlog you requested.

 

This says Infonaut and Tencent is still in my computer I can't see either of those files.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-04-2015 01
Ran by Sotomone at 2015-04-19 10:42:06 Run:1
Running from C:\Users\Sotomone\Downloads
Loaded Profiles: Sotomone (Available profiles: Sotomone)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [WinCheck] => C:\Users\Sotomone\AppData\Local\322A9F80-1429332467-11E1-BD97-E840F2A6B1F5\bnsxF144.exe [193536 2015-04-17] ()
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\...\Run: [C3] => [X]
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [C3] => [X]
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Winsock: Catalog9 11 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 12 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 13 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
Winsock: Catalog9 14 C:\Windows\SysWOW64\ierd_tgp_lsp.dll [1322040] (Tencent)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll [2013-12-30] (Tencent)
FF Plugin-x32: @softnyxNpruntime -> C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll [2013-03-29] ( )
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 lupuzyky; C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5\cnso3EE8.tmp [94720 2015-04-18] () [File not signed]
R2 tycubyto; C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5\snst789B.tmp [98304 2015-04-18] () [File not signed]
R2 zorevige; C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\jnsc41A1.tmp [226304 2015-04-18] () [File not signed]
R2 vipifumo; C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5\nshFA20.tmpfs [X]
S3 GunBod; C:\Game\SoftnyxGame\GunboundIS\avital\gunbod64.sys [82320 2014-01-03] () [File not signed]
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
S3 nocashio; C:\Windows\SysWOW64\drivers\nocashio.sys [4096 2014-09-10] () [File not signed]
S3 TesSafe; C:\Windows\system32\TesSafe.sys [910992 2014-09-21] (TENCENT)
S1 QMUdisk; \??\c:\program files (x86)\bladensoul\QQPCMgr\8.11.11347.801\QMUdisk64.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
2015-04-18 05:03 - 2015-04-18 05:04 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429333431-11E1-BD97-E840F2A6B1F5
2015-04-18 05:01 - 2015-04-18 05:01 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.14
2015-04-18 04:50 - 2015-04-18 06:14 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5
2015-04-18 04:50 - 2015-04-18 04:50 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5
2015-04-18 04:49 - 2015-04-18 04:49 - 00000000 ____D () C:\ProgramData\8ca32d2b00000451
2015-04-18 04:47 - 2015-04-18 04:47 - 00000000 ____D () C:\Users\Sotomone\AppData\Local\322A9F80-1429332467-11E1-BD97-E840F2A6B1F5
2015-04-18 04:46 - 2015-04-18 06:29 - 00000000 ____D () C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5
2015-04-18 04:46 - 2015-04-18 04:46 - 00000000 ____D () C:\ProgramData\{fbeb714d-19fa-4f20-fbeb-b714d19fc534}
2015-04-15 01:30 - 2015-04-15 01:30 - 00003072 _____ () C:\Windows\System32\Tasks\{BBA56C63-3700-4EB4-BCA3-50428B78E188}
2015-04-15 01:23 - 2015-04-15 01:24 - 24173486 _____ () C:\Users\Sotomone\Downloads\Mirillis Action! 1.18.0 Multilanguage Crack .rar
2015-03-25 03:57 - 2015-03-25 03:57 - 00000000 __SHD () C:\Users\Sotomone\AppData\Local\EmieBrowserModeList
2012-11-14 08:26 - 2012-11-14 08:26 - 0000120 _____ () C:\Users\Sotomone\AppData\Roaming\8ed45aaf.dat
2014-03-15 14:18 - 2014-09-21 20:40 - 0000040 _____ () C:\ProgramData\DT0001.dat
2014-09-21 10:11 - 2014-09-21 20:40 - 0000040 _____ () C:\ProgramData\DT0006.dat
2015-04-17 03:52 - 2015-04-17 03:52 - 00000080 _____ () C:\Users\Sotomone\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
C:\Users\Sotomone\jagex_cl_runescape_LIVE.dat
C:\Users\Sotomone\random.dat
C:\Windows\SysWOW64\ierd_tgp_lsp.dll
C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5
C:\Program Files (x86)\Common Files\Tencent
C:\Game\SoftnyxGame
C:\Program Files (x86)\Infonaut_1.10.0.14
C:\Windows\SysWOW64\drivers\nocashio.sys
C:\Windows\system32\TesSafe.sys
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinCheck => Value not found.
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\Software\Microsoft\Windows\CurrentVersion\Run\\C3 => value deleted successfully.
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\C3 => Value not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-912533357-4246775236-1158634775-1000-{{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => Key not found.
Winsock: Catalog entry 000000000011 => Not found.
Winsock: Catalog entry 000000000012 => Not found.
Winsock: Catalog entry 000000000013 => Not found.
Winsock: Catalog entry 000000000014 => Not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/TXSSO => Key not found.
C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.37\Bin\npSSOAxCtrlForPTLogin.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@softnyxNpruntime => Key not found.
C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll not found.
insvc_1.10.0.14 => Service not found.
lupuzyky => Service not found.
tycubyto => Service not found.
zorevige => Service not found.
vipifumo => Service not found.
GunBod => Service deleted successfully.
innfd_1_10_0_14 => Service not found.
nocashio => Service deleted successfully.
TesSafe => Service deleted successfully.
QMUdisk => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
X6va021 => Service deleted successfully.
X6va022 => Service deleted successfully.
X6va027 => Service deleted successfully.
X6va029 => Service deleted successfully.
"C:\Users\Sotomone\AppData\Local\322A9F80-1429333431-11E1-BD97-E840F2A6B1F5" => File/Directory not found.
"C:\Program Files (x86)\Infonaut_1.10.0.14" => File/Directory not found.
"C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5" => File/Directory not found.
"C:\Users\Sotomone\AppData\Local\322A9F80-1429332613-11E1-BD97-E840F2A6B1F5" => File/Directory not found.
"C:\ProgramData\8ca32d2b00000451" => File/Directory not found.
C:\Users\Sotomone\AppData\Local\322A9F80-1429332467-11E1-BD97-E840F2A6B1F5 => Moved successfully.
"C:\Users\Sotomone\AppData\Roaming\322A9F80-1429353995-11E1-BD97-E840F2A6B1F5" => File/Directory not found.
C:\ProgramData\{fbeb714d-19fa-4f20-fbeb-b714d19fc534} => Moved successfully.
C:\Windows\System32\Tasks\{BBA56C63-3700-4EB4-BCA3-50428B78E188} => Moved successfully.
C:\Users\Sotomone\Downloads\Mirillis Action! 1.18.0 Multilanguage Crack .rar => Moved successfully.
C:\Users\Sotomone\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Users\Sotomone\AppData\Roaming\8ed45aaf.dat => Moved successfully.
C:\ProgramData\DT0001.dat => Moved successfully.
C:\ProgramData\DT0006.dat => Moved successfully.
C:\Users\Sotomone\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => Moved successfully.
C:\Users\Sotomone\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Sotomone\random.dat => Moved successfully.
C:\Windows\SysWOW64\ierd_tgp_lsp.dll => Moved successfully.
"C:\Users\Sotomone\AppData\Local\322A9F80-1429332632-11E1-BD97-E840F2A6B1F5" => File/Directory not found.
C:\Program Files (x86)\Common Files\Tencent => Moved successfully.
"C:\Game\SoftnyxGame" => File/Directory not found.
"C:\Program Files (x86)\Infonaut_1.10.0.14" => File/Directory not found.
C:\Windows\SysWOW64\drivers\nocashio.sys => Moved successfully.
C:\Windows\system32\TesSafe.sys => Moved successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-912533357-4246775236-1158634775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4dcc:ab2d:ecdd:4952%13
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{F3113140-7E01-43DF-BAD5-6916E268651D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::4dcc:ab2d:ecdd:4952%13
   IPv4 Address. . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Tunnel adapter isatap.{F3113140-7E01-43DF-BAD5-6916E268651D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:ce:dbb:3f57:fffd
   Link-local IPv6 Address . . . . . : fe80::ce:dbb:3f57:fffd%12
   Default Gateway . . . . . . . . . : ::

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {C28792F9-8144-40FB-8012-FC5BB11A73B5}.
{73D22CED-C734-4360-89B1-2FDBE13EDBF6} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 985.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 10:43:57 ====


Edited by Sindrono, 19 April 2015 - 10:58 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ho0w is the computer behaving at the moment ?
  • 0

#5
Sindrono

Sindrono

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

CPU Usage is between 0-3% was going up to 9% and memory is actually staying at 32% right now. With Skype and this browser open, no sign of lagging or anything. With skype closed goes to 29%.


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

nvstreamsvc.exe
nvvsvc.exe
nvxdsync.exe
conhost.exe
csrss.exe

 

These are legitimate entries

 

Any sign left of the miscreants ?


  • 0

#7
Sindrono

Sindrono

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hmm I'll go ahead and provide a screen shot of my task manager. But no sign of the rogue programs nothing seems to be trying to run programs anymore as I can play a game full screen without it lowering.

 

m9qdm9.png


Edited by Sindrono, 19 April 2015 - 02:30 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They all look good :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#9
Sindrono

Sindrono

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Alright following your guide now thank you. As for Java the latest version of firefox doesn't give a disable option but its set to ask to activate. As for the Java installed on my computer if I'm right Minecraft uses it maybe some other games not too sure what all uses it anymore.

 

One last question though what is current the best antivirus to prevent adware, malware, and other such viruses? From my understanding Avast is starting to fall behind.


Edited by Sindrono, 19 April 2015 - 03:02 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Good question as I use Avast and have done so since it came out with a few deviations to try others. But, it is not set to its best in default mode

You could try AVG as I do hear that it is not to bad, a bit heavy but passable

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"
pups.JPG
  • 0

#11
Sindrono

Sindrono

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Scratch what I said just had a update and now they look the same.


Edited by Sindrono, 19 April 2015 - 03:42 PM.

  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP