Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible backdoor infection [Solved]

backdoor

  • This topic is locked This topic is locked

#1
paxwell

paxwell

    New Member

  • Member
  • Pip
  • 4 posts

Hello everyone,

I am new here.

 

Right so I will start off, couple of days ago I found weird process in my task manager. Called ceasebightyowl.exe which turned out to be Backdoor.MSIL.PGen 

, I also noticed that my Windows Defender protection was turned off, I use MBAM premium with real time protection and Windows Defender as I don't see the need to use 3rd party Antivirus.

 

Now, I use Windows 8.1 Pro. I managed to "get rid" of this crap by scanning my computer with MBAM, Windows Defender, Kaspersky TDSSKiller, iExplore(rkill), adwcleaner, mbar, mbae and Windows *Secure?* tool or something I don't remember the name of it.

 

None of the scans shown anything, my computer seems to be clean. However, I keep very sensitive data on it regarding business and other strictly confidential data. 

 

My task manager also seems(?) to be clean.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Mac (administrator) on MACPC on 29-04-2015 22:07:45
Running from C:\Users\Mac\Desktop
Loaded Profiles: Mac (Available profiles: Mac)
Platform: Windows 8.1 Pro (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) E:\Additional Software\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(LENOVO) C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\set\logonsetsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(LENOVO) C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\ThinkPadKBSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\set\logonset.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\MainCpl.exe
() C:\Users\Mac\Desktop\Applications\utorrent.exe
(Chicony) C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\osd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\HScrollFun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\SetSpeed.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\SpotifyCrashService.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [aRunMaincpl] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\MainCpl.exe [56320 2013-03-18] ()
HKLM\...\Run: [aOSD] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\osd.exe [117072 2013-08-29] (Chicony)
HKLM\...\Run: [aHScrollutility] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\HScrollFun.exe [72016 2013-07-22] (Lenovo)
HKLM\...\Run: [aSetSpeed] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\SetSpeed.exe [63824 2013-04-08] (Lenovo)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [aHScrollutility] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\HScrollFun.exe [72016 2013-07-22] (Lenovo)
HKLM-x32\...\Run: [aOSD] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\osd.exe [117072 2013-08-29] (Chicony)
HKLM-x32\...\Run: [aSetSpeed] => C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\SetSpeed.exe [63824 2013-04-08] (Lenovo)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31282304 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [DAEMON Tools Lite] => E:\Program files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [GoogleChromeAutoLaunch_DBC3D4352A5484FFEC5A194662F5C082] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [EADM] => E:\Origin\Origin.exe [3632472 2015-04-11] (Electronic Arts)
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [SandboxieControl] => E:\Additional Software\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [Icons8] => "E:\Additional Software\Icons8 App\Icons8.exe"
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [Spotify Web Helper] => C:\Users\Mac\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-23] (Spotify Ltd)
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [Spotify] => C:\Users\Mac\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-23] (Spotify Ltd)
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\MountPoints2: {535267c2-9e84-11e4-825f-28b2bdf0496a} - "I:\vs_professional.exe" 
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2891121944-1307343904-156153319-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-01-17] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-17] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-17] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3016EC49-0B2F-4E6F-B6F7-9491DF121DC4}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-17]
CHR Extension: (Google Docs) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-17]
CHR Extension: (Google Drive) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (WOT) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-17]
CHR Extension: (YouTube) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Adblock Plus) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-17]
CHR Extension: (Google Search) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Tampermonkey) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-02-14]
CHR Extension: (Google Sheets) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-17]
CHR Extension: (Hola Better Internet) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-01-17]
CHR Extension: (Bookmark Manager) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Disconnect) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-01-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (SmoothScroll) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-02-26]
CHR Extension: (Google Wallet) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2015-04-16]
CHR Extension: (Gmail) - C:\Users\Mac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [345912 2014-08-29] (ASUSTeK)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2013-08-22] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [102152 2014-05-09] (ELAN Microelectronics Corp.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [125168 2014-12-03] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 logonsetsvc; C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\set\logonsetsvc.exe [250024 2013-04-23] (LENOVO)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [1931632 2015-04-11] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-03-20] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-20] ()
R2 SbieSvc; E:\Additional Software\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 ThinkPadKBSvc; C:\Program Files (x86)\LENOVO\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\ThinkPadKBSvc.exe [250192 2013-03-22] (LENOVO)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-03-14] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-17] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2015-03-11] (Sony Mobile Communications)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2014-10-27] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [230128 2014-12-03] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-10-27] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [48336 2014-03-27] (Titan ARC Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-10-27] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-10-27] (Microsoft Corporation)
R3 SbieDrv; E:\Additional Software\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-10-27] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 22:07 - 2015-04-29 22:08 - 00032867 _____ () C:\Users\Mac\Desktop\FRST.txt
2015-04-29 22:07 - 2015-04-29 22:07 - 02101248 _____ (Farbar) C:\Users\Mac\Desktop\FRST64.exe
2015-04-29 22:07 - 2015-04-29 22:07 - 00000000 ____D () C:\FRST
2015-04-29 16:28 - 2015-04-29 16:28 - 00014336 ___SH () C:\Users\Mac\Downloads\Thumbs.db
2015-04-29 09:50 - 2015-04-29 09:50 - 1025688562 ____N () C:\Windows\MEMORY.DMP
2015-04-29 09:50 - 2015-04-29 09:50 - 00368472 _____ () C:\Windows\Minidump\042915-9671-01.dmp
2015-04-27 21:57 - 2015-04-27 22:02 - 00000000 ____D () C:\AdwCleaner
2015-04-27 21:57 - 2015-04-27 21:57 - 00002564 _____ () C:\Users\Mac\Desktop\Rkill.txt
2015-04-27 13:22 - 2015-04-27 13:22 - 02342841 _____ () C:\Users\Mac\Desktop\kosmetyczka.psd
2015-04-26 12:13 - 2015-04-27 22:03 - 00004306 _____ () C:\Windows\PFRO.log
2015-04-26 12:02 - 2015-04-26 12:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-26 12:00 - 2015-04-26 12:01 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
2015-04-26 12:00 - 2015-04-26 12:01 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
2015-04-26 11:52 - 2015-04-29 18:04 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-26 11:52 - 2015-04-26 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-26 11:52 - 2015-04-26 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-26 11:49 - 2015-04-26 11:49 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-04-26 11:49 - 2015-04-26 11:49 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-04-26 11:49 - 2015-04-26 11:49 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-04-26 11:49 - 2015-04-26 11:49 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-04-26 11:49 - 2015-04-26 11:49 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-04-26 11:49 - 2015-04-26 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-04-26 11:49 - 2015-04-26 11:49 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-04-26 11:06 - 2015-04-26 11:06 - 01769552 _____ () C:\Windows\Minidump\042615-10640-01.dmp
2015-04-26 11:06 - 2015-04-26 11:06 - 00000000 ____D () C:\ProgramData\Digger
2015-04-25 21:32 - 2015-04-25 21:32 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\NuGet
2015-04-25 21:24 - 2015-03-14 01:18 - 13784064 _____ (Microsoft Corporation) C:\Windows\system32\vmms.exe
2015-04-25 21:16 - 2015-04-29 09:50 - 00001856 _____ () C:\Windows\setupact.log
2015-04-25 21:16 - 2015-04-25 21:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-25 21:06 - 2015-04-29 10:02 - 27590656 _____ () C:\Windows\system32\vmguest.iso
2015-04-25 21:05 - 2015-04-25 21:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools
2015-04-25 21:05 - 2015-04-25 21:05 - 00000000 ____D () C:\Windows\vmguest
2015-04-25 21:05 - 2015-04-25 21:05 - 00000000 ____D () C:\Windows\system32\BestPractices
2015-04-25 21:05 - 2015-04-25 21:05 - 00000000 ____D () C:\Users\Public\Documents\Hyper-V
2015-04-25 21:05 - 2015-04-25 21:05 - 00000000 ____D () C:\Program Files\Hyper-V
2015-04-25 20:49 - 2015-04-25 20:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 12.0
2015-04-25 20:48 - 2015-04-25 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-04-25 20:48 - 2015-04-25 20:48 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2015-04-25 20:47 - 2015-04-25 20:47 - 00000000 ____D () C:\Program Files (x86)\AppInsights
2015-04-25 20:46 - 2015-04-25 21:37 - 00000000 ____D () C:\Users\Mac\Documents\Visual Studio 2013
2015-04-25 20:46 - 2015-04-25 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2015-04-25 20:46 - 2015-04-25 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.0
2015-04-25 20:46 - 2015-04-25 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2015-04-25 20:45 - 2015-04-25 20:47 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-04-25 20:45 - 2015-04-25 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-04-25 20:45 - 2015-04-25 20:45 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-04-25 20:45 - 2015-04-25 20:45 - 00000000 ____D () C:\Program Files\Application Verifier
2015-04-25 20:45 - 2015-04-25 20:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-04-25 20:45 - 2015-04-25 20:45 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2015-04-25 20:44 - 2015-04-25 20:47 - 00000000 ____D () C:\Program Files\IIS Express
2015-04-25 20:44 - 2015-04-25 20:47 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2015-04-25 20:44 - 2015-04-25 20:44 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2015-04-25 20:44 - 2015-04-25 20:44 - 00000000 ____D () C:\ProgramData\NuGet
2015-04-25 20:44 - 2015-04-25 20:44 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-04-25 20:44 - 2015-04-25 20:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-04-25 20:44 - 2015-04-25 20:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2015-04-25 20:43 - 2015-04-25 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-04-25 20:43 - 2015-04-25 20:43 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2015-04-25 20:43 - 2015-04-25 20:43 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
2015-04-25 20:43 - 2015-04-25 20:43 - 00000000 ____D () C:\Program Files\IIS
2015-04-25 20:43 - 2015-04-25 20:43 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools
2015-04-25 20:43 - 2015-04-25 20:43 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK
2015-04-25 20:43 - 2015-04-25 20:43 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-04-25 20:42 - 2015-04-25 20:46 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2015-04-25 20:42 - 2015-04-25 20:43 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-04-25 20:42 - 2015-04-25 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-04-25 20:42 - 2015-04-25 20:42 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2015-04-25 20:41 - 2015-04-25 21:16 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-04-25 20:41 - 2015-04-25 21:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-25 20:41 - 2015-04-25 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-04-25 20:41 - 2015-04-25 20:42 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-04-25 20:40 - 2015-04-25 20:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-04-25 20:40 - 2015-04-25 20:41 - 00000000 ____D () C:\Windows\system32\1033
2015-04-25 20:40 - 2015-04-25 20:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2015-04-25 20:40 - 2015-04-25 20:40 - 00000000 ____D () C:\Windows\symbols
2015-04-25 20:40 - 2015-04-25 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-04-25 20:40 - 2015-04-25 20:40 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2015-04-25 20:40 - 2015-04-25 20:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-04-25 17:54 - 2015-04-25 17:54 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\e-academy Inc
2015-04-25 17:54 - 2015-04-25 17:54 - 00000000 ____D () C:\Users\Mac\AppData\Local\e-academy Inc
2015-04-25 17:43 - 2015-04-26 21:58 - 00000000 ____D () C:\Users\Mac\Desktop\GTA 5 SDK
2015-04-25 16:38 - 2015-04-25 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Running With Scissors
2015-04-23 11:35 - 2015-04-23 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-04-20 21:32 - 2015-04-24 20:33 - 00000080 _____ () C:\Users\Mac\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-20 21:31 - 2015-04-20 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-04-16 23:06 - 2015-04-16 23:06 - 00000000 ____D () C:\Users\Mac\AppData\Local\Spoon
2015-04-16 09:36 - 2015-04-16 09:36 - 00000000 ____D () C:\ProgramData\Brother
2015-04-16 09:35 - 2015-04-29 09:50 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-04-15 20:40 - 2015-04-15 20:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 19:40 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 19:40 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 19:40 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-15 19:40 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 19:40 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-15 19:40 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 19:40 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 19:40 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 19:40 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 19:40 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 19:40 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 19:40 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 19:40 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-15 19:40 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 19:40 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 19:40 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-15 19:40 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-15 19:40 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-15 19:40 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-15 19:40 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 19:40 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-15 19:40 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-15 19:40 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 19:40 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 19:40 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 19:40 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 19:40 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 19:40 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 19:40 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 19:40 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 19:40 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-15 19:40 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-15 19:40 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 19:40 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 19:40 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 19:40 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 19:40 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 19:40 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 19:40 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 19:40 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 19:40 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 19:40 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 19:40 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 19:40 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 19:40 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 19:40 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 19:40 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 19:40 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 19:40 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-15 19:40 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 19:40 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 19:40 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 19:40 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 19:40 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-15 19:40 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-15 19:40 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 19:40 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 19:40 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 19:40 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-15 19:40 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 19:40 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 19:40 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 19:40 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 19:40 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 19:40 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 19:40 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-15 19:40 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 19:40 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 19:40 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 19:40 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-15 19:40 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 09:48 - 2015-04-08 21:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-14 09:47 - 2015-04-09 01:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-14 09:47 - 2015-04-09 01:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00849552 _____ () C:\Windows\system32\nvmcumd.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-14 09:47 - 2015-04-09 01:58 - 00100680 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-04-14 09:47 - 2015-04-09 01:58 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-04-14 09:47 - 2015-04-09 01:58 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-13 22:34 - 2015-04-20 21:32 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-13 22:34 - 2015-04-20 21:32 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-13 19:54 - 2015-04-21 11:33 - 00000100 _____ () C:\Users\Mac\Desktop\New Text Document (4).txt
2015-04-10 12:59 - 2015-04-10 12:59 - 00000023 _____ () C:\Users\Mac\Desktop\business.txt
2015-04-10 10:34 - 2015-04-10 12:20 - 00000000 ____D () C:\Users\Mac\Desktop\EBAY MINECRAFT
2015-04-07 16:08 - 2015-04-07 16:08 - 00000000 ____D () C:\Users\Mac\Desktop\Bank Simple
2015-04-06 21:57 - 2015-04-06 21:29 - 08174546 _____ () C:\Users\Mac\Desktop\Bank_Simple.zip
2015-04-06 09:14 - 2015-04-06 09:14 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-06 09:14 - 2015-04-06 09:14 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 23:44 - 2015-04-25 21:19 - 00000000 ____D () C:\Users\Mac\.atom
2015-04-03 23:44 - 2015-04-03 23:44 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-04-03 23:44 - 2015-04-03 23:44 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\Atom
2015-04-03 23:43 - 2015-04-03 23:44 - 00000000 ____D () C:\Users\Mac\AppData\Local\SquirrelTemp
2015-04-03 23:43 - 2015-04-03 23:44 - 00000000 ____D () C:\Users\Mac\AppData\Local\atom
2015-04-03 13:36 - 2015-04-03 13:36 - 00000000 ____D () C:\Users\Mac\Desktop\efs
2015-04-03 13:00 - 2015-04-03 17:12 - 00000000 ____D () C:\Users\Mac\Documents\Scan
2015-04-03 12:51 - 2015-04-19 20:52 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-04-03 12:48 - 2015-04-03 12:54 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-04-03 12:48 - 2015-04-03 12:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-04-03 12:48 - 2015-04-03 12:48 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent
2015-04-03 12:48 - 2014-03-27 06:12 - 00152896 ____R () C:\Windows\Wiainst64.exe
2015-04-03 12:48 - 2013-02-22 13:29 - 00365568 _____ () C:\Windows\system32\SaMinDrv.dll
2015-04-03 12:48 - 2013-02-22 13:29 - 00112128 _____ () C:\Windows\system32\SaImgFlt.dll
2015-04-03 12:48 - 2013-02-22 13:29 - 00055296 _____ () C:\Windows\system32\SaErHdlr.dll
2015-04-03 12:47 - 2015-04-03 12:47 - 00000000 ___RD () C:\Sandbox
2015-04-03 12:47 - 2014-03-26 14:26 - 03112960 _____ () C:\Windows\system32\eed_ec.dll
2015-04-03 12:47 - 2014-03-26 14:26 - 00686384 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2015-04-03 12:47 - 2013-11-14 03:56 - 00226424 _____ () C:\Windows\system32\SBuySupplies.exe
2015-04-03 12:47 - 2013-07-05 07:15 - 00094208 ____N () C:\Windows\SysWOW64\ssdevm.dll
2015-04-03 12:47 - 2013-07-05 07:15 - 00091136 ____N () C:\Windows\system32\ssdevm64.dll
2015-04-03 12:47 - 2013-06-02 03:38 - 00053248 _____ () C:\Windows\SysWOW64\Ssusbpn.dll
2015-04-03 12:47 - 2013-06-02 03:38 - 00049152 _____ () C:\Windows\system32\Ssusbp64.dll
2015-04-03 12:47 - 2013-05-29 13:01 - 00034304 _____ () C:\Windows\system32\ssm4mlm.dll
2015-04-03 12:47 - 2013-05-29 13:01 - 00000359 _____ () C:\Windows\system32\ssm4mlm.smt
2015-04-03 12:47 - 2013-05-29 13:00 - 00158040 _____ (SS) C:\Windows\system32\ssm4mci.exe
2015-04-03 12:47 - 2013-05-29 13:00 - 00089600 _____ (SS) C:\Windows\system32\ssm4mci.dll
2015-03-30 21:15 - 2015-03-30 21:48 - 00000000 ____D () C:\Users\Mac\Documents\BFBC2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-29 22:06 - 2014-03-18 16:26 - 00913654 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-29 22:03 - 2015-01-25 15:50 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\uTorrent
2015-04-29 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-29 21:48 - 2015-01-17 16:51 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\Skype
2015-04-29 21:26 - 2015-01-17 22:16 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 21:23 - 2015-01-17 20:57 - 00000093 _____ () C:\Users\Mac\AppData\Roaming\sp_data.sys
2015-04-29 21:23 - 2015-01-17 15:38 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\Spotify
2015-04-29 16:13 - 2014-10-27 11:56 - 01319562 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 14:42 - 2015-01-30 15:18 - 00004952 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MacPC-Mac MacPC
2015-04-29 14:28 - 2015-01-19 17:33 - 00000000 ____D () C:\Users\Mac\AppData\Local\Adobe
2015-04-29 14:23 - 2015-01-17 22:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-29 14:23 - 2015-01-17 22:17 - 00000000 ____D () C:\ProgramData\Skype
2015-04-29 14:23 - 2015-01-17 15:39 - 00000000 ____D () C:\Users\Mac\AppData\Local\Spotify
2015-04-29 14:22 - 2015-01-30 15:17 - 00000000 __RDO () C:\Users\Mac\OneDrive
2015-04-29 14:22 - 2015-01-17 22:22 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0329bb8ef2468.job
2015-04-29 14:22 - 2015-01-17 22:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-29 09:50 - 2015-03-18 20:51 - 00000000 ____D () C:\Windows\Minidump
2015-04-29 09:50 - 2015-01-22 11:53 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-04-29 09:50 - 2014-10-27 12:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-29 09:50 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-28 22:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-27 22:03 - 2015-02-19 00:15 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-04-27 22:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-27 14:20 - 2015-01-19 20:22 - 00000000 ____D () C:\ProgramData\Origin
2015-04-27 13:22 - 2015-01-17 20:57 - 00000000 ____D () C:\Users\Mac
2015-04-27 12:32 - 2015-01-17 21:02 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2891121944-1307343904-156153319-1001
2015-04-27 12:27 - 2015-02-14 16:58 - 00795136 ___SH () C:\Users\Mac\Desktop\Thumbs.db
2015-04-27 11:49 - 2015-01-17 22:29 - 00000000 ____D () C:\eclipse
2015-04-26 12:18 - 2015-01-28 23:13 - 00000000 ____D () C:\Program Files\Recuva
2015-04-26 12:18 - 2015-01-19 17:47 - 00000000 ___RD () C:\Users\Mac\Desktop\Applications
2015-04-26 12:13 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-26 12:13 - 2013-08-22 15:44 - 00583648 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-26 12:02 - 2015-01-17 22:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 12:00 - 2014-10-27 11:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-26 11:52 - 2015-01-17 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 11:52 - 2015-01-17 22:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 11:06 - 2015-03-17 22:40 - 00002220 _____ () C:\Windows\SysWOW64\leninherdsown.bin
2015-04-25 22:22 - 2015-02-06 23:58 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\vlc
2015-04-25 21:13 - 2015-03-04 21:26 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\TeamViewer
2015-04-25 21:13 - 2015-02-04 18:56 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\FileZilla
2015-04-25 21:13 - 2015-01-17 15:32 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\DAEMON Tools Lite
2015-04-25 21:13 - 2014-10-27 12:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-25 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-04-25 21:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\schemas
2015-04-25 20:49 - 2015-03-12 20:44 - 06287360 _____ (Microsoft Corporation) C:\Windows\system32\vmwp.exe
2015-04-25 20:49 - 2015-03-12 20:43 - 00704000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wnv.sys
2015-04-25 20:49 - 2015-03-12 20:43 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\vsconfig.dll
2015-04-25 20:49 - 2015-03-12 20:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\wnvapi.dll
2015-04-25 20:49 - 2015-03-12 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\RdvGpuInfo.dll
2015-04-25 20:49 - 2015-01-17 15:31 - 01429336 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2015-04-25 20:49 - 2015-01-17 15:31 - 01390936 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2015-04-25 20:49 - 2015-01-17 15:31 - 01378648 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2015-04-25 20:49 - 2015-01-17 15:31 - 01263960 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2015-04-25 20:49 - 2015-01-17 15:31 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\synthnic.dll
2015-04-25 20:49 - 2015-01-17 15:31 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\EmulatedNic.dll
2015-04-25 20:46 - 2014-05-16 00:26 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-25 20:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-25 20:44 - 2015-03-03 23:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-25 20:43 - 2014-05-16 00:26 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-25 17:57 - 2015-01-19 17:48 - 00000000 ___RD () C:\Users\Mac\Desktop\Games
2015-04-25 16:50 - 2015-03-20 00:10 - 00000940 _____ () C:\Users\Public\Desktop\Battlefield 4 CTE.lnk
2015-04-25 16:50 - 2015-03-20 00:10 - 00000924 _____ () C:\Users\Public\Desktop\Battlefield 4 CTE(64 bit).lnk
2015-04-23 11:35 - 2015-01-17 16:14 - 00000424 _____ () C:\Users\Mac\AppData\Local\UserProducts.xml
2015-04-21 14:57 - 2015-01-17 20:57 - 00000000 ____D () C:\Users\Mac\AppData\Local\Packages
2015-04-20 21:31 - 2014-10-27 11:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-19 21:36 - 2015-01-19 20:46 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\Origin
2015-04-16 21:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-04-16 14:00 - 2015-02-22 13:49 - 00000000 ___RD () C:\Users\Mac\Desktop\Dev
2015-04-16 13:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 20:45 - 2015-03-06 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2015-04-15 20:40 - 2015-03-16 13:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 20:40 - 2015-01-17 16:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 20:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2015-04-15 20:38 - 2015-01-17 16:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 19:40 - 2015-01-17 22:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 09:49 - 2014-10-27 12:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-14 09:48 - 2014-10-27 12:01 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-14 09:38 - 2015-01-17 22:19 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-01-17 22:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-14 00:24 - 2013-08-22 16:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:24 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 22:34 - 2015-01-24 16:43 - 00000000 ____D () C:\Users\Mac\Documents\Rockstar Games
2015-04-13 22:33 - 2015-01-24 16:37 - 00000000 ____D () C:\Users\Mac\AppData\Local\Rockstar Games
2015-04-11 13:02 - 2015-02-19 00:14 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-11 12:53 - 2015-02-19 00:14 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-11 11:09 - 2015-01-17 20:57 - 00000000 ____D () C:\Users\Mac\AppData\Local\VirtualStore
2015-04-10 11:37 - 2015-02-20 16:30 - 00001456 _____ () C:\Users\Mac\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-04-09 12:01 - 2015-03-02 23:45 - 00001560 _____ () C:\Windows\Sandboxie.ini
2015-04-09 01:58 - 2014-10-27 12:01 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 00078480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 00066704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-09 01:58 - 2014-10-27 12:01 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 22:30 - 2014-10-27 12:01 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 22:30 - 2014-10-27 12:01 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 22:30 - 2014-10-27 12:01 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 22:30 - 2014-10-27 12:01 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 22:30 - 2014-10-27 12:01 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 22:30 - 2014-10-27 12:01 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 18:52 - 2014-10-27 12:01 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-05 14:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-03 12:50 - 2015-02-18 19:06 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-04-03 12:48 - 2015-02-18 19:11 - 00000000 ____D () C:\ProgramData\Samsung
2015-04-03 12:48 - 2015-02-18 19:06 - 00000000 ____D () C:\Users\Mac\AppData\Roaming\Samsung
2015-04-02 09:02 - 2015-01-17 15:39 - 00001828 _____ () C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

==================== Files in the root of some directories =======

2015-01-17 20:57 - 2015-04-29 21:23 - 0000093 _____ () C:\Users\Mac\AppData\Roaming\sp_data.sys
2015-02-20 16:30 - 2015-04-10 11:37 - 0001456 _____ () C:\Users\Mac\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-17 16:14 - 2014-11-18 13:32 - 0145792 _____ () C:\Users\Mac\AppData\Local\downloader.exe
2015-01-17 16:14 - 2015-01-17 16:14 - 0000003 _____ () C:\Users\Mac\AppData\Local\updater.log
2015-01-17 16:14 - 2015-04-23 11:35 - 0000424 _____ () C:\Users\Mac\AppData\Local\UserProducts.xml
2015-01-18 20:54 - 2015-01-18 20:54 - 0000080 _____ () C:\Users\Mac\AppData\Local\X-Plane Installer.prf
2015-01-18 20:49 - 2015-01-18 20:49 - 0000027 _____ () C:\Users\Mac\AppData\Local\x-plane_install_10.txt
2015-03-17 22:40 - 2015-03-17 22:40 - 0000008 _____ () C:\ProgramData\-
2014-10-27 12:06 - 2014-10-27 12:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-15 16:58 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-15 16:58 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-15 16:58 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Mac\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Mac\AppData\Local\Temp\Quarantine.exe
C:\Users\Mac\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 12:21

==================== End Of Log ============================

  • 0

Advertisements


#2
paxwell

paxwell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

anyone?


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. Sorry for the delay. Can you please post the contents of the Addition.txt file that should be on your desktop?


  • 0

#4
paxwell

paxwell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Mac at 2015-04-29 22:08:18
Running from C:\Users\Mac\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2891121944-1307343904-156153319-500 - Administrator - Disabled)
Guest (S-1-5-21-2891121944-1307343904-156153319-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2891121944-1307343904-156153319-1005 - Limited - Enabled)
Mac (S-1-5-21-2891121944-1307343904-156153319-1001 - Administrator - Enabled) => C:\Users\Mac

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Alien Isolation (HKLM-x32\...\Alien Isolation) (Version: 1.01 - SEGA)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
ARMA 3 Complete Campaign Edition (HKLM-x32\...\{58CB3F26-2380-4F9B-94F3-2BD00B68D46B}) (Version: 6.0 - Black Box)
ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.9 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.28 - G-spy Co., Ltd)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.1 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Atom (HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\atom) (Version: 0.189.0 - GitHub Inc.)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battlefield 4™ CTE (HKLM-x32\...\{551A08D1-B60E-4DED-9B67-C3B38258CCA3}) (Version: 1.0.2.30027 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BioShock Infinite (HKLM-x32\...\BioShock Infinite_is1) (Version:  - )
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dexpot (HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Dexpot) (Version: 1.6.14 - Dexpot GbR)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dying Light Update v1.2.1 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
ETDWare PS/2-X64 11.5.13.9_WHQL (HKLM\...\Elantech) (Version: 11.5.13.9 - ELAN Microelectronic Corp.)
FileZilla Client 3.10.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)
Google Chrome (HKLM-x32\...\{7335F348-64B4-3072-97D9-A1A55029C59C}) (Version: 66.30.49251 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Metro Redux (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0010}) (Version: 6.0 - Black Box)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ESP SimConnect Client v1.0.20.0 (HKLM-x32\...\{C0A9FCC1-9725-4679-8AC2-FE501B139B63}) (Version: 1.0.20.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 with Update 4 (HKLM-x32\...\{c96467b4-e480-4218-8fde-db83bf9d47d1}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
POSTAL 2 - Paradise Lost (HKLM-x32\...\POSTAL 2 - Paradise Lost_is1) (Version:  - )
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prepar3D v2 Professional (HKLM-x32\...\{5DD3CF5D-9573-44A8-9543-D65BED953192}) (Version: 2.4.11570.0 - Lockheed Martin)
Prepar3D v2 Professional Bundle (x32 Version: 2.4.11570.0 - Lockheed Martin) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.92 (14/03/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.29.02(19/06/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.49.0 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.17 (17/09/2014) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.14 (02/08/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.15 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.02.07.02 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spotify (HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
ThinkPad Compact Keyboard with TrackPoint driver (HKLM-x32\...\{CF48A022-4ACC-465A-9441-4069BDCCDCAE}) (Version: 1.4.9.1 - Lenovo)
Thunderbolt(TM) Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel(R) Corporation)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WhoCrashed 5.03 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinDirStat 1.1.2 (HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\WinDirStat) (Version:  - )
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2891121944-1307343904-156153319-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mac\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-04-2015 12:00:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-03-23 14:39 - 00000893 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 http://www.driver-soft.com
127.0.0.1 www.driver-soft.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {038BBE45-7A57-4DA0-9E2D-2E7FC2F81CDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {045025FD-8765-4120-A110-2776798AA41A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {08407A6B-1F04-4876-883A-C54548594EB4} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {130A9583-C392-446F-9B33-4DB3F2C0118E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {18936E60-A4ED-4565-9854-886C940B6B0A} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-01] (Realtek Semiconductor)
Task: {1BD56B49-6D12-462C-90DD-279B43832A57} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {2A291687-01B8-4724-8D3F-F95E7A2F49F6} - System32\Tasks\{3E64378A-F974-4F8E-B786-7CC6A72366DC} => pcalua.exe -a E:\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d E:\Downloads
Task: {3587AB83-B62E-4450-88BB-8977F94E6429} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {39F80DF0-D588-4EB9-A2F6-ED4AA4C9134A} - System32\Tasks\GoogleUpdateTaskMachineCore1d0329bb8ef2468 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {3DB054B3-7C8E-4BA0-B2C8-7798027677DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {434AC21F-DAB0-466A-AF63-66C059078497} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {4BA4BFC2-01B6-4AB1-B8F4-79B475E95F49} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {4E45182F-D2A3-4816-B9EA-90A1B56094CD} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-04-11] ()
Task: {4E8DDF47-AFBE-4D22-8ECA-4D05D090C9DC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MacPC-Mac MacPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {5A3DDF70-4805-43FA-90EE-2AECD190C3AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {765AFFC3-67A9-4997-8F9E-D5DB4F653700} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9314C445-4009-4FD5-AB64-8601A4C9D846} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-04-26] ()
Task: {9A397384-25A2-4A0F-85A8-2C63AC51BCE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {9B7EF36F-5CCB-4A2B-BBF3-60572B42AA5F} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-04-26] ()
Task: {9D54078C-79F8-4024-A1F6-F7D9B2B392EA} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {B017E176-53EC-4D0F-8972-2FD7BC5CF984} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B068AD76-6F1A-4452-9C33-CA59E3089019} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B43AF5E6-CE22-427E-90A4-19B0D964F5F0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {B6B608EC-2EAC-40E8-B5B4-4C227A6A4E74} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {B8F07269-8647-40FC-8DBA-19CAD2DDC663} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2014-09-02] (Realtek Semiconductor)
Task: {C4E6FF99-154B-401A-B224-7054D0B097F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C9A2B656-860B-4B87-A6A0-8B7AA29F80BD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {CCA30B80-265D-4F21-BEC6-A4E0A203B3B5} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2014-04-30] (ASUSTek Computer Inc.)
Task: {D351057F-323C-40EB-91FB-4836728ADE24} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {D81ECC9D-8F86-4CF2-A1D8-35DE99B80845} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {D8636C70-9EDF-4159-9D4B-5688C3248714} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {E1252D50-7CD7-40FE-B311-BAEB10B62BDC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {E40B839E-5385-4D41-9824-F5E281B42D0B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2891121944-1307343904-156153319-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {EC40E8D2-B23D-44B7-84A5-3C5C603D0FD8} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {F9F63798-E3A4-4B63-A8DC-C2AA47677ECC} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-07-09] (ASUSTek Computer Inc.)
Task: {FBFC12B8-7865-4B3F-93AB-A3489D9A9D62} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {FCD5C0E6-7A22-47F4-A815-74B817250B46} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0329bb8ef2468.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-03 12:47 - 2013-05-29 13:01 - 00034304 _____ () C:\Windows\System32\ssm4mlm.dll
2015-01-19 15:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-20 00:43 - 2015-03-20 17:49 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-10-27 12:01 - 2015-04-08 22:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-17 20:42 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-08 11:10 - 2014-12-08 11:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-19 10:12 - 2013-03-18 16:02 - 00056320 _____ () C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\MainCpl.exe
2015-03-19 10:12 - 2012-09-04 11:54 - 00103936 _____ () C:\Program Files (x86)\Lenovo\ThinkPad Compact Keyboard with TrackPoint driver\maincpl\fsHid.dll
2015-01-25 15:55 - 2015-01-25 15:49 - 00177152 _____ () C:\Users\Mac\Desktop\Applications\utorrent.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-10-27 12:10 - 2014-02-26 04:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-02-12 17:53 - 2015-02-12 17:53 - 00034672 ____R () C:\PROGRAM FILES\WESTERN DIGITAL\WD SMARTWARE\PLUGINS\WDBAIDUAPI.dll
2015-02-12 17:54 - 2015-02-12 17:54 - 00039288 ____R () C:\PROGRAM FILES\WESTERN DIGITAL\WD SMARTWARE\PLUGINS\WDTRANSPORTBAIDU.dll
2014-10-27 12:06 - 2013-10-23 14:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-03-17 20:42 - 2015-01-27 15:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-04-14 09:38 - 2015-03-28 04:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-01-19 15:40 - 2015-01-20 18:36 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-01-16 16:34 - 2015-01-16 16:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-04-16 12:26 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 12:26 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-03-11 15:30 - 2015-04-23 20:29 - 40518200 _____ () C:\Users\Mac\AppData\Roaming\Spotify\libcef.dll
2015-03-11 15:30 - 2015-04-23 20:29 - 01365560 _____ () C:\Users\Mac\AppData\Roaming\Spotify\libglesv2.dll
2015-03-11 15:30 - 2015-04-23 20:29 - 00219192 _____ () C:\Users\Mac\AppData\Roaming\Spotify\libegl.dll
2015-03-11 15:30 - 2015-03-18 14:55 - 09305656 _____ () C:\Users\Mac\AppData\Roaming\Spotify\pdf.dll
2015-03-11 15:30 - 2015-04-23 20:29 - 00990776 _____ () C:\Users\Mac\AppData\Roaming\Spotify\ffmpegsumo.dll
2015-04-16 12:26 - 2015-04-13 22:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Mac\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2891121944-1307343904-156153319-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mac\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1920x1080.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "ASUS ROG MacroKey"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\StartupApproved\Run: => "Icons8"
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2891121944-1307343904-156153319-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{170ED875-1C8E-4CF9-A6CE-7DCD32BFEE5C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BF6B5861-2596-44E0-B54C-78990EBC6B69}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CD368D8E-C03F-4914-8126-1539AE28ACB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8C2FB5EE-912C-42C8-8D13-1A7646E49337}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E05B31AE-070D-4315-A37B-8382B59E09A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{02D9F8BB-DB85-4084-93C7-50D586C450AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{805C6E80-DE90-48B5-A421-90DB152CB627}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4F166A7-E0B0-46EE-9D13-13B2C7D07E1A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D0A92017-B077-4310-AAD3-4787C4B1FD04}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{3090E6D6-3018-4C87-B344-8FEA7A8F3F19}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{28A94C6A-8496-44C5-A545-B8643AE42502}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{160804B8-458B-448F-BECB-89C816D9BA13}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{D66808AD-FE80-48BE-ADE2-CB47BDE5FDED}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E518E44-2390-4505-8712-34D2EB555AAD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{481AC4F2-9E1A-475E-9E98-3E555C753F22}C:\users\mac\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mac\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D5E17329-A606-40FA-8B8E-3CD2E0EE3B05}C:\users\mac\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mac\appdata\roaming\spotify\spotify.exe
FirewallRules: [{740FA1DB-F484-4816-9381-A17627108B1A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{3C008AC6-A54B-42F8-9F70-B46FC4F54CD6}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{9B0D910B-B768-41CE-968E-BD20B0C7FB19}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FE1C9176-DCB5-461D-BE01-ACA1F744FD18}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{AA706BFE-5D7B-4C5C-A2F2-78455C6F6DB1}] => (Allow) C:\Users\Mac\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{1965ADCD-A049-4A8F-97B0-967637507D53}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A2E1F11E-209B-4FB6-9B1E-C5054C80B5BD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0FA0BF1A-2600-466D-B838-7DD7E6179202}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{417EB986-F8C3-44A7-9D18-B06367CFE66A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2B165DE2-479C-4C58-8102-9ED0C1FB7114}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{945467F6-53A2-4B00-AEC4-94569DA61058}] => (Allow) E:\Games\Prepar3D Pro\Prepar3D.exe
FirewallRules: [{D1B94B94-2723-45B0-B7E4-DEF2473424AE}] => (Allow) E:\Games\Prepar3D Pro\Prepar3D.exe
FirewallRules: [{A187857D-6A6C-440A-B689-AE5AF646A8C3}] => (Allow) E:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{C8FF93E4-C3A2-4B90-9C70-C28F1C4BD0A8}] => (Allow) E:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{D37CDF05-5B4F-4A0C-AEAF-A683FE34F8F8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{84B77908-4F16-4213-B4B2-B1AB2F92E5B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{303E11B5-3AC3-40A5-994C-844F2B8DA10E}E:\downloads\utorrent.exe] => (Allow) E:\downloads\utorrent.exe
FirewallRules: [UDP Query User{3DAA6838-74D1-4545-A664-5A3AA09E4316}E:\downloads\utorrent.exe] => (Allow) E:\downloads\utorrent.exe
FirewallRules: [TCP Query User{85D2C5D0-D4BD-4005-B365-3BA81670ABF3}C:\users\mac\desktop\applications\utorrent.exe] => (Allow) C:\users\mac\desktop\applications\utorrent.exe
FirewallRules: [UDP Query User{4C3FFB69-6103-4E84-A087-9772617AA696}C:\users\mac\desktop\applications\utorrent.exe] => (Allow) C:\users\mac\desktop\applications\utorrent.exe
FirewallRules: [TCP Query User{90382BDB-E4ED-4BD1-908A-953F78BE1544}E:\games\dying light\dyinglightgame.exe] => (Block) E:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{6EF61084-8886-489A-BFCA-48ED043642C4}E:\games\dying light\dyinglightgame.exe] => (Block) E:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{ED5B4317-2339-496F-81B2-F8E0ED30351A}E:\games\dying light\dyinglightgame.exe] => (Block) E:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{524F00AE-FFF8-4ABC-9E2B-BC01EA71D897}E:\games\dying light\dyinglightgame.exe] => (Block) E:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{6F0D699D-1B68-4F90-9F64-3485AD473EF2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{550438EC-A793-4F47-A97A-13F383940E60}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{912724BE-8A8D-4221-8E2F-61D328E4E67A}C:\users\mac\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mac\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A7878552-8ED3-4069-8B1F-9AEE59600D1A}C:\users\mac\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mac\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AF84EA52-BC22-4537-BE4C-C98CEDEFCE46}] => (Block) E:\Program files\Adobe\Adobe Dreamweaver CC 2014\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{110457C9-F635-4CF1-B40D-84D77E5E3268}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe
FirewallRules: [{7005A7E5-2E66-4F06-A33E-D22E7174989B}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\AdobeApplicationManager.exe
FirewallRules: [TCP Query User{F0C187CB-93C8-4C73-8F72-FBA0161E97EE}E:\downloads\utorrent.exe] => (Allow) E:\downloads\utorrent.exe
FirewallRules: [UDP Query User{AA255688-2C39-4D07-9479-699FBA62527E}E:\downloads\utorrent.exe] => (Allow) E:\downloads\utorrent.exe
FirewallRules: [{4DA6D11F-9A85-4B28-BD61-9B270C59E0C2}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8F75CA1F-8E9C-440A-9F81-2B454ED9FBEB}] => (Allow) E:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{2D5B9DF8-2992-49A0-AF33-4B90973B61A3}C:\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse.exe
FirewallRules: [UDP Query User{C6F98A27-9417-4A3F-8DA5-6329E83A93C4}C:\eclipse\eclipse.exe] => (Allow) C:\eclipse\eclipse.exe
FirewallRules: [TCP Query User{16E14E99-30BB-4B28-B5B1-46C7C5ACA148}C:\users\mac\desktop\applications\utorrent.exe] => (Allow) C:\users\mac\desktop\applications\utorrent.exe
FirewallRules: [UDP Query User{F743EE3A-23F9-4DA1-BBEF-3C1F2C3E5CE9}C:\users\mac\desktop\applications\utorrent.exe] => (Allow) C:\users\mac\desktop\applications\utorrent.exe
FirewallRules: [TCP Query User{56573895-4625-48A7-90B5-4D5DFD41FED2}E:\games\alien isolation\ai.exe] => (Allow) E:\games\alien isolation\ai.exe
FirewallRules: [UDP Query User{EFD17FF3-FF88-4588-A624-E0BA9C8E96B2}E:\games\alien isolation\ai.exe] => (Allow) E:\games\alien isolation\ai.exe
FirewallRules: [{74613ABC-5888-4A10-9315-53CDA4780874}] => (Allow) LPort=13831
FirewallRules: [TCP Query User{2DCDF2A9-CF77-4FD5-99FB-6711AF09C73F}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{2D33B534-86EF-4285-9159-2AB26009D682}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F827DA11-B7FF-4E46-B5CF-75637973892A}] => (Allow) LPort=13831
FirewallRules: [{8C92F6FB-E25E-40A0-888F-8E13F6412B9D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{936D74CB-E938-4FCF-98A1-B691592C2E4B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B6D04FA6-C771-441F-BEBF-DFEDBA144326}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0239E3ED-8C42-46C0-9310-7429AA662848}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1FCD2A71-09CF-44EF-9C32-62A17730F586}] => (Allow) E:\Games\BFBC2\BFBC2Updater.exe
FirewallRules: [{064D1FFF-AE23-4354-9C85-A0DA8232C275}] => (Allow) E:\Games\BFBC2\BFBC2Updater.exe
FirewallRules: [TCP Query User{02F95251-1128-4360-9085-5126E5802D36}E:\games\bfbc2\bfbc2game.exe] => (Block) E:\games\bfbc2\bfbc2game.exe
FirewallRules: [UDP Query User{B5F1C201-28F0-4130-BCCB-70E1FCD64ADC}E:\games\bfbc2\bfbc2game.exe] => (Block) E:\games\bfbc2\bfbc2game.exe
FirewallRules: [{AE3E11B1-71A5-424B-9F04-A5698931D152}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{A0AC178E-A62F-4AE1-94A2-1040EE87F639}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{07014B8F-45E6-4F82-BB1A-7C647C68B94C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9E047B96-75EE-4997-AA96-D6A0B6ADA456}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{B7CEAA47-13D5-4F77-AA26-52944A20B89A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{26629D44-DA40-4124-85C0-97FB480DF954}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{B892891C-58B9-4C81-AFF3-8206289E5C91}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{04E0C412-B9A9-459B-BF46-5A9A0B32BEFF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{28385907-9104-4B5F-A87F-E2DC55E438E4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{A2F9523F-EA1B-4A5E-84B2-84378F3D0C7A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F9D7D2F0-FD03-4F38-A514-C8D23E18E846}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{ABF3C22F-99A2-4163-BF86-3F3537782FA4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{25260600-2D41-40CF-8AE7-19DEA9341D07}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{B8A4B467-2780-4298-A667-944E50FDC1D7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{AB058EE1-2BF7-456A-BBF7-AD0250D11741}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{76CACD64-24F8-42FC-AECB-02A45A431DD8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{005BFCAE-5577-4FC3-88A4-65AE1A9BB5CA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{0E435C36-853F-4C94-A533-B4F42AFDB8F5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{BD8B34D1-E30B-4DA5-9F01-AA1EB0AB5C95}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{1F309ECA-C29D-4C80-9C14-57730D3E1B89}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{52F42CFF-6804-4115-AECD-6F42DA7070C6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{900D39CC-8C44-4D0C-A737-9A7256AA17DD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{298B6F0E-5EF9-492A-AEE0-49AEAF9107D1}C:\program files (x86)\samsung\easy document creator\edc.exe] => (Allow) C:\program files (x86)\samsung\easy document creator\edc.exe
FirewallRules: [UDP Query User{45EB673C-D7A5-4CE5-B3CF-D4C8BB4D73C6}C:\program files (x86)\samsung\easy document creator\edc.exe] => (Allow) C:\program files (x86)\samsung\easy document creator\edc.exe
FirewallRules: [TCP Query User{23C412F3-4A93-40AF-9A9C-7859B496BE7A}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{34E44A0C-1DB6-4F2C-9584-2A7BF6ACCDD5}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [TCP Query User{E03BF15F-FB7E-4FB8-A52F-CD1A54524D7E}F:\grand theft auto v\gta5.exe] => (Block) F:\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{DAC777C2-0206-4679-B0F7-F1769594EF40}F:\grand theft auto v\gta5.exe] => (Block) F:\grand theft auto v\gta5.exe
FirewallRules: [{9BB9B5FF-CAD5-47C2-B207-3B5B029F033C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{72BE8D5A-45C7-4748-AE17-718241265A01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{4A22F3CB-5A14-4881-A0EF-D6BD24AE3E57}F:\grand theft auto 5\gta5.exe] => (Allow) F:\grand theft auto 5\gta5.exe
FirewallRules: [UDP Query User{53F20A14-5380-472E-91BE-72DE73CF0715}F:\grand theft auto 5\gta5.exe] => (Allow) F:\grand theft auto 5\gta5.exe
FirewallRules: [{FDEB94B5-C491-4020-8606-CDD80C2AB242}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte_x86.exe
FirewallRules: [{6AF7A61F-98D8-404B-BEDE-24A89BBACD4D}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte_x86.exe
FirewallRules: [{EB781644-C26A-414C-A9DE-D47E52E4D427}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte.exe
FirewallRules: [{D928E940-D8E6-49DD-BFE0-E313BD4D9E61}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4 CTE\bf4cte.exe
FirewallRules: [{FFA01303-45F3-4792-B902-05F3EE5AC916}] => (Allow) F:\DEV\MSVS PRO 2013\Common7\IDE\devenv.exe
FirewallRules: [{AF9CAA1E-9162-4D3F-8549-B75330447F66}] => (Allow) LPort=12292
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2015 09:23:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 09:23:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 06:15:15 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/29/2015 03:23:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.335.2, time stamp: 0x5533d504
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff8ce3ff14a
Faulting process ID: 0x20d4
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report ID: GTA5.exe3
Faulting package full name: GTA5.exe4
Faulting package-relative application ID: GTA5.exe5

Error: (04/29/2015 02:22:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (04/29/2015 02:18:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 10:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.335.2, time stamp: 0x5533d504
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff905139bd2
Faulting process ID: 0x2298
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report ID: GTA5.exe3
Faulting package full name: GTA5.exe4
Faulting package-relative application ID: GTA5.exe5

Error: (04/29/2015 09:50:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 09:50:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent

Error: (04/29/2015 09:50:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (04/29/2015 09:50:28 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff8003d6fbb89, 0xffffd00020ebaff0, 0x0000000000000000)C:\Windows\MEMORY.DMP042915-9671-01

Error: (04/29/2015 09:50:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:04:42 on ‎29/‎04/‎2015 was unexpected.

Error: (04/28/2015 09:25:21 AM) (Source: DCOM) (EventID: 10010) (User: MACPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/28/2015 09:25:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/28/2015 09:24:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/28/2015 09:23:29 AM) (Source: DCOM) (EventID: 10010) (User: MACPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/28/2015 09:23:29 AM) (Source: DCOM) (EventID: 10010) (User: MACPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/28/2015 09:23:23 AM) (Source: DCOM) (EventID: 10010) (User: MACPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/28/2015 09:23:23 AM) (Source: DCOM) (EventID: 10010) (User: MACPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/28/2015 09:23:17 AM) (Source: DCOM) (EventID: 10010) (User: MACPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (04/29/2015 09:23:28 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 09:23:22 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 06:15:15 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]

Error: (04/29/2015 03:23:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.335.25533d504unknown0.0.0.000000000c000000500007ff8ce3ff14a20d401d082855752453aF:\Grand Theft Auto V\GTA5.exeunknown4b8c082b-ee7b-11e4-8284-28b2bdf0496a

Error: (04/29/2015 02:22:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (04/29/2015 02:18:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 10:37:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.335.25533d504unknown0.0.0.000000000c000000500007ff905139bd2229801d0825cf9f8d485F:\Grand Theft Auto V\GTA5.exeunknown4cfd9729-ee53-11e4-8284-28b2bdf0496a

Error: (04/29/2015 09:50:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/29/2015 09:50:47 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent

Error: (04/29/2015 09:50:45 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


CodeIntegrity Errors:
===================================
  Date: 2015-04-15 20:04:19.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:18.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:18.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:18.416
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:17.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:17.870
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:17.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:17.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:11.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-15 20:04:11.619
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 18%
Total physical RAM: 24525.09 MB
Available physical RAM: 19939.98 MB
Total Pagefile: 49101.09 MB
Available Pagefile: 43085.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:31.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (SSD1) (Fixed) (Total:130.86 GB) (Free:106.75 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.75 GB) (Free:122.44 GB) NTFS
Drive f: (Data2) (Fixed) (Total:465.76 GB) (Free:326.01 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:931.48 GB) (Free:624.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: EE637808)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 43906151)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 511B7C97)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Your logs look good. You did a thorough job of cleaning up the malware. It appears you may have an illegal copy of windows and/or office on your machine so our Terms of Use prohibit me from assisting you further but it doesn't look like you need anything else done. I'll leave you with the following. 

 

 

1. Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
Note: If you don't use Java or don't know if you need it I would uninstall it.
 
If you wish to keep it please follow the instructions below to update to the newest version.
1. Click the Start button
2. Type Java
3. Click on Configure Java in the search results
4. Click the Update tab
5. Click the Update Now button and allow the update to download/install.

 

2. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.

  • 0

#6
paxwell

paxwell

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

 

Your logs look good. You did a thorough job of cleaning up the malware. It appears you may have an illegal copy of windows and/or office on your machine so our Terms of Use prohibit me from assisting you further but it doesn't look like you need anything else done. I'll leave you with the following. 

 

 

1. Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
Note: If you don't use Java or don't know if you need it I would uninstall it.
 
If you wish to keep it please follow the instructions below to update to the newest version.
1. Click the Start button
2. Type Java
3. Click on Configure Java in the search results
4. Click the Update tab
5. Click the Update Now button and allow the update to download/install.

 

2. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.

 

Got my laptop straight from Online Retailer didn't install Windows nor Office myself, thank you for outlining that issue, I will definitely look into it.


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem, take care.


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: backdoor

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP