Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adware malware oursurfing.com still exists after reformating PC [Solve

adware malware oursurfing reformat format

  • This topic is locked This topic is locked

#1
adriandallegrave

adriandallegrave

    Member

  • Member
  • PipPip
  • 29 posts

Hey guys! I think I really need your help.

 

I had a malware in my computer that changed my Chrome homepage to a website called oursurfing.com and opened ads everytime I clicked for the first time on any opened tabs. I deleted the unwanted extensions and changed all web addresses I didn't want from the Chrome settings page. The malware came back shortly after. Than I reformated my PC cleaning up all the drives and partitions. After that I was downloading the drivers and the ads started appearing again. I thought the malware was stored inside my pen drive so I installed Avast to check it. It came back clean as did the rest of the computer. 

 

I reformated the computer once again but this time upgrading from Windows 7 to Windows 8.1. Instead of just getting the ads and chrome's homepage changed the computer started installing many unwanted softwares by itself. While uninstalling any of them the computer would install many others. It took less than half an hour for me to have to clean everything up again. 

 

When I reformated the fourth time I did a full reset. It's a process that Windows 8.1 has and it took around 6 hours to complete. When it was done I still had the anoying ads but no software was installed without my knowledge. I downloaded Spyhunter, Malware Bytes, Stopzilla, Adwcleaner and Junkware Removal. I scanned the computer with all of them and they didn't find any virus.

 

I checked regedit but didn't find anything out of the ordinary. At least anything related to oursurfing.com. I also tried to use differents web browsers but to no results. 

 

I would really apreciate all the help you can give. Sorry for my bad English, I hope you're able to understand me. Thanks in advance.

 

Here are the log files generated by Farbar Recovery Scan Tool.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Adrian (administrator) on ADRIAN-PC on 10-06-2015 19:05:25
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available Profiles: Adrian)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Users\Adrian\AppData\Roaming\Enigma Software Group\sh_installer.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1064080 2015-05-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-10] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-10] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3754158730-2153890883-1210738772-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-10] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-10] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 80.82.64.136 8.8.8.8
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-09]
CHR Extension: (YouTube) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-09]
CHR Extension: (Google Search) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-09]
CHR Extension: (Bubble Shooter) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdlnbbnjknldpikkllanljjbnegnnei [2015-06-09]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-06-09]
CHR Extension: (Planetarium) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-06-09]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-06-09]
CHR Extension: (AdBlock) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-09]
CHR Extension: (Bookmark Manager) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-09]
CHR Extension: (Avast Online Security) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-10]
CHR Extension: (Google Maps) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-06-09]
CHR Extension: (Google Wallet) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-09]
CHR Extension: (Gmail) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-09]
CHR Extension: (Writer) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-10] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-10] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-10] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-10] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-10] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-10] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-10] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-10] ()
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-06-10] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-10] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-10] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-10 19:05 - 2015-06-10 19:05 - 00011688 _____ C:\Users\Adrian\Desktop\FRST.txt
2015-06-10 19:04 - 2015-06-10 19:05 - 00000000 ____D C:\FRST
2015-06-10 19:02 - 2015-06-10 19:02 - 02108928 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe
2015-06-10 18:56 - 2015-06-10 19:03 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent
2015-06-10 18:56 - 2015-06-10 18:56 - 01994592 _____ (BitTorrent Inc.) C:\Users\Adrian\Downloads\uTorrent.exe
2015-06-10 18:45 - 2015-06-10 18:45 - 00003332 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-06-10 18:45 - 2015-06-10 18:45 - 00001103 _____ C:\Users\Adrian\Desktop\SpyHunter.lnk
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Enigma Software Group
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\sh4ldr
2015-06-10 18:44 - 2015-06-10 18:44 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-06-10 18:44 - 2015-06-10 18:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-06-10 18:38 - 2015-06-10 18:38 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-ADRIAN-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-10 18:38 - 2015-06-10 18:38 - 00000000 ____D C:\RegBackup
2015-06-10 18:38 - 2015-06-10 18:38 - 00000000 ____D C:\AdwCleaner
2015-06-10 18:33 - 2015-06-10 18:33 - 02943663 _____ (Thisisu) C:\Users\Adrian\Downloads\JRT.exe
2015-06-10 18:32 - 2015-06-10 18:32 - 02231296 _____ C:\Users\Adrian\Downloads\AdwCleaner.exe
2015-06-10 18:32 - 2015-06-10 18:32 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 18:32 - 2015-06-10 18:32 - 00000000 _____ C:\autoexec.bat
2015-06-10 18:31 - 2015-06-10 18:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Adrian\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-10 18:31 - 2015-06-10 18:31 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-10 18:31 - 2015-06-10 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 18:31 - 2015-06-10 18:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-10 18:31 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-10 18:31 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-10 18:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-10 18:30 - 2015-06-10 18:30 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Adrian\Downloads\SpyHunter-Installer.exe
2015-06-10 18:25 - 2015-06-10 18:25 - 00000118 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-10 17:18 - 2015-06-10 17:18 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\AVAST Software
2015-06-10 12:53 - 2015-06-10 12:53 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-10 12:53 - 2015-06-10 12:53 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-10 12:53 - 2015-06-10 12:53 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-06-10 12:53 - 2015-06-10 12:53 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-06-10 12:53 - 2015-06-10 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-10 12:53 - 2015-06-10 12:52 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-10 12:53 - 2015-06-10 12:52 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-10 12:52 - 2015-06-10 12:52 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-10 12:49 - 2015-06-10 12:49 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-10 12:48 - 2015-06-10 12:48 - 06306016 _____ (AVAST Software s. r. o.) C:\Users\Adrian\Downloads\avast_free_antivirus_setup_online.exe
2015-06-10 12:48 - 2015-06-10 12:48 - 00353664 _____ (AVAST Software s. r. o.) C:\WINDOWS\AswCheck.exe
2015-06-10 12:48 - 2015-06-10 12:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2015-06-10 12:48 - 2015-06-10 12:48 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-10 12:26 - 2015-06-10 12:26 - 00019652 _____ C:\WINDOWS\system32\results.xml
2015-06-10 12:26 - 2015-06-10 12:26 - 00000401 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-10 12:09 - 2015-06-10 18:44 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-06-10 12:09 - 2015-06-10 12:25 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-06-10 12:08 - 2015-06-10 12:08 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-06-09 14:17 - 2015-06-09 14:17 - 00000000 __SHD C:\Recovery
2015-06-09 13:17 - 2015-06-10 18:43 - 00001892 _____ C:\WINDOWS\PFRO.log
2015-06-09 13:17 - 2015-06-09 09:43 - 00000000 ____D C:\WINDOWS\Panther
2015-06-09 12:17 - 2015-06-09 12:17 - 00000000 ____D C:\ProgramData\IntelDLM
2015-06-09 12:11 - 2015-06-09 12:11 - 00001182 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\Users\Adrian\AppData\Local\Intel
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-06-09 12:10 - 2015-06-10 12:24 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-06-09 12:10 - 2015-06-10 12:24 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2015-06-09 12:10 - 2015-06-09 12:11 - 00000000 ____D C:\Program Files\Intel
2015-06-09 12:10 - 2015-06-09 12:10 - 00000000 ____D C:\WINDOWS\LastGood
2015-06-09 12:10 - 2015-06-09 12:10 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-09 12:09 - 2015-06-10 12:26 - 00000000 ____D C:\Intel
2015-06-09 11:32 - 2015-06-10 18:43 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-09 11:32 - 2015-06-09 11:32 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA Corporation
2015-06-09 11:32 - 2015-06-09 11:32 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA
2015-06-09 11:32 - 2015-06-09 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-09 11:32 - 2015-05-28 04:04 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-09 11:32 - 2015-05-28 01:15 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-09 11:32 - 2015-05-28 00:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-09 11:32 - 2015-05-27 07:48 - 04408727 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-06-09 11:32 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-06-09 11:31 - 2015-06-09 11:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-09 11:31 - 2015-06-09 11:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-09 11:31 - 2015-06-09 11:31 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-09 11:31 - 2015-06-09 11:31 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-09 11:31 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-09 11:31 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00117576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00052880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00039056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-09 11:30 - 2015-06-09 11:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-09 11:30 - 2015-06-09 11:30 - 00000000 ____D C:\NVIDIA
2015-06-09 09:34 - 2015-06-10 18:51 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3754158730-2153890883-1210738772-1001
2015-06-09 09:34 - 2015-06-10 18:43 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-09 09:34 - 2015-06-10 18:39 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 09:34 - 2015-06-09 09:34 - 00004060 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-09 09:34 - 2015-06-09 09:34 - 00003824 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____D C:\Users\Adrian\AppData\Local\Google
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-09 09:33 - 2015-06-09 09:33 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Macromedia
2015-06-09 09:29 - 2015-06-10 18:43 - 00000000 ___RD C:\Users\Adrian\SkyDrive
2015-06-09 09:28 - 2015-06-09 09:28 - 00001446 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Adobe
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\Users\Adrian\AppData\Local\VirtualStore
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\Users\Adrian\AppData\Local\Packages
2015-06-09 09:27 - 2015-06-10 12:26 - 00000000 ____D C:\Users\Adrian
2015-06-09 09:27 - 2015-06-09 09:27 - 00000020 ___SH C:\Users\Adrian\ntuser.ini
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-09 09:26 - 2015-06-10 18:47 - 00818732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-09 09:22 - 2015-06-10 19:01 - 00286490 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-09 09:22 - 2015-06-09 09:22 - 00000000 ____D C:\WINDOWS\CSC
2015-06-09 09:22 - 2013-08-22 02:17 - 02407936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 24846712 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 24048456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17804608 _____ C:\WINDOWS\system32\igd11dxva64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17329224 _____ C:\WINDOWS\SysWOW64\igd11dxva32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 15981056 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 10851840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09528320 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09422928 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 08631888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 07500800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 06725162 _____ C:\WINDOWS\system32\igdclbif.bin
2015-05-29 15:49 - 2015-05-29 15:49 - 06160424 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 04892088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 04851848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03584512 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03318272 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02944648 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 02813952 _____ C:\WINDOWS\system32\iglhxa64.cpa
2015-05-29 15:49 - 2015-05-29 15:49 - 02776408 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02039296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01540904 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01513304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01402336 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01399240 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01371136 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01196336 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01131008 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01063936 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01036392 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01032808 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01014368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00698880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00671328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00641530 _____ C:\WINDOWS\system32\FilmModeDetection.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00623616 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00616280 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00472168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00460048 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 00448104 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00424960 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00403671 _____ C:\WINDOWS\system32\ImageStabilization.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00392296 _____ C:\WINDOWS\system32\igfxTray.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00385024 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00375173 _____ C:\WINDOWS\system32\ColorImageEnhancement.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00373760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00355328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00354136 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00344168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338536 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338024 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00313448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00290816 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00282696 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00279144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00274776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00263120 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00256000 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-05-29 15:49 - 2015-05-29 15:49 - 00248424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00229888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00220432 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00218728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00213504 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00213192 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00196704 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00192000 _____ C:\WINDOWS\system32\igdde64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00184352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00183296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4222.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00179200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00178672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00169984 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00156264 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00153088 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00152064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00135000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00127320 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00094208 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00073728 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00060416 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00044025 _____ C:\WINDOWS\system32\iglhxo64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043816 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043494 _____ C:\WINDOWS\system32\iglhxc64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043298 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043256 _____ C:\WINDOWS\system32\iglhxg64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00042079 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00036616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00035328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00004008 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00001125 _____ C:\WINDOWS\system32\iglhxa64.vp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-10 19:00 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-10 18:43 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-10 17:36 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-10 12:54 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-10 12:24 - 2013-08-22 11:46 - 00016429 _____ C:\WINDOWS\setupact.log
2015-06-09 14:17 - 2013-08-22 12:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-09 14:17 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-06-09 13:17 - 2013-08-22 12:37 - 00001720 _____ C:\WINDOWS\DtcInstall.log
2015-06-09 11:34 - 2013-08-22 11:44 - 00336632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 11:32 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-06-09 11:32 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Camera
 
Some files in TEMP:
====================
C:\Users\Adrian\AppData\Local\Temp\PidGenX.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-09 13:17
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Adrian at 2015-06-10 19:05:37
Running from C:\Users\Adrian\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3754158730-2153890883-1210738772-500 - Administrator - Disabled)
Adrian (S-1-5-21-3754158730-2153890883-1210738772-1001 - Administrator - Enabled) => C:\Users\Adrian
Guest (S-1-5-21-3754158730-2153890883-1210738772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3754158730-2153890883-1210738772-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3754158730-2153890883-1210738772-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3754158730-2153890883-1210738772-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
09-06-2015 11:32:31 Installed DirectX
10-06-2015 12:49:43 avast! antivirus system restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13524987-0041-4F6F-A078-81237AD8B1FB} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-06-10] ()
Task: {2EF831AC-101A-4656-9D3A-7441506B57E4} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-10] (Enigma Software Group USA, LLC.)
Task: {582104AC-9B6A-49C5-9D9C-1B27187FE57B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-10] (Avast Software s.r.o.)
Task: {A3D26285-3F69-4F2D-9A8F-16728582C4A0} - System32\Tasks\AVAST Software\Avast Integrity Check => C:\WINDOWS\AswCheck.exe [2015-06-10] (AVAST Software s. r. o.)
Task: {B2C5A1A0-F7A5-40C5-BF25-C899328BDEBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-09] (Google Inc.)
Task: {EFD97A77-3794-4621-8FE4-AB9962A6EDC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-09] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-09 11:32 - 2015-05-28 01:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-06-10 12:52 - 2015-06-10 12:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-10 12:52 - 2015-06-10 12:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-10 17:49 - 2015-06-10 17:49 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061001\algo.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-10 12:52 - 2015-06-10 12:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-09 14:39 - 2015-06-05 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 14:39 - 2015-06-05 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-09 14:39 - 2015-06-05 15:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Adrian\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3754158730-2153890883-1210738772-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 80.82.64.136 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{CCD1236B-A66F-433B-BC69-91DF293F0C2A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6CBE966-9424-45C5-88CC-0A2781A6B05A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DDDDCDB5-FCAC-45D2-8FD0-A1E449E1A2A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3B3CA0A9-65FB-423F-8DE4-F65A0B27C8E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7E4C72FB-959C-451C-936E-85E43CE8C4BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06966DE9-2A1F-4F9D-BC96-A0224D2493B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CD3D6447-3A80-45E5-8AF4-ADE167B61D2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{259DBD3C-CD55-4E2A-A937-3C3586E467E7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BAF10675-33F0-42C0-95B1-96CB9062063B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4092A7C9-9BC0-4212-B8A3-0DE599F00AA9}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9A9EA548-FB1C-4C83-BE2B-A8AD79904FB7}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/09/2015 11:33:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
 
System errors:
=============
Error: (06/10/2015 06:41:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer RODRIGO-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4E5CC265-0CE6-48B1-A06F-E2F8B9665826}.
The master browser is stopping or an election is being forced.
 
Error: (06/10/2015 06:38:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SpyHunter 4 Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 06:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (06/09/2015 11:33:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 27%
Total physical RAM: 8076.95 MB
Available physical RAM: 5834.58 MB
Total Pagefile: 9996.95 MB
Available Pagefile: 7343.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.48 GB) (Free:198.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:930.12 GB) NTFS
Drive e: (IRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF
Drive f: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:656.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7CCB641F)
Partition 1: (Active) - (Size=223.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1C31C86A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 66F970B1)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
adriandallegrave

adriandallegrave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hey guys! I think I really need your help.

I had a malware in my computer that changed my Chrome homepage to a website called oursurfing.com and opened ads everytime I clicked for the first time on any opened tabs. I deleted the unwanted extensions and changed all web addresses I didn't want from the Chrome settings page. The malware came back shortly after. Than I reformated my PC cleaning up all the drives and partitions. After that I was downloading the drivers and the ads started appearing again. I thought the malware was stored inside my pen drive so I installed Avast to check it. It came back clean as did the rest of the computer.

I reformated the computer once again but this time upgrading from Windows 7 to Windows 8.1. Instead of just getting the ads and chrome's homepage changed the computer started installing many unwanted softwares by itself. While uninstalling any of them the computer would install many others. It took less than half an hour for me to have to clean everything up again.

When I reformated the fourth time I did a full reset. It's a process that Windows 8.1 has and it took around 6 hours to complete. When it was done I still had the anoying ads but no software was installed without my knowledge. I downloaded Spyhunter, Malware Bytes, Stopzilla, Adwcleaner and Junkware Removal. I scanned the computer with all of them and they didn't find any virus.

I checked regedit but didn't find anything out of the ordinary. At least anything related to oursurfing.com. I also tried to use differents web browsers but to no results.

I would really apreciate all the help you can give. Sorry for my bad English, I hope you're able to understand me. Thanks in advance.

Here are the log files generated by Farbar Recovery Scan Tool.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Adrian (administrator) on ADRIAN-PC on 10-06-2015 19:05:25
Running from C:\Users\Adrian\Desktop
Loaded Profiles: Adrian (Available Profiles: Adrian)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Enigma Software Group USA, LLC.) C:\Users\Adrian\AppData\Roaming\Enigma Software Group\sh_installer.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1064080 2015-05-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-10] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-10] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3754158730-2153890883-1210738772-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-10] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-10] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 80.82.64.136 8.8.8.8

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-09] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-10]

Chrome:
=======
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-09]
CHR Extension: (YouTube) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-09]
CHR Extension: (Google Search) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-09]
CHR Extension: (Bubble Shooter) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdlnbbnjknldpikkllanljjbnegnnei [2015-06-09]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-06-09]
CHR Extension: (Planetarium) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-06-09]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-06-09]
CHR Extension: (AdBlock) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-09]
CHR Extension: (Bookmark Manager) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-09]
CHR Extension: (Avast Online Security) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-10]
CHR Extension: (Google Maps) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-06-09]
CHR Extension: (Google Wallet) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-09]
CHR Extension: (Gmail) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-09]
CHR Extension: (Writer) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-10] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-10] (Avast Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-10] (Enigma Software Group USA, LLC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-10] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-10] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-10] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-10] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-10] ()
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-06-10] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-10] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-10] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 19:05 - 2015-06-10 19:05 - 00011688 _____ C:\Users\Adrian\Desktop\FRST.txt
2015-06-10 19:04 - 2015-06-10 19:05 - 00000000 ____D C:\FRST
2015-06-10 19:02 - 2015-06-10 19:02 - 02108928 _____ (Farbar) C:\Users\Adrian\Desktop\FRST64.exe
2015-06-10 18:56 - 2015-06-10 19:03 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent
2015-06-10 18:56 - 2015-06-10 18:56 - 01994592 _____ (BitTorrent Inc.) C:\Users\Adrian\Downloads\uTorrent.exe
2015-06-10 18:45 - 2015-06-10 18:45 - 00003332 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-06-10 18:45 - 2015-06-10 18:45 - 00001103 _____ C:\Users\Adrian\Desktop\SpyHunter.lnk
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Enigma Software Group
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\sh4ldr
2015-06-10 18:44 - 2015-06-10 18:44 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-06-10 18:44 - 2015-06-10 18:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-06-10 18:38 - 2015-06-10 18:38 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-ADRIAN-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-10 18:38 - 2015-06-10 18:38 - 00000000 ____D C:\RegBackup
2015-06-10 18:38 - 2015-06-10 18:38 - 00000000 ____D C:\AdwCleaner
2015-06-10 18:33 - 2015-06-10 18:33 - 02943663 _____ (Thisisu) C:\Users\Adrian\Downloads\JRT.exe
2015-06-10 18:32 - 2015-06-10 18:32 - 02231296 _____ C:\Users\Adrian\Downloads\AdwCleaner.exe
2015-06-10 18:32 - 2015-06-10 18:32 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 18:32 - 2015-06-10 18:32 - 00000000 _____ C:\autoexec.bat
2015-06-10 18:31 - 2015-06-10 18:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Adrian\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-10 18:31 - 2015-06-10 18:31 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-10 18:31 - 2015-06-10 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-10 18:31 - 2015-06-10 18:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-10 18:31 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-10 18:31 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-10 18:31 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-10 18:30 - 2015-06-10 18:30 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Adrian\Downloads\SpyHunter-Installer.exe
2015-06-10 18:25 - 2015-06-10 18:25 - 00000118 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-10 17:18 - 2015-06-10 17:18 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\AVAST Software
2015-06-10 12:53 - 2015-06-10 12:53 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-10 12:53 - 2015-06-10 12:53 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-06-10 12:53 - 2015-06-10 12:53 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-06-10 12:53 - 2015-06-10 12:53 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-06-10 12:53 - 2015-06-10 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-06-10 12:53 - 2015-06-10 12:52 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-10 12:53 - 2015-06-10 12:52 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-10 12:53 - 2015-06-10 12:52 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-10 12:52 - 2015-06-10 12:52 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-10 12:49 - 2015-06-10 12:49 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-10 12:48 - 2015-06-10 12:48 - 06306016 _____ (AVAST Software s. r. o.) C:\Users\Adrian\Downloads\avast_free_antivirus_setup_online.exe
2015-06-10 12:48 - 2015-06-10 12:48 - 00353664 _____ (AVAST Software s. r. o.) C:\WINDOWS\AswCheck.exe
2015-06-10 12:48 - 2015-06-10 12:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2015-06-10 12:48 - 2015-06-10 12:48 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-10 12:26 - 2015-06-10 12:26 - 00019652 _____ C:\WINDOWS\system32\results.xml
2015-06-10 12:26 - 2015-06-10 12:26 - 00000401 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-10 12:09 - 2015-06-10 18:44 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-06-10 12:09 - 2015-06-10 12:25 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-06-10 12:08 - 2015-06-10 12:08 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-06-09 14:17 - 2015-06-09 14:17 - 00000000 __SHD C:\Recovery
2015-06-09 13:17 - 2015-06-10 18:43 - 00001892 _____ C:\WINDOWS\PFRO.log
2015-06-09 13:17 - 2015-06-09 09:43 - 00000000 ____D C:\WINDOWS\Panther
2015-06-09 12:17 - 2015-06-09 12:17 - 00000000 ____D C:\ProgramData\IntelDLM
2015-06-09 12:11 - 2015-06-09 12:11 - 00001182 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\Users\Adrian\AppData\Local\Intel
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-06-09 12:11 - 2015-06-09 12:11 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-06-09 12:10 - 2015-06-10 12:24 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-06-09 12:10 - 2015-06-10 12:24 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2015-06-09 12:10 - 2015-06-09 12:11 - 00000000 ____D C:\Program Files\Intel
2015-06-09 12:10 - 2015-06-09 12:10 - 00000000 ____D C:\WINDOWS\LastGood
2015-06-09 12:10 - 2015-06-09 12:10 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-09 12:09 - 2015-06-10 12:26 - 00000000 ____D C:\Intel
2015-06-09 11:32 - 2015-06-10 18:43 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-09 11:32 - 2015-06-09 11:32 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA Corporation
2015-06-09 11:32 - 2015-06-09 11:32 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA
2015-06-09 11:32 - 2015-06-09 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-09 11:32 - 2015-05-28 04:04 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-09 11:32 - 2015-05-28 01:15 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-09 11:32 - 2015-05-28 01:15 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-09 11:32 - 2015-05-28 00:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-09 11:32 - 2015-05-27 07:48 - 04408727 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-06-09 11:32 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-06-09 11:32 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-06-09 11:31 - 2015-06-09 11:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-09 11:31 - 2015-06-09 11:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-09 11:31 - 2015-06-09 11:31 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-09 11:31 - 2015-06-09 11:31 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-09 11:31 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-09 11:31 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00117576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00052880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00039056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-09 11:31 - 2015-05-28 04:04 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-09 11:31 - 2015-05-28 04:04 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-09 11:30 - 2015-06-09 11:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-09 11:30 - 2015-06-09 11:30 - 00000000 ____D C:\NVIDIA
2015-06-09 09:34 - 2015-06-10 18:51 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3754158730-2153890883-1210738772-1001
2015-06-09 09:34 - 2015-06-10 18:43 - 00001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-09 09:34 - 2015-06-10 18:39 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 09:34 - 2015-06-09 09:34 - 00004060 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-09 09:34 - 2015-06-09 09:34 - 00003824 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____D C:\Users\Adrian\AppData\Local\Google
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-09 09:34 - 2015-06-09 09:34 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-09 09:33 - 2015-06-09 09:33 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Macromedia
2015-06-09 09:29 - 2015-06-10 18:43 - 00000000 ___RD C:\Users\Adrian\SkyDrive
2015-06-09 09:28 - 2015-06-09 09:28 - 00001446 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Adobe
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\Users\Adrian\AppData\Local\VirtualStore
2015-06-09 09:28 - 2015-06-09 09:28 - 00000000 ____D C:\Users\Adrian\AppData\Local\Packages
2015-06-09 09:27 - 2015-06-10 12:26 - 00000000 ____D C:\Users\Adrian
2015-06-09 09:27 - 2015-06-09 09:27 - 00000020 ___SH C:\Users\Adrian\ntuser.ini
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-09 09:27 - 2013-08-22 12:36 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-09 09:26 - 2015-06-10 18:47 - 00818732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-09 09:22 - 2015-06-10 19:01 - 00286490 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-09 09:22 - 2015-06-09 09:22 - 00000000 ____D C:\WINDOWS\CSC
2015-06-09 09:22 - 2013-08-22 02:17 - 02407936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 24846712 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 24048456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17804608 _____ C:\WINDOWS\system32\igd11dxva64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17329224 _____ C:\WINDOWS\SysWOW64\igd11dxva32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 15981056 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 10851840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09528320 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09422928 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 08631888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 07500800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 06725162 _____ C:\WINDOWS\system32\igdclbif.bin
2015-05-29 15:49 - 2015-05-29 15:49 - 06160424 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 04892088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 04851848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03584512 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03318272 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02944648 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 02813952 _____ C:\WINDOWS\system32\iglhxa64.cpa
2015-05-29 15:49 - 2015-05-29 15:49 - 02776408 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02039296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01540904 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01513304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01402336 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01399240 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01371136 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01196336 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01131008 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01063936 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01036392 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01032808 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01014368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00698880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00671328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00641530 _____ C:\WINDOWS\system32\FilmModeDetection.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00623616 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00616280 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00472168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00460048 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 00448104 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00424960 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00403671 _____ C:\WINDOWS\system32\ImageStabilization.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00392296 _____ C:\WINDOWS\system32\igfxTray.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00385024 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00375173 _____ C:\WINDOWS\system32\ColorImageEnhancement.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00373760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00355328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00354136 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00344168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338536 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338024 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00313448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00290816 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00282696 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00279144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00274776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00263120 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00256000 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-05-29 15:49 - 2015-05-29 15:49 - 00248424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00229888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00220432 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00218728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00213504 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00213192 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00196704 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00192000 _____ C:\WINDOWS\system32\igdde64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00184352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00183296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4222.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00179200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00178672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00169984 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00156264 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00153088 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00152064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00135000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00127320 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00094208 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00073728 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00060416 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00044025 _____ C:\WINDOWS\system32\iglhxo64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043816 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043494 _____ C:\WINDOWS\system32\iglhxc64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043298 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043256 _____ C:\WINDOWS\system32\iglhxg64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00042079 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00036616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00035328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00004008 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00001125 _____ C:\WINDOWS\system32\iglhxa64.vp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 19:00 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-10 18:43 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-10 17:36 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-10 12:54 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-10 12:24 - 2013-08-22 11:46 - 00016429 _____ C:\WINDOWS\setupact.log
2015-06-09 14:17 - 2013-08-22 12:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-09 14:17 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-06-09 13:17 - 2013-08-22 12:37 - 00001720 _____ C:\WINDOWS\DtcInstall.log
2015-06-09 11:34 - 2013-08-22 11:44 - 00336632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 11:32 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-06-09 11:32 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-06-09 09:28 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Camera

Some files in TEMP:
====================
C:\Users\Adrian\AppData\Local\Temp\PidGenX.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-09 13:17

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Adrian at 2015-06-10 19:05:37
Running from C:\Users\Adrian\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3754158730-2153890883-1210738772-500 - Administrator - Disabled)
Adrian (S-1-5-21-3754158730-2153890883-1210738772-1001 - Administrator - Enabled) => C:\Users\Adrian
Guest (S-1-5-21-3754158730-2153890883-1210738772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3754158730-2153890883-1210738772-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3754158730-2153890883-1210738772-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3754158730-2153890883-1210738772-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

09-06-2015 11:32:31 Installed DirectX
10-06-2015 12:49:43 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13524987-0041-4F6F-A078-81237AD8B1FB} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-06-10] ()
Task: {2EF831AC-101A-4656-9D3A-7441506B57E4} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-10] (Enigma Software Group USA, LLC.)
Task: {582104AC-9B6A-49C5-9D9C-1B27187FE57B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-10] (Avast Software s.r.o.)
Task: {A3D26285-3F69-4F2D-9A8F-16728582C4A0} - System32\Tasks\AVAST Software\Avast Integrity Check => C:\WINDOWS\AswCheck.exe [2015-06-10] (AVAST Software s. r. o.)
Task: {B2C5A1A0-F7A5-40C5-BF25-C899328BDEBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-09] (Google Inc.)
Task: {EFD97A77-3794-4621-8FE4-AB9962A6EDC3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-09] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-09 11:32 - 2015-05-28 01:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-06-10 12:52 - 2015-06-10 12:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-10 12:52 - 2015-06-10 12:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-10 17:49 - 2015-06-10 17:49 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061001\algo.dll
2015-06-09 11:32 - 2015-05-28 04:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-10 12:52 - 2015-06-10 12:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-09 14:39 - 2015-06-05 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 14:39 - 2015-06-05 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-09 14:39 - 2015-06-05 15:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Adrian\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3754158730-2153890883-1210738772-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 80.82.64.136 - 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "StereoLinksInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{CCD1236B-A66F-433B-BC69-91DF293F0C2A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6CBE966-9424-45C5-88CC-0A2781A6B05A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DDDDCDB5-FCAC-45D2-8FD0-A1E449E1A2A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3B3CA0A9-65FB-423F-8DE4-F65A0B27C8E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7E4C72FB-959C-451C-936E-85E43CE8C4BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06966DE9-2A1F-4F9D-BC96-A0224D2493B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CD3D6447-3A80-45E5-8AF4-ADE167B61D2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{259DBD3C-CD55-4E2A-A937-3C3586E467E7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{BAF10675-33F0-42C0-95B1-96CB9062063B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4092A7C9-9BC0-4212-B8A3-0DE599F00AA9}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9A9EA548-FB1C-4C83-BE2B-A8AD79904FB7}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2015 11:33:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

System errors:
=============
Error: (06/10/2015 06:41:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer RODRIGO-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4E5CC265-0CE6-48B1-A06F-E2F8B9665826}.
The master browser is stopping or an election is being forced.

Error: (06/10/2015 06:38:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SpyHunter 4 Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/10/2015 06:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® HD Graphics Control Panel Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/10/2015 06:38:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office:
=========================
Error: (06/09/2015 11:33:58 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

==================== Memory info ===========================

Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 27%
Total physical RAM: 8076.95 MB
Available physical RAM: 5834.58 MB
Total Pagefile: 9996.95 MB
Available Pagefile: 7343.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.48 GB) (Free:198.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:930.12 GB) NTFS
Drive e: (IRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF
Drive f: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:656.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7CCB641F)
Partition 1: (Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1C31C86A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 66F970B1)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#3
adriandallegrave

adriandallegrave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I got an error while posting this topic so I ended up creating others with the same name. I'm sorry for the inconvinience. 


  • 0

#4
adriandallegrave

adriandallegrave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Since I formated the computer once again, here goes the new txt files of FRST scan.

 

Thank you for your time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Adrian (administrator) on DALLEGRAVE-PC on 12-06-2015 18:32:01
Running from C:\Users\Adrian\Desktop\frst
Loaded Profiles: Adrian (Available Profiles: Adrian)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.co...98115343_hao_pg
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.82.64.136 8.8.8.8
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-12]
CHR Extension: (YouTube) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-12]
CHR Extension: (Google Search) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-12]
CHR Extension: (Bubble Shooter) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdlnbbnjknldpikkllanljjbnegnnei [2015-06-12]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-06-12]
CHR Extension: (Planetarium) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-06-12]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-06-12]
CHR Extension: (AdBlock) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-12]
CHR Extension: (Google Maps) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-12]
CHR Extension: (Gmail) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-12]
CHR Extension: (Writer) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2015-06-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-12 18:31 - 2015-06-12 18:32 - 00000000 ____D C:\Users\Adrian\Desktop\frst
2015-06-12 18:31 - 2015-06-12 18:32 - 00000000 ____D C:\FRST
2015-06-12 18:26 - 2015-06-12 18:31 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\uTorrent
2015-06-12 18:26 - 2015-06-12 18:26 - 01994592 _____ (BitTorrent Inc.) C:\Users\Adrian\Downloads\uTorrent.exe
2015-06-12 09:47 - 2015-06-12 09:47 - 00000000 __SHD C:\Recovery
2015-06-12 09:33 - 2015-06-12 09:33 - 00000118 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-12 08:47 - 2015-06-12 09:33 - 00000714 _____ C:\WINDOWS\PFRO.log
2015-06-12 08:47 - 2015-06-12 08:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-12 08:47 - 2015-06-12 00:51 - 00000000 ____D C:\WINDOWS\Panther
2015-06-12 04:40 - 2015-06-12 04:40 - 00007597 _____ C:\Users\Adrian\AppData\Local\Resmon.ResmonCfg
2015-06-12 04:15 - 2015-06-12 04:15 - 00002709 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msinfo32.lnk
2015-06-12 03:28 - 2015-06-12 03:28 - 00000000 ____D C:\Users\Adrian\Documents\The Witcher 3
2015-06-12 03:24 - 2015-06-12 03:24 - 00000000 ____D C:\Users\Adrian\Documents\Game of Thrones
2015-06-12 03:19 - 2015-06-12 03:19 - 00000000 ____D C:\Users\Adrian\AppData\Local\Steam
2015-06-12 03:17 - 2015-06-12 12:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-12 03:17 - 2015-06-12 03:17 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk
2015-06-12 03:17 - 2015-06-12 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-12 01:41 - 2015-06-12 17:58 - 00176537 _____ C:\Users\Adrian\Desktop\calendário inter certo.xlsx.xlsm
2015-06-12 01:41 - 2015-06-12 11:58 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-06-12 01:41 - 2015-06-12 09:33 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-06-12 01:40 - 2015-06-12 01:40 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-06-12 01:40 - 2013-08-22 09:40 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-12 01:32 - 2015-06-12 01:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 01:32 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Users\Adrian\AppData\Local\Microsoft Help
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-06-12 01:31 - 2015-06-12 01:31 - 00000000 __RHD C:\MSOCache
2015-06-12 01:19 - 2015-06-12 01:19 - 00000686 _____ C:\Users\Adrian\Desktop\downloads.lnk
2015-06-12 01:19 - 2015-06-12 01:19 - 00000657 _____ C:\Users\Adrian\Desktop\adrian.lnk
2015-06-12 01:04 - 2015-06-12 18:09 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-12 01:04 - 2015-06-12 11:58 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-12 01:04 - 2015-06-12 01:04 - 00004068 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-12 01:04 - 2015-06-12 01:04 - 00003832 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-12 01:04 - 2015-06-12 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-12 01:04 - 2015-06-12 01:04 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-12 01:03 - 2015-06-12 01:04 - 00000000 ____D C:\Users\Adrian\AppData\Local\Google
2015-06-12 01:03 - 2015-06-12 01:03 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Macromedia
2015-06-12 00:58 - 2015-06-12 00:58 - 00019634 _____ C:\WINDOWS\system32\results.xml
2015-06-12 00:58 - 2015-06-12 00:58 - 00000401 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-12 00:57 - 2015-06-12 12:45 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3400116732-2033998285-2783747925-1001
2015-06-12 00:57 - 2015-06-12 00:57 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-06-12 00:57 - 2015-06-12 00:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-12 00:57 - 2015-06-12 00:57 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-12 00:56 - 2015-06-12 00:58 - 00000000 ____D C:\Intel
2015-06-12 00:56 - 2015-06-12 00:57 - 00000000 ____D C:\Program Files\Intel
2015-06-12 00:55 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-06-12 00:54 - 2015-06-12 12:01 - 00818732 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-12 00:54 - 2015-06-12 11:57 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-12 00:54 - 2015-06-12 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-12 00:54 - 2015-06-12 00:56 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-06-12 00:54 - 2015-06-12 00:54 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA Corporation
2015-06-12 00:54 - 2015-06-12 00:54 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA
2015-06-12 00:54 - 2015-06-12 00:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-12 00:54 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-12 00:54 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-12 00:54 - 2015-05-28 01:15 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-12 00:54 - 2015-05-28 00:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-12 00:54 - 2015-05-27 07:48 - 04408727 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-06-12 00:53 - 2015-06-12 00:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-12 00:53 - 2015-06-12 00:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-12 00:53 - 2015-06-12 00:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-12 00:53 - 2015-06-12 00:53 - 00000000 ____D C:\NVIDIA
2015-06-12 00:53 - 2015-05-28 04:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00117576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00052880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00039056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-12 00:52 - 2015-06-12 12:45 - 00000000 ___RD C:\Users\Adrian\SkyDrive
2015-06-12 00:51 - 2015-06-12 12:14 - 00053658 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-12 00:51 - 2015-06-12 01:14 - 00000000 ____D C:\Users\Adrian\AppData\Local\Packages
2015-06-12 00:51 - 2015-06-12 00:58 - 00000000 ____D C:\Users\Adrian\AppData\Local\VirtualStore
2015-06-12 00:51 - 2015-06-12 00:51 - 00001446 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-12 00:51 - 2015-06-12 00:51 - 00000000 ____D C:\WINDOWS\CSC
2015-06-12 00:51 - 2015-06-12 00:51 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Adobe
2015-06-12 00:51 - 2013-08-22 02:17 - 02407936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-12 00:50 - 2015-06-12 00:58 - 00000000 ____D C:\Users\Adrian
2015-06-12 00:50 - 2015-06-12 00:50 - 00000020 ___SH C:\Users\Adrian\ntuser.ini
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-29 15:49 - 2015-05-29 15:49 - 24846712 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 24048456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17804608 _____ C:\WINDOWS\system32\igd11dxva64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17329224 _____ C:\WINDOWS\SysWOW64\igd11dxva32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 15981056 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 10851840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09528320 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09422928 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 08631888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 07500800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 06725162 _____ C:\WINDOWS\system32\igdclbif.bin
2015-05-29 15:49 - 2015-05-29 15:49 - 06160424 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 04892088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 04851848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03584512 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03318272 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02944648 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 02813952 _____ C:\WINDOWS\system32\iglhxa64.cpa
2015-05-29 15:49 - 2015-05-29 15:49 - 02776408 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02039296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01540904 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01513304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01402336 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01399240 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01371136 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01196336 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01131008 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01063936 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01036392 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01032808 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01014368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00698880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00671328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00641530 _____ C:\WINDOWS\system32\FilmModeDetection.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00623616 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00616280 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00472168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00460048 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 00448104 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00424960 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00403671 _____ C:\WINDOWS\system32\ImageStabilization.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00392296 _____ C:\WINDOWS\system32\igfxTray.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00385024 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00375173 _____ C:\WINDOWS\system32\ColorImageEnhancement.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00373760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00372224 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00354136 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00344168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338536 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338024 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00313448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00304128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00282696 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00279144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00274776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00263120 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00256000 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-05-29 15:49 - 2015-05-29 15:49 - 00248424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00229888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00220432 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00218728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00213504 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00213192 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00196704 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00192000 _____ C:\WINDOWS\system32\igdde64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00184352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00183296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4222.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00179200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00178672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00169984 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00156264 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00153088 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00152064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00135000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00127320 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00094208 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00073728 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00060416 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00044025 _____ C:\WINDOWS\system32\iglhxo64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043816 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043494 _____ C:\WINDOWS\system32\iglhxc64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043298 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043256 _____ C:\WINDOWS\system32\iglhxg64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00042079 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00036616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00035328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00004008 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00001125 _____ C:\WINDOWS\system32\iglhxa64.vp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-12 17:00 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-12 11:57 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-12 09:49 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-12 09:47 - 2013-08-22 12:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-12 09:47 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-06-12 09:33 - 2013-08-22 11:44 - 00409848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-12 08:47 - 2013-08-22 12:37 - 00001720 _____ C:\WINDOWS\DtcInstall.log
2015-06-12 04:41 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-12 01:34 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-12 01:32 - 2013-08-22 16:11 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-12 01:14 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-12 00:57 - 2013-08-22 11:46 - 00016135 _____ C:\WINDOWS\setupact.log
2015-06-12 00:54 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-06-12 00:54 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Camera
 
==================== Files in the root of some directories =======
 
2015-06-12 04:40 - 2015-06-12 04:40 - 0007597 _____ () C:\Users\Adrian\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-12 08:47
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Adrian at 2015-06-12 18:32:15
Running from C:\Users\Adrian\Desktop\frst
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3400116732-2033998285-2783747925-500 - Administrator - Disabled)
Adrian (S-1-5-21-3400116732-2033998285-2783747925-1001 - Administrator - Enabled) => C:\Users\Adrian
Guest (S-1-5-21-3400116732-2033998285-2783747925-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Game of Thrones  (HKLM-x32\...\Steam App 208730) (Version:  - Cyanide Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Two Worlds II (HKLM-x32\...\Steam App 7520) (Version:  - Reality Pump Studios)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3400116732-2033998285-2783747925-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
12-06-2015 00:54:59 Installed DirectX
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03EAB7A5-E243-4773-A3B9-5880A094505B} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {1CA8609E-58D1-42BB-8F58-6D70C08BE3C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {48D573F6-1290-4B13-91E8-8B1380996D02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {4ADBD9D3-EC2E-443D-A027-82E5FC877451} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5688CAED-C607-4B5D-BCC2-2E7AB6C7ACA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {DF9B50A2-C612-44AE-B066-6D24B812B4FB} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-06-12] ()
Task: {FE202C94-B1E8-4624-B8D8-09FB0ABF0916} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-12 00:54 - 2015-05-28 01:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-12 01:04 - 2015-06-05 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-12 01:04 - 2015-06-05 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-12 03:19 - 2015-04-16 14:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-12 03:19 - 2015-04-22 23:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-12 03:19 - 2015-06-04 15:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-12 03:19 - 2015-04-22 23:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-12 03:19 - 2015-04-22 23:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-12 03:19 - 2014-12-01 18:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-12 03:19 - 2014-12-01 18:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-12 03:19 - 2014-12-01 18:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-12 03:19 - 2014-12-01 18:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-12 03:19 - 2014-12-01 18:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-12 03:19 - 2015-06-04 15:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-06-12 03:19 - 2015-05-11 16:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-06-12 03:19 - 2015-05-11 16:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll
2015-06-12 01:04 - 2015-06-05 15:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Adrian\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 80.82.64.136 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{77F72464-78B3-48B0-B0F2-0F363AC17787}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89BD8F87-F23E-4E7E-88A8-BDE83A4C9B3F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7FF0D0F4-4780-44A1-A184-1CE2ED4353A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{06D7F422-37F6-4E90-B842-2F1B122118AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0CAE9F5F-481F-4AB6-BD29-B26780178D2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4957CD0-8D70-46CE-B393-3731B5F88E73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{01313BE6-25B0-4663-A2C9-106CB08069BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{04591195-6F56-4242-98B6-E62B69732F72}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{565DBDBA-97A1-4889-96F1-8FB6B6DC8EEA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75351BB4-B052-4BDF-9291-C29B4519BC50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{510360FF-CAEF-432A-8481-E90AA338A25D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8CF9B0CD-4C61-4C72-9281-E1487FBDEE3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{3D70B7CD-E352-4AE0-8A2F-0DD657757C63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{A7E21DAD-CD27-4504-B96E-108810533BD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Binaries\Win32\ShippingPC-AGOTGame.exe
FirewallRules: [{DB4EA62F-7C4A-4033-99EC-FE9F5114271B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Binaries\Win32\ShippingPC-AGOTGame.exe
FirewallRules: [{21AF6423-DA38-406B-A279-34A3D6C32A3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{D343044C-7D4A-43A5-A562-2AD6E062F643}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{D75A6A9C-2306-44D4-9D91-74E350F525B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{B08123F4-3B1D-49AD-8AFA-8DB86C8F96E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{9F8778C7-F077-4691-AF46-B1FBD3223452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{3610E05C-5ED6-4E26-B2A3-1CEEDD234349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{2B197FA2-29A3-4BBB-9DD6-7B241CEA48F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{46D94CB5-A327-4714-9F06-A37554696CFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{0562E78A-6724-4111-BA25-3090E2996E2A}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67270994-E78E-4C83-AF8F-D00E62F0E556}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/12/2015 00:59:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.16384, time stamp: 0x5215d379
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.16384, time stamp: 0x5215e763
Exception code: 0xc000027b
Fault offset: 0x0000000000a44362
Faulting process id: 0xae4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (06/12/2015 00:59:36 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
 
System errors:
=============
Error: (06/12/2015 03:19:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (06/12/2015 03:19:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (06/12/2015 00:58:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® Content Protection HECI Service service terminated with the following error: 
%%2147942659
 
Error: (06/12/2015 00:57:51 AM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (06/12/2015 00:51:58 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (06/12/2015 08:47:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error: 
%%21
 
Error: (06/12/2015 08:47:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error: 
%%1058
 
Error: (06/12/2015 08:47:31 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
 
Microsoft Office:
=========================
Error: (06/12/2015 00:59:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.163845215d379Windows.UI.Xaml.dll6.3.9600.163845215e763c000027b0000000000a44362ae401d0a4c40d7b4da7C:\WINDOWS\Explorer.EXEC:\Windows\System32\Windows.UI.Xaml.dll7068009f-10b7-11e5-8250-74d435e68c45
 
Error: (06/12/2015 00:59:36 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 34%
Total physical RAM: 8076.95 MB
Available physical RAM: 5322.99 MB
Total Pagefile: 9996.95 MB
Available Pagefile: 6872.1 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.48 GB) (Free:107.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:777.98 GB) NTFS
Drive e: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:658.49 GB) NTFS
Drive f: (IRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7CCB641F)
Partition 1: (Active) - (Size=223.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1C31C86A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 66F970B1)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#5
adriandallegrave

adriandallegrave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

This is a picture of the ads that appear on chrome. They are blocked by Adblock but they don't go away.

Attached Thumbnails

  • Capture.JPG

  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Very sorry that it's taken so long for a reply. Often we get very busy and this is one of those times.

 

Do you still require help? If so, I do have time and desire :)


  • 0

#7
adriandallegrave

adriandallegrave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hello! Yes I still need help. I tried other softwares to remove malware but nothing worked since. As soon as I get home I will scan the computer once again and send you the log.

 

Thank you very much.


  • 0

#8
adriandallegrave

adriandallegrave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

By the way when I tried to open the topic here to ask for help I got error messages so I ended up creating many topics. WHen the admins closed the others they posted that this one below was the right one. So I ended up posting new info there although I didn't get any help until now.

 

http://www.geekstogo...reformating-pc/

 

Thanks again.


  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, then I'll close this one and we'll work from that topic :)


  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I actually Merged the topics and we'll go from here.

 

No need to scan or post anything until I've looked at what you given me up to now unless you've made significant changes.


  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

It is extremely likely that your re-infection issues are coming from your use of P2P software, specifically uTorrent. Have a read of my canned speech for P2P Software and please uninstall it at least until we are done cleaning your machine.

 

warning.gif P2P warning!
 

  •     uTorrent

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

Also, would you run FRST again so that I can see a fresh scan after uTorrent is gone. Just like you did before. Thank you!! :)


  • 0

#12
adriandallegrave

adriandallegrave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hi. After formating the OS I didn't install uTorrent nor any software downloaded from any torrent before getting the malware again. Here are the logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Adrian (administrator) on DALLEGRAVE-PC on 16-06-2015 17:29:21
Running from C:\Users\Adrian\Desktop\frst
Loaded Profiles: Adrian (Available Profiles: Adrian)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\MountPoints2: {f0fd195e-1240-11e5-8253-74d435e68c45} - "G:\autorun.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.co...98115343_hao_pg
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft 
 
Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] 
 
(Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-12] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-12]
CHR Extension: (YouTube) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-12]
CHR Extension: (Adblock Plus) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-14]
CHR Extension: (Google Search) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-12]
CHR Extension: (Bubble Shooter) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdlnbbnjknldpikkllanljjbnegnnei [2015-06-12]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-06-
 
12]
CHR Extension: (Planetarium) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2015-06-12]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-12]
CHR Extension: (Google Maps) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-12]
CHR Extension: (Gmail) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-12]
CHR Extension: (Writer) - C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2015-06-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-29] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-06-14] (DT Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-16 12:10 - 2015-06-16 12:10 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-06-16 12:05 - 2015-06-16 12:05 - 00000000 ____D C:\Users\Adrian\Documents\KONAMI
2015-06-16 11:46 - 2015-06-16 11:46 - 00000000 ____D C:\ProgramData\KONAMI
2015-06-16 11:46 - 2015-06-16 11:46 - 00000000 ____D C:\Program Files (x86)\KONAMI
2015-06-16 09:25 - 2015-06-16 09:25 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\WinRAR
2015-06-16 09:25 - 2015-06-16 09:25 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-16 09:25 - 2015-06-16 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-16 09:25 - 2015-06-16 09:25 - 00000000 ____D C:\Program Files\WinRAR
2015-06-15 19:38 - 2015-06-16 11:47 - 00000090 _____ C:\Users\Adrian\Desktop\pes 2013 serials.txt
2015-06-15 19:14 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2015-06-15 19:13 - 2015-06-15 19:13 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-06-15 19:13 - 2015-06-15 19:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-15 19:12 - 2015-06-15 19:12 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\NVIDIA
2015-06-15 19:12 - 2015-06-15 19:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-06-15 19:12 - 2015-06-15 19:12 - 00000000 ____D C:\Program Files\MSBuild
2015-06-15 19:12 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2015-06-15 19:12 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2015-06-15 19:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-06-15 19:12 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2015-06-15 19:12 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2015-06-15 19:12 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2015-06-15 19:12 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2015-06-15 19:12 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2015-06-15 19:12 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2015-06-15 19:12 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2015-06-15 19:12 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2015-06-15 19:12 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2015-06-15 19:12 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2015-06-15 19:12 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2015-06-15 19:12 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2015-06-15 19:12 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-06-15 19:12 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2015-06-15 19:12 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2015-06-15 19:12 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2015-06-15 19:12 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2015-06-15 19:12 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2015-06-15 19:12 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2015-06-15 19:12 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2015-06-15 19:12 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2015-06-15 19:12 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2015-06-15 19:12 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2015-06-15 19:12 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2015-06-15 19:12 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2015-06-15 19:12 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2015-06-15 19:12 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2015-06-15 19:12 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2015-06-15 19:12 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2015-06-15 19:12 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2015-06-15 19:12 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2015-06-15 19:12 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2015-06-15 19:12 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2015-06-15 19:12 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2015-06-15 19:12 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2015-06-15 19:12 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2015-06-15 19:12 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2015-06-15 19:12 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2015-06-15 19:12 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2015-06-15 19:12 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2015-06-15 19:12 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2015-06-15 19:12 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2015-06-15 19:12 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2015-06-15 19:12 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2015-06-15 19:12 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2015-06-15 19:12 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2015-06-15 19:12 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2015-06-15 19:12 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2015-06-15 19:11 - 2013-08-03 01:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-06-15 19:11 - 2013-08-03 01:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-15 19:11 - 2013-08-03 01:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-06-15 19:11 - 2013-08-03 01:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-06-15 19:11 - 2013-08-03 01:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-15 19:11 - 2013-08-03 01:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-06-15 19:09 - 2015-06-15 19:14 - 00046301 _____ C:\WINDOWS\DirectX.log
2015-06-15 19:09 - 2015-06-15 19:09 - 00000175 _____ C:\WINDOWS\DXError.log
2015-06-15 19:09 - 2015-06-15 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-06-15 19:09 - 2015-06-15 19:09 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2015-06-14 15:39 - 2015-06-16 17:25 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 15:38 - 2015-06-14 15:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-14 15:38 - 2015-06-14 15:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-14 15:38 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-14 15:38 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-14 15:38 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-14 13:25 - 2015-06-14 13:25 - 00001175 _____ C:\Users\Adrian\Desktop\Enforcer Police Crime Action.lnk
2015-06-14 13:25 - 2015-06-14 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enforcer Police Crime Action
2015-06-14 13:24 - 2015-06-14 13:24 - 00283200 _____ (DT Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2015-06-14 13:24 - 2015-06-14 13:24 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite
2015-06-14 13:24 - 2015-06-14 13:24 - 00000000 ____D C:\Program Files (x86)\Enforcer Police Crime Action
2015-06-14 13:24 - 2015-06-14 13:24 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2015-06-14 13:23 - 2015-06-14 13:24 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-06-12 18:31 - 2015-06-16 17:29 - 00000000 ____D C:\Users\Adrian\Desktop\frst
2015-06-12 18:31 - 2015-06-16 17:29 - 00000000 ____D C:\FRST
2015-06-12 09:47 - 2015-06-12 09:47 - 00000000 __SHD C:\Recovery
2015-06-12 09:33 - 2015-06-12 09:33 - 00000118 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-12 08:47 - 2015-06-16 07:59 - 00003900 _____ C:\WINDOWS\PFRO.log
2015-06-12 08:47 - 2015-06-12 08:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-06-12 08:47 - 2015-06-12 00:51 - 00000000 ____D C:\WINDOWS\Panther
2015-06-12 04:40 - 2015-06-12 04:40 - 00007597 _____ C:\Users\Adrian\AppData\Local\Resmon.ResmonCfg
2015-06-12 04:15 - 2015-06-12 04:15 - 00002709 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msinfo32.lnk
2015-06-12 03:28 - 2015-06-15 19:16 - 00000000 ____D C:\Users\Adrian\Documents\The Witcher 3
2015-06-12 03:24 - 2015-06-12 03:24 - 00000000 ____D C:\Users\Adrian\Documents\Game of Thrones
2015-06-12 03:19 - 2015-06-12 03:19 - 00000000 ____D C:\Users\Adrian\AppData\Local\Steam
2015-06-12 03:17 - 2015-06-16 12:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-12 03:17 - 2015-06-12 03:17 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk
2015-06-12 03:17 - 2015-06-12 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-12 01:41 - 2015-06-16 17:26 - 00003758 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-06-12 01:41 - 2015-06-14 23:48 - 00176411 _____ C:\Users\Adrian\Desktop\calendário inter certo.xlsx.xlsm
2015-06-12 01:41 - 2015-06-12 09:33 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-06-12 01:40 - 2015-06-12 01:40 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-06-12 01:40 - 2013-08-22 09:40 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-06-12 01:34 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-12 01:32 - 2015-06-12 01:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 01:32 - 2015-06-12 01:34 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Users\Adrian\AppData\Local\Microsoft Help
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-12 01:32 - 2015-06-12 01:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-06-12 01:31 - 2015-06-12 01:31 - 00000000 __RHD C:\MSOCache
2015-06-12 01:19 - 2015-06-12 01:19 - 00000686 _____ C:\Users\Adrian\Desktop\downloads.lnk
2015-06-12 01:19 - 2015-06-12 01:19 - 00000657 _____ C:\Users\Adrian\Desktop\adrian.lnk
2015-06-12 01:04 - 2015-06-16 17:25 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-12 01:04 - 2015-06-16 12:09 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-12 01:04 - 2015-06-12 01:04 - 00004068 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-12 01:04 - 2015-06-12 01:04 - 00003832 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-12 01:04 - 2015-06-12 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-12 01:04 - 2015-06-12 01:04 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-12 01:03 - 2015-06-12 01:04 - 00000000 ____D C:\Users\Adrian\AppData\Local\Google
2015-06-12 01:03 - 2015-06-12 01:03 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Macromedia
2015-06-12 00:58 - 2015-06-12 00:58 - 00019634 _____ C:\WINDOWS\system32\results.xml
2015-06-12 00:58 - 2015-06-12 00:58 - 00000401 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-06-12 00:57 - 2015-06-15 20:51 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3400116732-2033998285-2783747925-1001
2015-06-12 00:57 - 2015-06-15 19:12 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-12 00:57 - 2015-06-12 00:57 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-06-12 00:57 - 2015-06-12 00:57 - 00000000 ____D C:\Program Files (x86)\Intel
2015-06-12 00:56 - 2015-06-12 00:58 - 00000000 ____D C:\Intel
2015-06-12 00:56 - 2015-06-12 00:57 - 00000000 ____D C:\Program Files\Intel
2015-06-12 00:55 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-06-12 00:55 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-06-12 00:54 - 2015-06-16 17:25 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-12 00:54 - 2015-06-16 09:23 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-12 00:54 - 2015-06-12 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-12 00:54 - 2015-06-12 00:54 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA Corporation
2015-06-12 00:54 - 2015-06-12 00:54 - 00000000 ____D C:\Users\Adrian\AppData\Local\NVIDIA
2015-06-12 00:54 - 2015-06-12 00:54 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-12 00:54 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-06-12 00:54 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01571696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01320304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 06872904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 03491984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-06-12 00:54 - 2015-05-28 01:15 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-06-12 00:54 - 2015-05-28 01:15 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-06-12 00:54 - 2015-05-28 00:52 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-06-12 00:54 - 2015-05-27 07:48 - 04408727 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-06-12 00:53 - 2015-06-12 00:54 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-12 00:53 - 2015-06-12 00:54 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-12 00:53 - 2015-06-12 00:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-12 00:53 - 2015-06-12 00:53 - 00000000 ____D C:\NVIDIA
2015-06-12 00:53 - 2015-05-28 04:04 - 42719888 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 37741712 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 30480528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 22946960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 17486856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 16185352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 15864064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 14987528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 14495448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 13304280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 12852152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 11830512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 10995528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 03379680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 02986392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435306.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435306.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 01050440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00982856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00878816 _____ C:\WINDOWS\system32\nvmcumd.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00407112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00117576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00052880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00048784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00039056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-06-12 00:53 - 2015-05-28 04:04 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-06-12 00:53 - 2015-05-28 04:04 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-06-12 00:52 - 2015-06-16 17:25 - 00000000 ___RD C:\Users\Adrian\SkyDrive
2015-06-12 00:51 - 2015-06-16 17:28 - 00569264 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-12 00:51 - 2015-06-14 16:27 - 00000000 ____D C:\Users\Adrian\AppData\Local\Packages
2015-06-12 00:51 - 2015-06-14 13:27 - 00000000 ____D C:\Users\Adrian\AppData\Local\VirtualStore
2015-06-12 00:51 - 2015-06-12 00:51 - 00001446 _____ C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-12 00:51 - 2015-06-12 00:51 - 00000000 ____D C:\WINDOWS\CSC
2015-06-12 00:51 - 2015-06-12 00:51 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Adobe
2015-06-12 00:51 - 2013-08-22 02:17 - 02407936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-12 00:50 - 2015-06-12 00:58 - 00000000 ____D C:\Users\Adrian
2015-06-12 00:50 - 2015-06-12 00:50 - 00000020 ___SH C:\Users\Adrian\ntuser.ini
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ___RD C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-12 00:50 - 2013-08-22 12:36 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-29 15:49 - 2015-05-29 15:49 - 24846712 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 24048456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17804608 _____ C:\WINDOWS\system32\igd11dxva64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 17329224 _____ C:\WINDOWS\SysWOW64\igd11dxva32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 15981056 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 10851840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09528320 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 09422928 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 08631888 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 07500800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 06725162 _____ C:\WINDOWS\system32\igdclbif.bin
2015-05-29 15:49 - 2015-05-29 15:49 - 06160424 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 04892088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 04851848 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03584512 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 03318272 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02944648 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 02813952 _____ C:\WINDOWS\system32\iglhxa64.cpa
2015-05-29 15:49 - 2015-05-29 15:49 - 02776408 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 02039296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01540904 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01513304 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01402336 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01399240 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01371136 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01196336 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01131008 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01063936 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 01036392 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01032808 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 01014368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00698880 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00671328 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00641530 _____ C:\WINDOWS\system32\FilmModeDetection.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00623616 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00616280 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00472168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00460048 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2015-05-29 15:49 - 2015-05-29 15:49 - 00448104 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00424960 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00403671 _____ C:\WINDOWS\system32\ImageStabilization.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00392296 _____ C:\WINDOWS\system32\igfxTray.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00385024 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00375173 _____ C:\WINDOWS\system32\ColorImageEnhancement.wmv
2015-05-29 15:49 - 2015-05-29 15:49 - 00373760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00372224 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00354136 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00344168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338536 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00338024 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00313448 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00304128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00286208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00282696 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00279144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00274776 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00263120 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00256000 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-05-29 15:49 - 2015-05-29 15:49 - 00248424 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00229888 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00220432 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00218728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00213504 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00213192 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00196704 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00192000 _____ C:\WINDOWS\system32\igdde64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00184352 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00183296 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4222.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00179200 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00178672 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00169984 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00156264 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-05-29 15:49 - 2015-05-29 15:49 - 00153088 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00152064 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00135000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00127320 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00094208 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00073728 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00060416 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00044025 _____ C:\WINDOWS\system32\iglhxo64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043816 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043494 _____ C:\WINDOWS\system32\iglhxc64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043298 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00043256 _____ C:\WINDOWS\system32\iglhxg64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00042079 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00036616 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00035328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-05-29 15:49 - 2015-05-29 15:49 - 00004008 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-05-29 15:49 - 2015-05-29 15:49 - 00001125 _____ C:\WINDOWS\system32\iglhxa64.vp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-16 17:25 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-16 12:00 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-16 09:05 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-15 19:13 - 2013-08-22 12:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-15 02:15 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 16:31 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-14 15:44 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Vss
2015-06-12 09:47 - 2013-08-22 12:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-06-12 09:47 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-06-12 09:33 - 2013-08-22 11:44 - 00409848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-12 08:47 - 2013-08-22 12:37 - 00001720 _____ C:\WINDOWS\DtcInstall.log
2015-06-12 04:41 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-12 01:34 - 2013-08-22 12:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-12 01:32 - 2013-08-22 16:11 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-12 00:57 - 2013-08-22 11:46 - 00016135 _____ C:\WINDOWS\setupact.log
2015-06-12 00:54 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\system32\restore
2015-06-12 00:54 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Help
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\FileManager
2015-06-12 00:51 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\Camera
 
==================== Files in the root of some directories =======
 
2015-06-12 04:40 - 2015-06-12 04:40 - 0007597 _____ () C:\Users\Adrian\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-12 08:47
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Adrian at 2015-06-16 17:29:33
Running from C:\Users\Adrian\Desktop\frst
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3400116732-2033998285-2783747925-500 - Administrator - Disabled)
Adrian (S-1-5-21-3400116732-2033998285-2783747925-1001 - Administrator - Enabled) => C:\Users\Adrian
Guest (S-1-5-21-3400116732-2033998285-2783747925-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Enforcer Police Crime Action (HKLM-x32\...\Enforcer Police Crime Action_is1) (Version:  - )
Game of Thrones  (HKLM-x32\...\Steam App 208730) (Version:  - Cyanide Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4222 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pro Evolution Soccer 2013 (HKLM-x32\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
Two Worlds II (HKLM-x32\...\Steam App 7520) (Version:  - Reality Pump Studios)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3400116732-2033998285-2783747925-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel 
 
Corporation)
 
==================== Restore Points =========================
 
12-06-2015 00:54:59 Installed DirectX
15-06-2015 19:09:16 Installed DirectX
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03EAB7A5-E243-4773-A3B9-5880A094505B} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {1CA8609E-58D1-42BB-8F58-6D70C08BE3C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-
 
01] (Microsoft Corporation)
Task: {48D573F6-1290-4B13-91E8-8B1380996D02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {4ADBD9D3-EC2E-443D-A027-82E5FC877451} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared
 
\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5688CAED-C607-4B5D-BCC2-2E7AB6C7ACA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {9DC87FD1-B248-4B56-9D91-4C858EB8A909} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-06-12] ()
Task: {FE202C94-B1E8-4624-B8D8-09FB0ABF0916} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] 
 
(Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-12 00:54 - 2015-05-28 01:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-12 00:54 - 2015-05-28 04:04 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-12 01:04 - 2015-06-05 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-12 01:04 - 2015-06-05 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2015-06-12 01:04 - 2015-06-05 15:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Adrian\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 89.248.171.33 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3400116732-2033998285-2783747925-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{77F72464-78B3-48B0-B0F2-0F363AC17787}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89BD8F87-F23E-4E7E-88A8-BDE83A4C9B3F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7FF0D0F4-4780-44A1-A184-1CE2ED4353A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{06D7F422-37F6-4E90-B842-2F1B122118AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0CAE9F5F-481F-4AB6-BD29-B26780178D2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4957CD0-8D70-46CE-B393-3731B5F88E73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{01313BE6-25B0-4663-A2C9-106CB08069BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{04591195-6F56-4242-98B6-E62B69732F72}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{565DBDBA-97A1-4889-96F1-8FB6B6DC8EEA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{75351BB4-B052-4BDF-9291-C29B4519BC50}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{510360FF-CAEF-432A-8481-E90AA338A25D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8CF9B0CD-4C61-4C72-9281-E1487FBDEE3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{3D70B7CD-E352-4AE0-8A2F-0DD657757C63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{A7E21DAD-CD27-4504-B96E-108810533BD8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Binaries\Win32\ShippingPC-AGOTGame.exe
FirewallRules: [{DB4EA62F-7C4A-4033-99EC-FE9F5114271B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game of Thrones\Binaries\Win32\ShippingPC-AGOTGame.exe
FirewallRules: [{21AF6423-DA38-406B-A279-34A3D6C32A3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{D343044C-7D4A-43A5-A562-2AD6E062F643}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{D75A6A9C-2306-44D4-9D91-74E350F525B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{B08123F4-3B1D-49AD-8AFA-8DB86C8F96E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2.exe
FirewallRules: [{9F8778C7-F077-4691-AF46-B1FBD3223452}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{3610E05C-5ED6-4E26-B2A3-1CEEDD234349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe
FirewallRules: [{2B197FA2-29A3-4BBB-9DD6-7B241CEA48F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{46D94CB5-A327-4714-9F06-A37554696CFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2015 00:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PES2013.exe, version: 1.3.0.0, time stamp: 0x50b536fe
Faulting module name: kload.DLL, version: 13.3.3.1, time stamp: 0x514c37f9
Exception code: 0xc0000417
Fault offset: 0x0000d2c1
Faulting process id: 0x948
Faulting application start time: 0xPES2013.exe0
Faulting application path: PES2013.exe1
Faulting module path: PES2013.exe2
Report Id: PES2013.exe3
Faulting package full name: PES2013.exe4
Faulting package-relative application ID: PES2013.exe5
 
Error: (06/16/2015 00:09:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Para Jogar CLIQUE AQUI.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is 
 
available, check the problem history in the Action Center control panel.
 
Process ID: 1604
 
Start Time: 01d0a846734d1e54
 
Termination Time: 1
 
Application Path: C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Para Jogar CLIQUE AQUI.exe
 
Report Id: ba31d5a2-1439-11e5-8258-74d435e68c45
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/16/2015 00:09:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pes2013.exe, version: 1.3.0.0, time stamp: 0x50b536fe
Faulting module name: kload.DLL, version: 13.3.3.1, time stamp: 0x514c37f9
Exception code: 0xc0000417
Fault offset: 0x0000d2c1
Faulting process id: 0xec8
Faulting application start time: 0xpes2013.exe0
Faulting application path: pes2013.exe1
Faulting module path: pes2013.exe2
Report Id: pes2013.exe3
Faulting package full name: pes2013.exe4
Faulting package-relative application ID: pes2013.exe5
 
Error: (06/16/2015 00:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pes2013.exe, version: 1.3.0.0, time stamp: 0x50b536fe
Faulting module name: kload.DLL, version: 13.3.3.1, time stamp: 0x514c37f9
Exception code: 0xc0000417
Fault offset: 0x0000d2c1
Faulting process id: 0x740
Faulting application start time: 0xpes2013.exe0
Faulting application path: pes2013.exe1
Faulting module path: pes2013.exe2
Report Id: pes2013.exe3
Faulting package full name: pes2013.exe4
Faulting package-relative application ID: pes2013.exe5
 
Error: (06/15/2015 08:10:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program s5753.exe version 3.1.40.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the 
 
problem history in the Action Center control panel.
 
Process ID: 960
 
Start Time: 01d0a7c031a72c24
 
Termination Time: 4294967295
 
Application Path: C:\Users\Adrian\AppData\Local\Temp\n5753\s5753.exe
 
Report Id: a935f85d-13b3-11e5-8257-74d435e68c45
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/12/2015 00:59:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.16384, time stamp: 0x5215d379
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.16384, time stamp: 0x5215e763
Exception code: 0xc000027b
Fault offset: 0x0000000000a44362
Faulting process id: 0xae4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (06/12/2015 00:59:36 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
 
System errors:
=============
Error: (06/15/2015 02:15:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
Error: (06/14/2015 11:48:41 PM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
Error: (06/14/2015 11:48:41 PM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
Error: (06/14/2015 11:48:41 PM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
Error: (06/14/2015 11:48:41 PM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
Error: (06/14/2015 11:48:41 PM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
Error: (06/14/2015 11:48:41 PM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
Error: (06/14/2015 04:23:00 PM) (Source: DCOM) (EventID: 10016) (User: DALLEGRAVE-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Dallegrave-PCAdrianS-1-5-21-3400116732-2033998285-
 
2783747925-1001LocalHost (Using LRPC)59091GameDesignStudio.45694AB2C8281_1.0.1.3_neutral__hke3ffja2n6hyS-1-15-2-3070179306-3960559548-736485165-2308287623-1807694844-
 
436309081-694375964
 
Error: (06/13/2015 01:58:24 AM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
Error: (06/13/2015 01:58:24 AM) (Source: DCOM) (EventID: 10010) (User: DALLEGRAVE-PC)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}
 
 
Microsoft Office:
=========================
Error: (06/16/2015 00:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PES2013.exe1.3.0.050b536fekload.DLL13.3.3.1514c37f9c00004170000d2c194801d0a846a6b67963C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\PES2013.exeC:
 
\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Patch Bmpes\kload.DLLe465ae47-1439-11e5-8258-74d435e68c45
 
Error: (06/16/2015 00:09:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Para Jogar CLIQUE AQUI.exe1.0.0.0160401d0a846734d1e541C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Para Jogar CLIQUE AQUI.exeba31d5a2-1439-11e5-8258-
 
74d435e68c45
 
Error: (06/16/2015 00:09:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pes2013.exe1.3.0.050b536fekload.DLL13.3.3.1514c37f9c00004170000d2c1ec801d0a84678e8fe70C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exeC:
 
\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Patch Bmpes\kload.DLLb6972a6b-1439-11e5-8258-74d435e68c45
 
Error: (06/16/2015 00:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pes2013.exe1.3.0.050b536fekload.DLL13.3.3.1514c37f9c00004170000d2c174001d0a8467193f29dC:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\pes2013.exeC:
 
\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Patch Bmpes\kload.DLLaf4baea7-1439-11e5-8258-74d435e68c45
 
Error: (06/15/2015 08:10:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: s5753.exe3.1.40.096001d0a7c031a72c244294967295C:\Users\Adrian\AppData\Local\Temp\n5753\s5753.exea935f85d-13b3-11e5-8257-74d435e68c45
 
Error: (06/12/2015 00:59:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.163845215d379Windows.UI.Xaml.dll6.3.9600.163845215e763c000027b0000000000a44362ae401d0a4c40d7b4da7C:\WINDOWS\Explorer.EXEC:\Windows
 
\System32\Windows.UI.Xaml.dll7068009f-10b7-11e5-8250-74d435e68c45
 
Error: (06/12/2015 00:59:36 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 27%
Total physical RAM: 8076.95 MB
Available physical RAM: 5874.03 MB
Total Pagefile: 9996.95 MB
Available Pagefile: 7404.69 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.48 GB) (Free:84.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:745.78 GB) NTFS
Drive e: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:635.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7CCB641F)
Partition 1: (Active) - (Size=223.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1C31C86A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 66F970B1)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Please perform the following, post the scans and let me know how the computer is working.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

     
    createsrpoint;
    chrdefaults;
    iedefaults'
    FFdefaults;
    fakechrprofiles;delete
    shortcutfix;
    autoclean;
    resethosts;
    emptyalltemp;
     
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)


Post its content into your next reply.

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
  •  
    Please include the contents of that file in your reply.
     
    JRTbythisisu.png Fix with Junkware Removal Tool
     
    Please download JRT by Thisisu and save the file to your desktop.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
     
    • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
  •  
    Please include the contents of that file in your reply.
     
    Do not forget to re-enable your previously switched off protection software!
    Please also manually reboot your machine after this procedure.

     

     

     


    • 0

    #14
    adriandallegrave

    adriandallegrave

      Member

    • Topic Starter
    • Member
    • PipPip
    • 29 posts
    I have some news regarding this malware. Yesterday my friend's computer got infected too. The last time I formated the PC (June 11th if not mistaken) I was still afraid that my flash drive could be infected. So after formatting he connected his PC to mine using the same network. He downloaded and sent to me the drivers of my processor and videocard and disconected right after. Nothing else was passed through one computer or the other. The virus behaves the same way in both computers.
     
    Anyway, here goes the logs asked:
     
     
     
    Zoek.exe v5.0.0.0 Updated 04-May-2015
    Tool run by Adrian on 18/06/2015 at  9:37:49,91.
    Microsoft Windows 8.1 Pro 6.3.9600  x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Adrian\Desktop\zoek.exe [Scan all users] [Script inserted] 
     
    ==== System Restore Info ======================
     
    18/06/2015 09:40:19 Zoek.exe System Restore Point Created Successfully.
     
    ==== Reset Hosts File ======================
     
    # Copyright © 1993-2006 Microsoft Corp. 
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
    # This file contains the mappings of IP addresses to host names. Each 
    # entry should be kept on an individual line. The IP address should 
    # be placed in the first column followed by the corresponding host name. 
    # The IP address and the host name should be separated by at least one 
    # space. 
    # Additionally, comments (such as these) may be inserted on individual 
    # lines or following the machine name denoted by a '#' symbol. 
    # For example: 
    #      102.54.94.97     rhino.acme.com          # source server 
    #       38.25.63.10     x.acme.com              # x client host 
     
    127.0.0.1       localhost 
     
    ==== Empty Folders Check ======================
     
    C:\PROGRA~2\MSXML 4.0 deleted successfully
     
    ==== Deleting CLSID Registry Keys ======================
     
     
    ==== Deleting CLSID Registry Values ======================
     
     
    ==== Deleting Services ======================
     
     
    ==== Deleting Files \ Folders ======================
     
    C:\PROGRA~2\Enforcer Police Crime Action deleted
    C:\PROGRA~3\Package Cache deleted
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
    C:\windows\SysNative\GroupPolicy\Machine deleted
    C:\windows\SysNative\GroupPolicy\User deleted
    C:\windows\SysNative\GroupPolicy\gpt.ini deleted
     
    ==== Chromium Look ======================
     
    Google Chrome Version: 43.0.2357.124
     
     
    Bubble Shooter - Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdlnbbnjknldpikkllanljjbnegnnei
    Facebook Customizer (by Adblock Plus) - Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm
    Planetarium - Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp
    MagicScroll eBook Reader - Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble
    Chrome Hotword Shared Module - Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
    Writer - Adrian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnengefjfhgcceajaepbjhanoojifmog
     
    ==== Chromium Startpages ======================
     
    C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Preferences
    aedia":"6C5C0FC42CAF270EED52BA5B5661391091C9F66BEAE1925D4F48D9328538EDF9","pnengefjfhgcceajaepbjhanoojifmog":"B38DBDF18E5D7AE40BB187A76234969C411C071EB9EAFA9513A7FF5BAC7DD30D"}},"google":{"services":{"last_username":"C4D1E141FEED0BBD712EEDBF44340B46A02B432CCD0A651F44BBA81512D87D84","username":"E807D4E351A0903E81963A068656C13888CB1554C23DDE6BCBF18153AC58F9EB"}},"homepage":"0BEAF733E463A700A64B6C833D2770485E3A53E64E3493F64F22A66F96907C3D","homepage_is_newtabpage":"E07941D1F50223A9798C478787009043DA2814316FB4B8E8A95C98E0051A74DC","pinned_tabs":"8A89E597FB26CA3C74D8AABEDB756D1CD07494033AA2D2D493DECA3FF466F4BB","prefs":{"preference_reset_time":"D95B38BC690EC3C1842AB53CDF463C9F0E1437B98CF2FAB9D30930BA111E463C"},"profile":{"reset_prompt_memento":"8BDCD999D170D369855B2F2D7EE78408AED0F85E4B2D8B869CD10CF2E1956D7A"},"safebrowsing":{"incidents_sent":"C7A08160BBBE629200BA4F989C3B827E48B92A1F6B9B5B800F94BD5253B1378A"},"search_provider_overrides":"CD04E3E81FFFF1200B8EE713601631D436FAC7FEC25677E468E241C5EF453762","session":{"restore_on_startup":"11092571C15EF694E793DE57B5ACD0B14D0EA032E46E929338351655D43AF4F0","startup_urls":"3188DC3B2C1FC6192158EB3A8C752F04A1AB7A7CF06F244423C140754D4FEB3B"},"software_reporter":{"prompt_reason":"9E9536FF91797DAA6F42BBB7B8DB7D16B73570A428D5F9CE1361B7780BB0CA62","prompt_seed":"B15575B49F2974064227051EE4C583AA825D1E551A0A4AA3B10FDB5E1429EFA0","prompt_version":"50F2F3005E016165502345625A6A99808013FFF4DD5665628160D8E695C512CE"},"sync":{"remaining_rollback_tries":"CFCF636A163B7C600871087CD2F4440058B72FD8174CE10B539E9D4D21881763"}},"super_mac":"9FCEA34D29F1AAA741A18FB91CC390826314A8B74215468B49A3C9A73CA04251"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.co...back_tries":0}}
     
     
    ==== Set IE to Default ======================
     
    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
     
    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
     
    ==== All HKCU SearchScopes ======================
     
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
     
    ==== Reset Google Chrome ======================
     
    C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
    C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
    C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
     
    ==== shortcuts on Users Desktops ======================
     
    C:\Users\Adrian\Desktop\adrian.lnk - D:\adrian 
    C:\Users\Adrian\Desktop\Brasileirao A - Shortcut.lnk - C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013\Patch Bmpes\GDB\uni\Brasileirao A 
    C:\Users\Adrian\Desktop\downloads.lnk - D:\downloads 
    C:\Users\Adrian\Desktop\Enforcer Police Crime Action.lnk - C:\Program Files (x86)\Enforcer Police Crime Action\Enforcer.exe /boot
     
    ==== shortcuts on All Users Desktop ======================
     
    C:\Users\Public\Desktop\InputMapper.lnk - C:\Program Files (x86)\DSDCS\InputMapper\InputMapper.exe 
    C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
     
    ==== shortcuts in Users Start Menu ======================
     
    C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
    C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\msinfo32.lnk - C:\Windows\System32\msinfo32.exe 
    C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
    C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 
    C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
    C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
     
    ==== shortcuts in All Users Start Menu ======================
     
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk - C:\WINDOWS\system32\GfxUIEx.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk - C:\Program Files (x86)\Paint.NET\PaintDotNet.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enforcer Police Crime Action\Enforcer Police Crime Action.lnk - C:\Program Files (x86)\Enforcer Police Crime Action\Enforcer.exe /boot
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enforcer Police Crime Action\Uninstall.lnk - C:\Program Files (x86)\Enforcer Police Crime Action\unins000.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InputMapper\Check for updates.lnk - C:\Program Files (x86)\DSDCS\InputMapper\Updater.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InputMapper\InputMapper.lnk - C:\Program Files (x86)\DSDCS\InputMapper\InputMapper.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InputMapper\XInput Test.lnk - C:\Program Files (x86)\DSDCS\InputMapper\XInputTest.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\misc.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\msouc.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Check For Updates.lnk - C:\Program Files (x86)\Microsoft Xbox 360 Accessories\AUSetting.exe -forcecheck
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Help.lnk - C:\Program Files (x86)\Microsoft Xbox 360 Accessories\Xboxhelp.chm 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Status.lnk - C:\Program Files (x86)\Microsoft Xbox 360 Accessories\XBoxStat.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
     
    ==== shortcuts in Quick Launch ======================
     
    C:\Users\Adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
    C:\Users\Adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
    C:\Users\Adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Adrian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
     
    ==== Empty IE Cache ======================
     
    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Adrian\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Adrian\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
     
    ==== Empty FireFox Cache ======================
     
    No FireFox Profiles found
     
    ==== Empty Chrome Cache ======================
     
    C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
     
    ==== Empty All Flash Cache ======================
     
    Flash Cache Emptied Successfully
     
    ==== Empty All Java Cache ======================
     
    No Java Cache Found
     
    ==== C:\zoek_backup content ======================
     
    C:\zoek_backup (files=75 folders=33 1983454394 bytes)
     
    ==== Empty Temp Folders ======================
     
    C:\Users\Adrian\AppData\Local\Temp will be emptied at reboot
    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Default User\AppData\Local\Temp emptied successfully
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\Temp will be emptied at reboot
     
    ==== After Reboot ======================
     
    ==== Empty Temp Folders ======================
     
    C:\WINDOWS\Temp successfully emptied
    C:\Users\Adrian\AppData\Local\Temp successfully emptied
     
    ==== Empty Recycle Bin ======================
     
    C:\$RECYCLE.BIN successfully emptied
     
    ==== EOF on 18/06/2015 at 11:40:40,01 ======================
     
     
    # AdwCleaner v4.206 - Logfile created 18/06/2015 at 11:44:28
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-17.1 [Server]
    # Operating system : Windows 8.1 Pro  (x64)
    # Username : Adrian - DALLEGRAVE-PC
    # Running from : D:\downloads\AdwCleaner.exe
    # Option : Scan
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Web browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.16384
     
     
    -\\ Google Chrome v43.0.2357.124
     
     
    *************************
     
    AdwCleaner[R0].txt - [585 bytes] - [18/06/2015 11:44:28]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [643 bytes] ##########
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 7.0.2 (06.18.2015:1)
    OS: Windows 8.1 Pro x64
    Ran by Adrian on 18/06/2015 at 11:45:50,99
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Tasks
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ Chrome
     
     
    [C:\Users\Adrian\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
     
    [C:\Users\Adrian\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
     
    [C:\Users\Adrian\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
     
    [C:\Users\Adrian\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/06/2015 at 11:46:37,63
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #15
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    On thing I noted in earlier scans were the System and Hardware errors. I don't know if the drivers are mismatched or what's going on.

     

    From a Malware perspective can you describe what you are now seeing?


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: adware, malware, oursurfing, reformat, format

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP