Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

So i think i have a virus of some sort, Plz help.. [Closed]

Started by wez , Jul 29 2015 06:42 AM

  • This topic is locked This topic is locked

#1
wez
Posted 29 July 2015 - 06:42 AM

wez

    New Member

  • Member
  • Pip
  • 1 posts

I've been receiving this error for a couple of weeks now and cant get rid of it, i think whatever is causing it is also really slowing my computer down because a few of the games i play online have been crashing alot whenever it pops up!

 

"Security Request"

 

Outbound traffic Detected

 

We have detected a large amount of suspicious outbound traffic on your system. Your computer may be infected with something that Norton Power Eraser can detect and remove.

 

Do you want to run Norton Power Eraser? 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Gaiter (administrator) on INFINITY (28-07-2015 22:26:06)
Running from C:\Users\Gaiter\Desktop
Loaded Profiles: Gaiter (Available Profiles: Gaiter & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Gaiter\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Gaiter\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Gaiter\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Gaiter\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-07-25] (Alienware)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-15] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [76912 2012-07-14] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\Run: [DellSystemDetect] => C:\Users\Gaiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\Run: [uTorrent] => C:\Users\Gaiter\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-07] (BitTorrent Inc.)
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\Run: [GoogleChromeAutoLaunch_48715CF33F75324FA53D999A946B94B8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [155280 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-06-17] (NVIDIA Corporation)
Startup: C:\Users\Gaiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2014-04-11] ()
Startup: C:\Users\Gaiter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienware....com/welcome-au
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienware....com/welcome-au
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002 -> {1C055FDC-122F-48FA-885E-03CCD755EB6A} URL = 
SearchScopes: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-17] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: 54.225.95.126 dmcecclamecbinmplcolhaljlclhbgah
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{25FC3A1C-FA60-401D-98EA-694297A9F33D}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{6F7CCDE0-BB3A-4993-85F0-8233D965195D}: [DhcpNameServer] 10.1.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-3558754851-4006217252-2966217660-1002: electronicarts.com/GameFacePlugin -> C:\Users\Gaiter\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-21] (Electronic Arts)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-07-28]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com.au/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M8281E2EA-A915-48E7-8F62-114A64B67C8D&SearchSource=55&CUI=&UM=6&UP=SPEEBC5579-1A94-4A1B-B685-8DAD30BB39FE&SSPV=", "hxxp://www.google.com/", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZU19_ls5TEHCjb8lgUHrIbpiDyHW7aUyuyu59QN_myecCR8WAz6v05tr0Xs_DnrQbxuxFmdDArDJSwbEnjIWJqLHVo6KNXmx-uHNpreIwCAokXeR7tq-gW-0vIcqjABOHPGUlzennrL6Q,,", "hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M8281E2EA-A915-48E7-8F62-114A64B67C8D&SearchSource=55&CUI=&UM=6&UP=SPEEBC5579-1A94-4A1B-B685-8DAD30BB39FE&SSPV="
CHR Profile: C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (From Dust) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]
CHR Extension: (YouTube) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Facebook) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-02-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-04]
CHR Extension: (Adblock for Youtube™) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Awesome Bookmarks Widget [ANTP]) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpomkeboefacdfaoklfekfleengjeodf [2015-02-07]
CHR Extension: (Foxtab Speed Dial) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm [2015-02-07]
CHR Extension: (Free Rider 3) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgciaombdjbpmepfcndmfidlklafhcc [2015-02-07]
CHR Extension: (Avant Downloader) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbonimgkpojnocmgjgkgigbfgffpcjnp [2015-02-16]
CHR Extension: (Google Sheets) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Chrome Web Store Launcher (by Google)) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej [2015-02-07]
CHR Extension: (AdBlock) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-07]
CHR Extension: (NaetoCaoupoon) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\idacjcbjkggkdfikhficmaclhnfaimjf [2015-02-16]
CHR Extension: (Norton Identity Safe) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-20]
CHR Extension: (Dropbox) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-02-07]
CHR Extension: (My theme for Facebook™) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadmhlpibbjnepjmbiaoinpfkflenfmj [2015-02-07]
CHR Extension: (Google Maps) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-02-07]
CHR Extension: (Google Wallet) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (My Chrome Theme) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-02-07]
CHR Extension: (Awesome Speed Dial) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijkglihmcefogkmgibpajfaiekekllk [2015-02-07]
CHR Extension: (Picasa) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-02-07]
CHR Extension: (Outlook.com) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-02-07]
CHR Extension: (Gmail) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
CHR Extension: (Canvas Rider) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-02-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [13168 2012-07-25] (Alienware)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [236144 2012-07-13] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-15] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-15] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-24] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20150728.001\IDSvia64.sys [692984 2015-07-03] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150728.017\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20150728.017\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [27816 2014-12-30] (Razer Inc)
S3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [33448 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-13] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 NTIOLib_X64; \??\C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 22:26 - 2015-07-28 22:26 - 00029394 _____ C:\Users\Gaiter\Desktop\FRST.txt
2015-07-28 22:25 - 2015-07-28 22:26 - 00000000 ____D C:\FRST
2015-07-28 22:23 - 2015-07-28 22:24 - 02169856 _____ (Farbar) C:\Users\Gaiter\Desktop\FRST64.exe
2015-07-28 22:13 - 2015-07-28 22:13 - 02169856 _____ (Farbar) C:\Users\Gaiter\Downloads\FRST64.exe
2015-07-28 21:16 - 2015-07-28 21:16 - 00001132 _____ C:\WINDOWS\PFRO.log
2015-07-27 18:47 - 2015-07-25 23:04 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-25 20:33 - 2015-07-28 21:39 - 00001810 _____ C:\WINDOWS\setupact.log
2015-07-25 20:33 - 2015-07-28 21:34 - 00699606 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-25 20:33 - 2015-07-25 20:33 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-25 20:33 - 2015-07-03 13:58 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-07-25 20:33 - 2015-07-03 13:58 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-07-24 16:48 - 2015-07-24 16:54 - 00000000 ____D C:\Users\Gaiter\Desktop\HDD
2015-07-24 15:39 - 2015-07-24 15:39 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-24 15:39 - 2015-07-24 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-24 15:38 - 2015-07-24 15:39 - 00000000 ____D C:\Program Files\iTunes
2015-07-24 15:38 - 2015-07-24 15:38 - 00000000 ____D C:\Program Files\iPod
2015-07-24 15:26 - 2015-07-24 15:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-24 15:26 - 2015-07-24 15:26 - 00001859 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-24 15:26 - 2015-07-24 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-23 22:44 - 2015-07-23 22:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-07-20 17:30 - 2015-07-14 23:44 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 17:30 - 2015-07-14 23:44 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 17:30 - 2015-07-14 23:44 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 17:30 - 2015-07-14 23:43 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-14 07:43 - 2015-07-10 05:21 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-14 07:43 - 2015-07-10 04:10 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-14 07:43 - 2015-07-10 01:33 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-14 07:43 - 2015-07-10 01:24 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-14 07:43 - 2015-07-10 01:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-14 07:43 - 2015-07-10 01:20 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-14 07:43 - 2015-07-10 01:20 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-14 07:43 - 2015-07-10 01:18 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-14 07:43 - 2015-07-10 01:16 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-14 07:43 - 2015-07-10 01:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-14 07:43 - 2015-07-10 01:07 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-14 07:43 - 2015-07-10 01:05 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-14 07:43 - 2015-07-10 01:04 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-14 07:43 - 2015-06-27 12:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-14 07:43 - 2015-06-27 12:38 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-14 07:43 - 2015-06-27 11:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-14 07:42 - 2015-07-03 06:51 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-14 07:42 - 2015-07-03 06:20 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-14 07:42 - 2015-07-03 06:19 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-14 07:42 - 2015-07-03 05:53 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-14 07:42 - 2015-07-03 05:49 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-14 07:42 - 2015-07-03 05:25 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-14 07:42 - 2015-07-03 04:50 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-14 07:42 - 2015-07-03 04:29 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-14 07:42 - 2015-07-02 07:38 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-14 07:42 - 2015-07-02 06:44 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-14 07:42 - 2015-06-30 08:13 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-14 07:42 - 2015-06-30 00:37 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-14 07:42 - 2015-06-30 00:37 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-14 07:42 - 2015-06-30 00:37 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-14 07:42 - 2015-06-30 00:37 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-14 07:42 - 2015-06-28 14:37 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-14 07:42 - 2015-06-28 14:37 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-14 07:42 - 2015-06-28 14:36 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-14 07:42 - 2015-06-28 14:36 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-14 07:42 - 2015-06-28 02:12 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-14 07:42 - 2015-06-27 12:43 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-14 07:42 - 2015-06-27 12:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-14 07:42 - 2015-06-27 12:42 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-14 07:42 - 2015-06-27 12:10 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-14 07:42 - 2015-06-27 11:35 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-14 07:42 - 2015-06-27 11:30 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-14 07:42 - 2015-06-27 11:23 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-14 07:42 - 2015-06-27 10:56 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-14 07:42 - 2015-06-27 08:51 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-14 07:42 - 2015-06-27 08:51 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-14 07:42 - 2015-06-25 12:01 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-14 07:42 - 2015-06-16 08:11 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-14 07:42 - 2015-06-16 07:54 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-14 07:42 - 2015-06-16 06:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-14 07:42 - 2015-06-16 06:39 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-14 07:42 - 2015-06-16 06:20 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-14 07:42 - 2015-06-16 05:27 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-14 07:42 - 2015-05-31 06:48 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-14 07:42 - 2015-05-31 05:06 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-14 07:42 - 2015-05-31 05:05 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-14 07:42 - 2015-05-08 03:20 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-14 07:42 - 2015-05-08 02:30 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-14 07:42 - 2015-05-08 02:23 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-14 07:42 - 2015-05-08 01:42 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-14 07:42 - 2015-05-08 00:51 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-14 07:42 - 2015-05-08 00:35 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-14 07:42 - 2015-05-04 00:39 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 07:42 - 2015-05-04 00:28 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-14 07:42 - 2015-05-04 00:25 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-14 07:42 - 2015-05-04 00:19 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-14 07:42 - 2015-05-03 10:09 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-14 07:42 - 2015-04-30 08:52 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-14 07:42 - 2015-04-25 11:55 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-14 07:42 - 2014-11-05 04:55 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-14 07:42 - 2014-11-05 04:55 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-14 07:42 - 2014-11-04 16:25 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-14 07:42 - 2014-11-04 16:24 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-14 07:42 - 2014-11-04 16:24 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-14 07:42 - 2014-11-04 16:24 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-14 07:41 - 2015-06-16 15:06 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-14 07:41 - 2015-06-16 15:06 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-14 07:41 - 2015-06-16 08:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-14 07:41 - 2015-06-16 08:08 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-14 07:41 - 2015-06-16 07:56 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-14 07:41 - 2015-06-16 07:54 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-14 07:41 - 2015-06-16 07:32 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-14 07:41 - 2015-06-16 07:28 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-14 07:41 - 2015-06-16 07:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-14 07:41 - 2015-06-16 07:26 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-14 07:41 - 2015-06-16 07:25 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-14 07:41 - 2015-06-16 07:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-14 07:41 - 2015-06-16 07:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-14 07:41 - 2015-06-16 07:08 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-14 07:41 - 2015-06-16 07:06 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-14 07:41 - 2015-06-16 06:47 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-14 07:41 - 2015-06-16 06:46 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-14 07:41 - 2015-06-16 06:45 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-14 07:41 - 2015-06-16 06:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-14 07:41 - 2015-06-16 06:34 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-14 07:41 - 2015-06-16 06:33 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-14 07:41 - 2015-06-16 06:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-14 07:41 - 2015-06-16 06:17 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-14 07:41 - 2015-06-16 06:14 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-14 07:41 - 2015-06-16 06:13 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-14 07:41 - 2015-06-16 06:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-14 07:41 - 2015-06-16 06:11 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-14 07:41 - 2015-06-16 06:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-14 07:41 - 2015-06-16 06:02 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-14 07:41 - 2015-06-16 06:01 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-14 07:41 - 2015-06-16 06:00 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-14 07:41 - 2015-06-16 06:00 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-14 07:41 - 2015-06-16 05:47 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-14 07:41 - 2015-06-16 05:37 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-14 07:41 - 2015-06-16 05:32 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-14 07:41 - 2015-06-11 13:19 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-14 07:41 - 2015-06-11 01:43 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-14 07:41 - 2015-05-12 22:49 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-14 07:41 - 2015-05-12 02:04 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-14 07:41 - 2015-05-08 02:17 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 07:41 - 2015-05-04 00:37 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-14 07:41 - 2015-05-04 00:27 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-14 07:41 - 2015-05-02 09:03 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-14 07:41 - 2015-04-28 22:43 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-14 07:41 - 2015-04-28 22:43 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-14 07:41 - 2015-04-24 01:17 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-14 07:41 - 2015-04-24 00:46 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-13 13:38 - 2015-07-13 13:38 - 00014555 _____ C:\Users\Gaiter\Downloads\[kat.cr]looking.for.alibrandi.2000 (1).torrent
2015-07-13 13:37 - 2015-07-13 13:37 - 00014828 _____ C:\Users\Gaiter\Downloads\[kat.cr]the.stepford.wives.2004.dvdrip.xvid.lkrg (2).torrent
2015-07-13 13:37 - 2015-07-13 13:37 - 00014828 _____ C:\Users\Gaiter\Downloads\[kat.cr]the.stepford.wives.2004.dvdrip.xvid.lkrg (1).torrent
2015-07-13 09:34 - 2015-07-13 09:34 - 01730328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-07-13 09:34 - 2015-07-13 09:34 - 00199896 _____ (Razer Inc) C:\WINDOWS\system32\Drivers\rzudd.sys
2015-07-12 21:23 - 2015-07-12 21:23 - 00019978 _____ C:\Users\Gaiter\Downloads\[kat.cr]ballers.2015.s01e04.hdtv.x264.asap.ettv.torrent
2015-07-11 21:16 - 2015-07-11 21:16 - 00014828 _____ C:\Users\Gaiter\Downloads\[kat.cr]the.stepford.wives.2004.dvdrip.xvid.lkrg.torrent
2015-07-11 19:11 - 2015-07-11 19:11 - 00151290 _____ C:\Users\Gaiter\Downloads\[kat.cr]ufc.189.ppv.hdtv.x264.ebi.sparrow.torrent
2015-07-11 13:40 - 2015-07-11 13:40 - 00118988 _____ C:\Users\Gaiter\Downloads\[kat.cr]fast.and.furious.7.hdrip.xvid.ac3.evo.torrent
2015-07-11 10:55 - 2015-07-11 10:56 - 00078523 _____ C:\Users\Gaiter\Downloads\[kat.cr]ted.2.2015.uncensored.1080p.hc.webrip.x264.aac2.0.rarbg.torrent
2015-07-08 21:05 - 2015-07-08 21:05 - 00014485 _____ C:\Users\Gaiter\Downloads\[kat.cr]looking.for.alibrandi.2000.torrent
2015-07-08 21:04 - 2015-07-08 21:04 - 00022811 _____ C:\Users\Gaiter\Downloads\[kat.cr]insurgent.2015.hdrip.x264.rarbg.torrent
2015-07-07 17:50 - 2015-07-07 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-07-07 17:31 - 2015-07-28 19:39 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-07-06 19:14 - 2015-07-06 19:14 - 00118338 _____ C:\Users\Gaiter\Downloads\[kat.cr]spy.2015.hc.hdrip.xvid.ac3.evo.torrent
2015-07-06 19:13 - 2015-07-06 19:13 - 00024438 _____ C:\Users\Gaiter\Downloads\[kat.cr]ballers.2015.s01e03.hdtv.x264.asap.ettv.torrent
2015-07-06 19:13 - 2015-07-06 19:13 - 00024278 _____ C:\Users\Gaiter\Downloads\[kat.cr]ballers.2015.s01e02.proper.hdtv.x264.killers.ettv.torrent
2015-07-06 19:13 - 2015-07-06 19:13 - 00021998 _____ C:\Users\Gaiter\Downloads\[kat.cr]ballers.2014.s01e01.hdtv.x264.killers.ettv.torrent
2015-07-04 09:43 - 2015-07-24 16:42 - 00000000 ____D C:\Users\Gaiter\AppData\Local\NPE
2015-07-04 09:36 - 2015-07-04 09:36 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-07-04 09:36 - 2015-07-04 09:36 - 00000000 ____D C:\WINDOWS\system32\NV
2015-07-04 09:36 - 2015-06-17 15:33 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-07-04 09:33 - 2015-06-17 18:40 - 42729104 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 37748880 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 30481552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 22947144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 16145200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 15866992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 14497520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 13263056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 11831856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 11011216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-07-04 09:33 - 2015-06-17 18:40 - 02997544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 02599752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435330.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 01557832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435330.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 01099992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 01060168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 01050768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00975176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00938752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00503408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00408392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-07-04 09:33 - 2015-06-17 18:40 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00155280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-07-04 09:33 - 2015-06-17 18:40 - 00030966 _____ C:\WINDOWS\system32\nvinfo.pb
2015-07-04 09:29 - 2015-07-23 22:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-04 01:59 - 2015-07-04 01:59 - 00000000 ____D C:\Users\Public\Downloads\Norton
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-28 22:17 - 2013-11-21 02:03 - 00258048 ___SH C:\Users\Gaiter\Downloads\Thumbs.db
2015-07-28 22:15 - 2013-09-25 17:24 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-28 21:51 - 2014-04-03 18:45 - 00004978 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for INFINITY-Gaiter INFINITY
2015-07-28 21:41 - 2013-11-20 22:01 - 00000000 ___DO C:\Users\Gaiter\SkyDrive
2015-07-28 21:40 - 2015-01-20 15:17 - 00001360 _____ C:\WINDOWS\Tasks\MLKPFB.job
2015-07-28 21:40 - 2015-01-20 15:16 - 00001360 _____ C:\WINDOWS\Tasks\SBWRBE.job
2015-07-28 21:40 - 2013-11-20 21:14 - 00000000 ____D C:\Users\Gaiter
2015-07-28 21:40 - 2013-09-25 17:24 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-28 21:40 - 2013-09-10 23:10 - 00000095 _____ C:\Users\Gaiter\.accessibility.properties
2015-07-28 21:37 - 2013-11-20 21:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-28 21:37 - 2013-08-23 00:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-28 21:32 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-28 20:31 - 2014-01-02 07:25 - 00000000 ____D C:\Users\Gaiter\AppData\Local\Deployment
2015-07-28 20:04 - 2014-03-10 10:16 - 00000000 ____D C:\Users\Gaiter\AppData\Local\Battle.net
2015-07-28 19:58 - 2015-03-01 18:28 - 00000000 ____D C:\Users\Gaiter\AppData\Roaming\TS3Client
2015-07-28 19:36 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-28 19:34 - 2013-08-22 22:55 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-27 19:18 - 2012-07-26 17:29 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-26 19:06 - 2015-03-19 20:52 - 00000000 ____D C:\Users\Gaiter\AppData\Local\CrashDumps
2015-07-25 20:34 - 2013-11-20 21:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-25 20:28 - 2013-09-29 19:14 - 00000000 ____D C:\Users\Gaiter\AppData\Roaming\uTorrent
2015-07-24 18:55 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\rescache
2015-07-24 18:40 - 2013-09-25 17:31 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3558754851-4006217252-2966217660-1002
2015-07-24 16:41 - 2013-09-26 06:04 - 00000000 ____D C:\Users\Gaiter\AppData\Local\Razer
2015-07-24 16:34 - 2013-08-23 00:14 - 00494928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-24 15:38 - 2015-05-16 01:38 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-24 15:38 - 2013-09-28 03:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-24 15:38 - 2013-09-28 03:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-24 14:35 - 2015-04-05 00:45 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-24 14:24 - 2012-07-26 17:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-23 22:39 - 2015-02-20 15:51 - 00003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-07-23 22:39 - 2015-02-20 15:51 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-07-23 19:20 - 2015-05-13 10:11 - 00000000 ___RD C:\Users\Gaiter\OneDrive
2015-07-23 19:20 - 2014-04-03 18:54 - 00003098 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3558754851-4006217252-2966217660-1002
2015-07-22 18:16 - 2015-02-20 15:51 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-07-22 18:16 - 2015-02-20 15:51 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-07-22 17:48 - 2013-08-22 22:55 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-20 17:36 - 2014-04-03 18:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-15 22:44 - 2015-04-05 00:45 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-15 04:36 - 2014-07-28 20:55 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-07-15 04:36 - 2013-10-29 22:27 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-07-15 04:35 - 2014-07-28 20:55 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-07-15 04:35 - 2013-10-29 22:27 - 01710056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-07-14 21:29 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-14 21:28 - 2013-08-23 01:06 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-14 20:32 - 2013-09-30 13:34 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-14 13:11 - 2014-12-11 16:21 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-14 13:11 - 2014-07-10 19:33 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-14 13:10 - 2013-09-25 18:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 06:40 - 2014-06-12 19:35 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-14 06:40 - 2014-06-12 19:35 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 21:23 - 2013-07-19 17:44 - 00000000 ___RD C:\Users\Gaiter\Desktop\oo
2015-07-12 02:30 - 2013-11-21 08:28 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B7627C7B-5A10-4FFC-B6A4-7CE4EA12FA2B}
2015-07-08 18:26 - 2012-10-28 13:12 - 00000000 ____D C:\Game
2015-07-04 09:43 - 2015-02-20 15:51 - 00000000 ____D C:\ProgramData\Norton
2015-07-04 09:37 - 2013-09-26 07:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-04 09:33 - 2015-06-20 18:09 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-04 02:03 - 2015-02-20 15:51 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-03 13:58 - 2013-10-29 22:26 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-07-03 08:43 - 2013-09-25 18:22 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 12:57 - 2014-03-10 10:16 - 00000000 ____D C:\Program Files (x86)\Battle.net
 
==================== Files in the root of some directories =======
 
2015-02-16 23:39 - 2015-06-08 22:11 - 0000020 _____ () C:\Users\Gaiter\AppData\Roaming\appdataFr3.bin
2014-09-01 17:48 - 2014-09-01 17:48 - 0001248 _____ () C:\Users\Gaiter\AppData\Roaming\MLKPFB
2014-09-01 17:48 - 2014-09-01 17:48 - 0001248 _____ () C:\Users\Gaiter\AppData\Roaming\SBWRBE
2012-10-03 04:34 - 2012-10-03 04:34 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-03 04:31 - 2012-10-03 04:32 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-03 04:32 - 2012-10-03 04:33 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-03 04:31 - 2012-10-03 04:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-03 04:33 - 2012-10-03 04:34 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-26 00:28
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Gaiter (2015-07-28 22:26:57)
Running from C:\Users\Gaiter\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3558754851-4006217252-2966217660-500 - Administrator - Disabled) => C:\Users\Administrator
Gaiter (S-1-5-21-3558754851-4006217252-2966217660-1002 - Administrator - Enabled) => C:\Users\Gaiter
Guest (S-1-5-21-3558754851-4006217252-2966217660-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3558754851-4006217252-2966217660-1008 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Alienware)
Alienware Command Center (HKLM-x32\...\InstallShield_{714431C1-0D95-4844-BC9D-081C48729B2D}) (Version: 2.8.11.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.11.0 - Alienware Corp.) Hidden
Alienware Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.6 - Dell Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Curse Client (HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell System Detect (HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Dropbox (HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EVGA PrecisionX 16 (HKLM-x32\...\{0D30CA95-DFB2-4130-AF57-6E0D324DDB05}) (Version: 5.3.3 - EVGA Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.0.68.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Spin Palace Casino (HKLM-x32\...\spinpalace) (Version: 16.8.3.393 - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winner Casino (HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\Winner Casino) (Version:  - )
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002_Classes\CLSID\{37b8465d-9820-477e-9356-8c5e8ee684b8}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gaiter\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
08-07-2015 09:39:28 Windows Update
14-07-2015 13:03:57 Windows Update
20-07-2015 17:34:09 Windows Update
27-07-2015 19:17:05 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 22:55 - 2014-03-23 18:55 - 00000872 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.225.95.126 dmcecclamecbinmplcolhaljlclhbgah
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10D013C6-3D63-48C1-AD98-3D396DB11ACD} - System32\Tasks\{60D6C770-48D6-4F91-BF8A-7F1BAFBA2A49} => pcalua.exe -a C:\Users\Gaiter\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {1CD37B5F-F9DF-4DC3-A8AF-EBFDAF2C45AA} - System32\Tasks\SBWRBE => C:\Users\Gaiter\AppData\Roaming\SBWRBE.exe <==== ATTENTION
Task: {27344BDF-A72F-4507-95F4-2DAF370CAA04} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3558754851-4006217252-2966217660-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {293A6989-2313-4B3D-B12E-447CA6A3442F} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3558754851-4006217252-2966217660-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3E1C2B52-38AF-4D8A-90C1-9E7C338D791C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4340EE4E-C191-43BF-B4BD-ECB3F5B9A785} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {48C71E20-CBDE-4068-8646-B232A14700D5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3558754851-4006217252-2966217660-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {4A6AB540-8184-402E-BDFA-1077355CF1B8} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {5067AC2A-6DB1-4979-9154-5E915B254067} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-20] (Symantec Corporation)
Task: {60E7EDA8-700A-4DA6-9D31-5C8A09A7C8F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {66173A09-498A-45CE-821D-E3705268B6BB} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {77854BEA-1D49-4E0D-9BE6-F1DCF82DDAFF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3558754851-4006217252-2966217660-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7F837149-0532-43BD-83EC-24D2DFDE325B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3558754851-4006217252-2966217660-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {895A3ADB-CCCB-4ECA-865E-54FA0B42327F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {A210A215-0260-4284-AF44-30285C04B655} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3558754851-4006217252-2966217660-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {C0522385-BE78-4403-BBFE-A06A38ED2AB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {C468E7C4-F7A0-4FCB-97D5-0D3F6F038F55} - System32\Tasks\Microsoft Office 15 Sync Maintenance for INFINITY-Gaiter INFINITY => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {D613F1C5-ED0D-4C67-961C-1DD8375CFEAA} - System32\Tasks\MLKPFB => C:\Users\Gaiter\AppData\Roaming\MLKPFB.exe <==== ATTENTION
Task: {DA469A37-8C63-4375-9D35-DFCB6FBCC271} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {E01FFDD6-1A31-4FC5-B31B-38158ECFDB44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {E60E18F7-3CD2-4778-8C38-44D68AF60E62} - System32\Tasks\{8F1A608E-A6FD-4CCE-9592-E6DE39AC50D1} => pcalua.exe -a "C:\Program Files (x86)\FastPlayer\uninstall.exe"
Task: {F46DE063-07D5-4A4A-91B3-B76DC66F15C2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-17] (Symantec Corporation)
Task: {F6D571AB-D2E4-4538-9D4F-50A989DF1F9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-20] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MLKPFB.job => C:\Users\Gaiter\AppData\Roaming\MLKPFB.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SBWRBE.job => C:\Users\Gaiter\AppData\Roaming\SBWRBE.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-20 21:08 - 2015-06-17 16:18 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-03 18:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-24 04:41 - 2015-06-24 04:41 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2012-10-03 04:33 - 2012-04-25 12:13 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-03-13 03:35 - 2015-01-28 00:59 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-26 19:33 - 2015-07-15 04:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-13 12:42 - 2015-07-13 12:42 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-07-24 16:41 - 2014-11-26 11:42 - 40622592 _____ () C:\Users\Gaiter\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2015-02-07 08:39 - 2015-02-04 18:32 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-07 08:39 - 2015-02-04 18:32 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-07 08:39 - 2015-02-04 18:32 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-07-24 16:41 - 2014-11-26 11:42 - 00911360 _____ () C:\Users\Gaiter\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-07-24 16:41 - 2014-11-26 11:42 - 00134144 _____ () C:\Users\Gaiter\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
2015-07-24 16:41 - 2014-11-26 12:42 - 00950272 _____ () C:\Users\Gaiter\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\ffmpegsumo.dll
2012-10-03 04:25 - 2012-06-25 12:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-07-14 20:48 - 2015-07-13 10:14 - 16307888 _____ () C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Gaiter\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaiter\Desktop\HDD\Lenovo-Windows-8-Awesome-Wallpaper_J9wqjqw.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "fst_au_51"
HKLM\...\StartupApproved\Run32: => "Command Center Controllers"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\Run: => "Browser Extensions"
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\StartupApproved\Run: => "Search Protection"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CFA961E9-C059-43C3-9A45-10DEE4F8B917}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EB048EDC-989C-487D-BDA4-AB36076D1F67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09985547-DB86-4CC5-9686-FCC22A142364}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{35F0353A-14C8-4FA7-A440-D84FBD414600}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F648B6E0-D86E-4F0A-9F0A-E55F7E913D65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B6109C09-AC01-4176-8ECC-B880D33A6F9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9F2AFB6A-A030-4106-87B9-C635FBD24820}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C5E0E83C-7C76-4F4A-AA78-AC5E9D5C4D72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E3D6E7E1-6B67-4958-B3E8-BB85390CD28B}] => (Allow) C:\Users\Gaiter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02344EBC-9CDB-437F-927E-62BA9B2787C6}] => (Allow) C:\Users\Gaiter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2511180C-A67A-4519-8B37-ED4B6F0A377F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C1970E9-DB9C-4980-9022-37EB8328AEEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1788D55-DC24-47D5-8B27-6FF0FE28BD1C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ECC95F24-4E24-4214-86F6-E3D2BA9B2F28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82EF2BAA-082F-4F09-B226-C8A6B8849EFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0F4F7272-7F48-46E2-AABE-1AE684C61B40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1C2F84E8-36E0-433C-BD44-1617E6A64237}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2D8EA470-15CC-486D-A2EB-1436C2F2520D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8B7B2B4C-89EC-4CCB-BEC1-AE541AAC84B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F43CE11F-96B3-438C-918D-6D32BFF37B06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA894B2A-3C00-4F86-A33E-154E009AC011}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D7DC0EED-16E8-4536-8F7C-E8FA7AE5F49D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{45E92474-4B7D-4B27-800D-EE1C9AE0F27F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1E0D62C7-09BB-4E76-8B87-8BD953E118B3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{18FEB9FA-29C4-40B5-82CE-8E8E059BD268}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CE1367D4-7572-4799-9231-149FC15902CA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3B3F63AF-2EE2-490C-8BBB-1E7EED78DDF4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{45EB0409-289D-4C66-B28A-A208053DAC3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B90FD4C6-35BC-4F4C-AF7A-118FBF611516}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EDCD93DE-BC60-47FF-896E-B924A6F215E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2145C9BE-AE66-4C69-8E37-BE36D33AF0F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CEC01CCA-DFC9-41E6-8883-1401A353A274}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1929C599-3735-4FF2-9FAC-78F028BAC531}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D6AFBF7-1FE2-4BDB-ACBE-14F9B8B610E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5634B6EF-0382-4460-88AB-FF6A3C4D602E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A801F4E3-E33A-4F2F-A15E-A16CDBAC1774}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2C06C964-4765-4705-8D0C-3F0CC2DB8F3F}] => (Allow) C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1255BC8C-7E5B-4191-BDF8-59662AF75402}] => (Allow) C:\Users\Gaiter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{BABDBF06-2050-412F-8D51-2672C094D956}C:\users\gaiter\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gaiter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4C3AC2F6-B2D8-4EB5-A852-9636809B7599}C:\users\gaiter\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gaiter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{1F4FAA20-06FE-4ABE-B72D-ECDB889C86A7}C:\diablo iii\diablo iii.exe] => (Allow) C:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{3EADFB2C-215E-4527-98F0-436C50A027C1}C:\diablo iii\diablo iii.exe] => (Allow) C:\diablo iii\diablo iii.exe
FirewallRules: [{853F8A96-1DF4-421F-981E-6CD96380C732}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6B14C32-BB15-42D6-B02B-3EACDB9CE83B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A0C8F92A-A410-4FCB-8518-93025834002C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3E2C8AD3-2422-488F-95B8-B424284E6A46}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9BCAA3F5-9790-430E-B12E-C22F0D2D88EB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{058138AD-FF25-4A4C-BA08-0CDB8666D4FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{2F82955E-480D-4F83-8CAA-A6267D75A215}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{8F7F7AF8-58A3-4EC0-AC5B-EE8AEAE72724}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{DF30CAD6-C72F-459F-B013-DB68B93DE72A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B2807341-A986-4E09-A55F-037F5C55CF69}] => (Allow) C:\Users\Gaiter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AF17AA11-15D0-43DD-80FF-39F11F9C2AD7}] => (Allow) C:\Users\Gaiter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{087E611B-41FD-4919-8214-49B8EDDF457A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{D3676987-29BE-4171-87BF-155217F431F5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{5B07AD20-39C8-4B00-9089-2800FD876A91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{62D83891-DDA8-4198-B280-9FDCA8AF13CD}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E310BE0A-6EC7-4E9B-BF1C-377F19965DEF}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{171E4AFC-DE49-483C-AAFB-D23CDA2B3891}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{87B405A3-4F7C-4CEB-8113-2D3AE26BF48C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{79A2A01F-EFCA-430F-A23A-BE053A0E7D1B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8F37D156-E0F3-490F-A29C-97A3A417F141}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{515636C9-9DA7-4A8F-BF64-3079D154AA5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F536D33B-78A5-4193-B8D3-64360306147D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/28/2015 08:47:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/28/2015 07:18:38 AM) (Source: MsiInstaller) (EventID: 1021) (User: INFINITY)
Description: Product: Google Update Helper - Update '{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (07/27/2015 08:47:51 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/26/2015 08:47:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/26/2015 07:06:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzSynapse.exe, version: 1.18.21.26914, time stamp: 0x559ccecf
Faulting module name: RigCommonNative.dll, version: 1.0.4.0, time stamp: 0x559b3af5
Exception code: 0xc0000005
Fault offset: 0x00001ed8
Faulting process id: 0x3458
Faulting application start time: 0xRzSynapse.exe0
Faulting application path: RzSynapse.exe1
Faulting module path: RzSynapse.exe2
Report Id: RzSynapse.exe3
Faulting package full name: RzSynapse.exe4
Faulting package-relative application ID: RzSynapse.exe5
 
Error: (07/26/2015 07:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzSynapse.exe, version: 1.18.21.26914, time stamp: 0x559ccecf
Faulting module name: RigCommonNative.dll, version: 1.0.4.0, time stamp: 0x559b3af5
Exception code: 0xc00001a5
Fault offset: 0x0000556b
Faulting process id: 0x3458
Faulting application start time: 0xRzSynapse.exe0
Faulting application path: RzSynapse.exe1
Faulting module path: RzSynapse.exe2
Report Id: RzSynapse.exe3
Faulting package full name: RzSynapse.exe4
Faulting package-relative application ID: RzSynapse.exe5
 
Error: (07/25/2015 08:49:54 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/25/2015 08:33:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RtkNGUI64.exe, version: 1.0.0.196, time stamp: 0x4fd6d0a9
Faulting module name: RtkNGUI64.exe, version: 1.0.0.196, time stamp: 0x4fd6d0a9
Exception code: 0xc0000005
Fault offset: 0x00000000000e8ee4
Faulting process id: 0x17c0
Faulting application start time: 0xRtkNGUI64.exe0
Faulting application path: RtkNGUI64.exe1
Faulting module path: RtkNGUI64.exe2
Report Id: RtkNGUI64.exe3
Faulting package full name: RtkNGUI64.exe4
Faulting package-relative application ID: RtkNGUI64.exe5
 
Error: (07/24/2015 08:47:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/24/2015 01:38:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: INFINITY)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (07/28/2015 09:36:31 PM) (Source: DCOM) (EventID: 10010) (User: INFINITY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (07/28/2015 09:36:30 PM) (Source: DCOM) (EventID: 10010) (User: INFINITY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (07/28/2015 09:25:26 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video315a4(5398) 84015393 a5a5a5a5
 
Error: (07/28/2015 09:16:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:14:31 PM on ‎7/‎28/‎2015 was unexpected.
 
Error: (07/28/2015 09:14:45 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video3CMDre 00000008 0000011c bad0011f 00000000 00d0011f
 
Error: (07/28/2015 09:14:45 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video3CMDre 00000004 0000011c bad0011f 00000000 00d0011f
 
Error: (07/28/2015 09:14:45 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video3CMDre 00000003 0000011c bad0011f 00000000 00d0011f
 
Error: (07/28/2015 09:14:45 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video3CMDre 00000002 0000011c bad0011f 00000000 00d0011f
 
Error: (07/28/2015 09:14:45 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video3CMDre 00000001 0000011c bad0011f 00000000 00d0011f
 
Error: (07/28/2015 09:14:45 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: \Device\Video3CMDre 00000000 0000011c bad0011f 00000000 00d0011f
 
 
Microsoft Office:
=========================
Error: (07/28/2015 08:47:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/28/2015 07:18:38 AM) (Source: MsiInstaller) (EventID: 1021) (User: INFINITY)
Description: Google Update Helper{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}1647(NULL)(NULL)(NULL)
 
Error: (07/27/2015 08:47:51 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/26/2015 08:47:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/26/2015 07:06:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzSynapse.exe1.18.21.26914559ccecfRigCommonNative.dll1.0.4.0559b3af5c000000500001ed8345801d0c785bdd06d9bC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\ProgramData\Razer\Synapse\Devices\RigCommonNative.dllc7d4e80c-3379-11e5-bf81-d4bed9fc8437
 
Error: (07/26/2015 07:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RzSynapse.exe1.18.21.26914559ccecfRigCommonNative.dll1.0.4.0559b3af5c00001a50000556b345801d0c785bdd06d9bC:\Program Files (x86)\Razer\Synapse\RzSynapse.exeC:\ProgramData\Razer\Synapse\Devices\RigCommonNative.dll293497e1-3379-11e5-bf81-d4bed9fc8437
 
Error: (07/25/2015 08:49:54 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/25/2015 08:33:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtkNGUI64.exe1.0.0.1964fd6d0a9RtkNGUI64.exe1.0.0.1964fd6d0a9c000000500000000000e8ee417c001d0c6c4907669caC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exed3960b49-32bc-11e5-bf7e-d4bed9fc8437
 
Error: (07/24/2015 08:47:50 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (07/24/2015 01:38:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: INFINITY)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8078.96 MB
Available physical RAM: 5729.82 MB
Total Virtual: 9358.96 MB
Available Virtual: 6491.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:923.21 GB) (Free:562.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 396E6982)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 


  • 0

Advertisements

#2
Pyxis
Posted 29 July 2015 - 08:12 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :) I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
  • Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
I hope you keep in mind these reminders. Let's get to work! :thumbsup:
  • Step 1

    Copy and paste the following into Notepad and save as fixlist.txt to your desktop:
    CloseProcesses:
EmptyTemp:
Hosts:

Task: C:\WINDOWS\Tasks\MLKPFB.job => C:\Users\Gaiter\AppData\Roaming\MLKPFB.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SBWRBE.job => C:\Users\Gaiter\AppData\Roaming\SBWRBE.exe <==== ATTENTION
Task: {E60E18F7-3CD2-4778-8C38-44D68AF60E62} - System32\Tasks\{8F1A608E-A6FD-4CCE-9592-E6DE39AC50D1} => pcalua.exe -a "C:\Program Files (x86)\FastPlayer\uninstall.exe"
Task: {D613F1C5-ED0D-4C67-961C-1DD8375CFEAA} - System32\Tasks\MLKPFB => C:\Users\Gaiter\AppData\Roaming\MLKPFB.exe <==== ATTENTION
Task: {10D013C6-3D63-48C1-AD98-3D396DB11ACD} - System32\Tasks\{60D6C770-48D6-4F91-BF8A-7F1BAFBA2A49} => pcalua.exe -a C:\Users\Gaiter\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {1CD37B5F-F9DF-4DC3-A8AF-EBFDAF2C45AA} - System32\Tasks\SBWRBE => C:\Users\Gaiter\AppData\Roaming\SBWRBE.exe <==== ATTENTION
2015-02-16 23:39 - 2015-06-08 22:11 - 0000020 _____ () C:\Users\Gaiter\AppData\Roaming\appdataFr3.bin
2014-09-01 17:48 - 2014-09-01 17:48 - 0001248 _____ () C:\Users\Gaiter\AppData\Roaming\MLKPFB
2014-09-01 17:48 - 2014-09-01 17:48 - 0001248 _____ () C:\Users\Gaiter\AppData\Roaming\SBWRBE
2012-10-03 04:34 - 2012-10-03 04:34 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-03 04:31 - 2012-10-03 04:32 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-03 04:32 - 2012-10-03 04:33 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-03 04:31 - 2012-10-03 04:31 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-03 04:33 - 2012-10-03 04:34 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2015-07-28 21:40 - 2015-01-20 15:17 - 00001360 _____ C:\WINDOWS\Tasks\MLKPFB.job
2015-07-28 21:40 - 2015-01-20 15:16 - 00001360 _____ C:\WINDOWS\Tasks\SBWRBE.job
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 NTIOLib_X64; \??\C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [X]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M8281E2EA-A915-48E7-8F62-114A64B67C8D&SearchSource=55&CUI=&UM=6&UP=SPEEBC5579-1A94-4A1B-B685-8DAD30BB39FE&SSPV=", "hxxp://www.google.com/", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZU19_ls5TEHCjb8lgUHrIbpiDyHW7aUyuyu59QN_myecCR8WAz6v05tr0Xs_DnrQbxuxFmdDArDJSwbEnjIWJqLHVo6KNXmx-uHNpreIwCAokXeR7tq-gW-0vIcqjABOHPGUlzennrL6Q,,", "hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M8281E2EA-A915-48E7-8F62-114A64B67C8D&SearchSource=55&CUI=&UM=6&UP=SPEEBC5579-1A94-4A1B-B685-8DAD30BB39FE&SSPV="
CHR Extension: (Awesome Bookmarks Widget [ANTP]) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpomkeboefacdfaoklfekfleengjeodf [2015-02-07]
CHR Extension: (Foxtab Speed Dial) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm [2015-02-07]
CHR Extension: (Free Rider 3) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgciaombdjbpmepfcndmfidlklafhcc [2015-02-07]
CHR Extension: (Avant Downloader) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbonimgkpojnocmgjgkgigbfgffpcjnp [2015-02-16]
CHR Extension: (NaetoCaoupoon) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\idacjcbjkggkdfikhficmaclhnfaimjf [2015-02-16]
CHR Extension: (My theme for Facebook™) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadmhlpibbjnepjmbiaoinpfkflenfmj [2015-02-07]
CHR Extension: (My Chrome Theme) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-02-07]
CHR Extension: (Awesome Speed Dial) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijkglihmcefogkmgibpajfaiekekllk [2015-02-07]
CHR Extension: (Canvas Rider) - C:\Users\Gaiter\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-02-07]
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienware....com/welcome-au
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienware....com/welcome-au
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002 -> {1C055FDC-122F-48FA-885E-03CCD755EB6A} URL = 
SearchScopes: HKU\S-1-5-21-3558754851-4006217252-2966217660-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3558754851-4006217252-2966217660-1002\...\Run: [GoogleChromeAutoLaunch_48715CF33F75324FA53D999A946B94B8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKLM-x32\...\Run: [] => [X]

RemoveProxy:
CMD: bitsadmin /reset /allusers
    • Run your copy of FRST. It is important to ensure it is located in your desktop.
    • Press the Fix button.
    • It will produce a log (fixlog.txt) once done.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    One of the infections installed a development-build Google Chrome in place of your stable copy, which gives leverage to harmful extensions. Unfortunately, this means needing to replace your existing installation and resetting your settings to ensure no traces remain.
    • Download 'Google Chrome by Google' and save it to your desktop.
    • You can choose to export bookmarks if you have any. Do so by following 'this' guide.
    • If you signed in to Google Chrome, visit 'Google Sync' and click Reset sync > OK. Skip this step otherwise.
    • Close all instances of Google Chrome and uninstall it via Control Panel (Windows XP) or Programs and Features (Windows Vista or Windows 7).
      • Tick Also delete your browsing data? > Uninstall.
    • Close the browser window the uninstaller will open. Proceed to install the copy you downloaded earlier.
    • You can safely import the HTML bookmark backup(s) you made earlier and 'sync your settings' again.
  • Step 3

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Read the Terms of Use and click I Agree.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 4

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • fixlog.txt (Farbar Recovery Scan Tool)
    • AdwCleaner[S*].txt (AdwCleaner)
    • JRT.txt (Junkware Removal Tool)

  • 0

#3
Pyxis
Posted 01 August 2015 - 01:12 AM

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP