Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wont even run antivirus installations. browsers freezing & not res


  • This topic is locked This topic is locked

#1
ayydjango

ayydjango

    New Member

  • Member
  • Pip
  • 6 posts

couple days back everything just went bad. ive made the mistakes of not having an anti virus scanner for a very long time and its caught up with me. i tried the methods provided in the thread link below but the guy stated it was a fix for his computer only. i took the liberty of running COMBOFIX and i attached the logs. also note i had some sort of duplicating virus associated with chrome and programdata. everytime i started up chrome it would spam BS LOADER or MOD INJECTED or some crap but i havent seen that for a minute. I've tried everything I have at least 7 different anti virus installers, chameleon, trojanhunter, iobit systemcare and some others. nothing has worked fully, they have only bought me time and i feel if i dont rid my computer of this it will eventually destroy it lol. anything would be appreciated. thanks.

 

http://www.geekstogo...-run-antivirus/

 

LOGS FROM FRST64 :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by David (administrator) on DAVID-PC (04-11-2015 19:41:59)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Curse, Inc) C:\Users\David\AppData\Roaming\Curse Client\Bin\Curse.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-11-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-23] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter\THGuard.exe [1082832 2015-06-18] (Mischel Internet Security)
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\Run: [{F6FB2203-8001-47B9-BA15-DB5FBDAE3675}] => regsvr32.exe "C:\ProgramData\Bacwom\TucrAdcu.dll"
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-17] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{D95F7422-FBC7-49C7-A1CA-3F99DCD78292}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-11-04] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-19] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4s678e4j.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bfr-sw__alt__ddc_dsssyc_bd_com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-04] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-12-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-12-19] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3739055898-2858865413-359055978-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4s678e4j.default\Extensions\[email protected] [2015-11-04] [not signed]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4s678e4j.default\Extensions\[email protected] [2015-11-04] [not signed]
FF Extension: Bitdefender QuickScan - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4s678e4j.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-11-04]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\4s678e4j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-01]

Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-04]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-04]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Avira Browser Safety) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-04]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [236832 2015-09-16] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-10-03] (NVIDIA Corporation)
S3 HiPatchService; E:\HiResStudios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131184 2012-12-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169584 2012-12-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-05] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-10-03] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-10-03] (NVIDIA Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2099208 2015-10-26] (Electronic Arts)
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-11-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 ASCAntivirusSrv; no ImagePath
S2 wltrysvc; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-15] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-09-21] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-05] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30960 2015-08-06] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2015-08-06] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-08-06] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 BS3265342653; \??\C:\Users\David\AppData\Local\Temp\NTFS.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 19:41 - 2015-11-04 19:42 - 00014203 _____ C:\Users\David\Desktop\FRST.txt
2015-11-04 19:41 - 2015-11-04 19:42 - 00000000 ____D C:\FRST
2015-11-04 19:40 - 2015-11-04 19:40 - 02198016 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-11-04 19:37 - 2015-11-04 19:40 - 00001750 _____ C:\Windows\system32\DB3265342653
2015-11-04 19:26 - 2015-11-04 19:26 - 00021825 _____ C:\ComboFix.txt
2015-11-04 19:21 - 2015-11-04 19:21 - 00000798 _____ C:\Windows\PFRO.log
2015-11-04 19:10 - 2015-11-04 19:10 - 699636744 _____ C:\Windows\MEMORY.DMP
2015-11-04 19:08 - 2015-11-04 19:26 - 00000000 ____D C:\Qoobox
2015-11-04 19:08 - 2015-11-04 19:25 - 00000000 ____D C:\Windows\erdnt
2015-11-04 19:08 - 2015-11-04 19:08 - 05637361 ____R (Swearware) C:\Users\David\Downloads\ComboFix.exe
2015-11-04 19:08 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-04 19:08 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-04 19:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-04 19:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-04 19:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-04 19:08 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-04 19:08 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-04 19:08 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-04 19:00 - 2015-11-04 19:00 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\David\Downloads\rkill.exe
2015-11-04 17:40 - 2015-11-04 17:40 - 04069672 _____ (Bytelayer AB ) C:\Users\David\Downloads\TrojanHunterSetup.exe
2015-11-04 17:40 - 2015-11-04 17:40 - 00000000 ____D C:\ProgramData\TrojanHunter
2015-11-04 17:40 - 2015-11-04 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-11-04 17:34 - 2015-11-04 19:21 - 00000224 _____ C:\Windows\setupact.log
2015-11-04 17:34 - 2015-11-04 17:34 - 00000000 _____ C:\Windows\setuperr.log
2015-11-04 17:32 - 2015-11-04 17:32 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-11-04 17:32 - 2015-11-04 17:32 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-11-04 17:32 - 2015-11-04 17:32 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-11-04 17:32 - 2015-11-04 17:32 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-11-04 17:32 - 2015-11-04 17:32 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-11-04 17:32 - 2015-11-04 17:32 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-11-04 17:32 - 2015-11-04 17:32 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-11-04 17:32 - 2015-11-04 17:32 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-11-04 17:29 - 2015-11-04 17:29 - 43868160 _____ C:\Windows\system32\config\components.iobit
2015-11-04 17:01 - 2015-11-04 17:01 - 00863144 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\David\Downloads\rufus-2.5.exe
2015-11-04 16:46 - 2015-11-04 16:46 - 00028824 _____ C:\Users\David\Downloads\GWXWebWindows.exe
2015-11-04 15:35 - 2015-11-04 16:39 - 00002829 _____ C:\Windows\diagerr.xml
2015-11-04 15:35 - 2015-11-04 16:39 - 00001908 _____ C:\Windows\diagwrn.xml
2015-11-04 15:14 - 2015-11-04 15:14 - 00000000 _____ C:\Users\David\agent.log
2015-11-04 11:18 - 2015-11-04 11:18 - 04577440 _____ (Avira Operations GmbH & Co. KG) C:\Users\David\Downloads\avira_en_av_563a2f9fcc4b5__ws.exe
2015-11-04 11:11 - 2015-11-04 11:12 - 02924672 _____ (AVG Technologies) C:\Users\David\Downloads\AVG_Protection_Free_698.exe
2015-11-04 11:08 - 2015-11-04 14:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-04 11:07 - 2015-11-04 11:07 - 00000000 ____D C:\Users\David\AppData\Roaming\QuickScan
2015-11-04 11:05 - 2015-11-04 11:05 - 05091376 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup_online.exe
2015-11-04 09:57 - 2015-11-04 09:57 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-11-04 09:57 - 2015-11-04 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-11-04 09:57 - 2015-11-04 09:57 - 00000000 ____D C:\Program Files (x86)\MagicISO
2015-11-04 09:42 - 2015-11-04 17:52 - 00000000 ____D C:\Users\David\AppData\LocalLow\uTorrent
2015-11-04 09:35 - 2015-11-04 09:35 - 06392130 _____ C:\Users\David\Downloads\mbam-chameleon-3.1.28.0.zip
2015-11-04 09:00 - 2015-11-04 09:00 - 14057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 13120760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 12986528 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 09997848 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 06264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 05774640 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 05338936 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 05289952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 04613888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-11-04 09:00 - 2015-11-04 09:00 - 03951402 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-11-04 09:00 - 2015-11-04 09:00 - 03299832 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 03278416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 03154607 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2015-11-04 09:00 - 2015-11-04 09:00 - 02997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02958904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02893568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-11-04 09:00 - 2015-11-04 09:00 - 02823280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02605048 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02437144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02190992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02110600 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 02028672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01601952 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01395768 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01352000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01211840 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01186168 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01121864 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 01003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00998032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00961848 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00952984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00933640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00923744 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00888480 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00749000 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00716112 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00708320 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00596120 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00589072 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2015-11-04 09:00 - 2015-11-04 09:00 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00467168 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00448592 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00362056 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00357528 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00341160 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00340648 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00258504 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00224264 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00172584 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00118600 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00105312 _____ C:\Windows\system32\audioLibVc.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-11-04 09:00 - 2015-11-04 09:00 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-11-04 08:59 - 2015-11-04 08:59 - 00448512 _____ (OldTimer Tools) C:\Users\David\Downloads\TFC.exe
2015-11-04 08:51 - 2015-11-04 17:43 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2015-11-04 08:19 - 2015-11-04 08:19 - 22908888 _____ (Malwarebytes ) C:\Users\David\Downloads\aaarr.exe
2015-11-04 08:11 - 2015-11-04 08:11 - 00057560 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-04 07:43 - 2015-11-04 07:43 - 00000000 ____D C:\Users\David\AppData\Local\CEF
2015-11-04 07:00 - 2015-11-04 07:00 - 00000000 ____D C:\Users\David\AppData\Local\Google
2015-11-04 06:55 - 2015-11-04 06:55 - 53182464 _____ C:\Windows\system32\config\software.iobit
2015-11-04 06:55 - 2015-11-04 06:55 - 00217088 _____ C:\Windows\system32\config\default.iobit
2015-11-04 06:55 - 2015-11-04 06:55 - 00028672 _____ C:\Windows\system32\config\sam.iobit
2015-11-04 06:55 - 2015-11-04 06:55 - 00024576 _____ C:\Windows\system32\config\security.iobit
2015-11-04 06:53 - 2015-11-04 08:52 - 00000000 ____D C:\Users\David\AppData\Roaming\ProductData
2015-11-04 06:33 - 2015-11-04 06:48 - 00000000 ____D C:\ProgramData\Bacwom
2015-11-04 06:21 - 2015-11-04 06:21 - 00003184 _____ C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2015-11-04 06:20 - 2015-11-04 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-11-04 06:20 - 2015-11-04 06:20 - 00002872 _____ C:\Windows\System32\Tasks\ASC8_SkipUac_David
2015-11-04 03:54 - 2015-11-04 19:23 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 03:54 - 2015-11-04 18:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 03:54 - 2015-11-04 03:54 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-04 03:54 - 2015-11-04 03:54 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-04 03:54 - 2015-11-04 03:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-03 23:37 - 2015-11-03 23:37 - 00929872 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2015-11-03 18:21 - 2015-11-03 18:21 - 00000000 ____D C:\Users\David\Documents\Anno 2205
2015-11-01 11:12 - 2015-11-04 17:40 - 00000000 ____D C:\Program Files (x86)\TrojanHunter
2015-10-31 13:20 - 2015-10-31 13:20 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-31 12:31 - 2015-10-31 12:31 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-31 10:48 - 2015-11-03 17:25 - 03550700 _____ C:\Windows\system32\CFG3265342653
2015-10-31 10:39 - 2015-10-31 10:39 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-28 02:11 - 2015-10-28 02:11 - 00000000 ____D C:\Users\David\Documents\My Curse
2015-10-20 07:00 - 2015-10-20 07:07 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-10-19 04:07 - 2015-10-19 04:14 - 00000000 ____D C:\Users\David\AppData\Roaming\.technic
2015-10-19 04:02 - 2015-10-19 04:23 - 00000000 ____D C:\Users\David\AppData\Local\ftblauncher
2015-10-19 04:02 - 2015-10-19 04:03 - 00000000 ____D C:\Users\David\AppData\Roaming\ftblauncher
2015-10-19 03:45 - 2015-10-19 04:02 - 00000000 ____D C:\Users\David\.oracle_jre_usage
2015-10-19 03:45 - 2015-10-19 03:45 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-19 03:45 - 2015-10-19 03:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Sun
2015-10-19 03:45 - 2015-10-19 03:45 - 00000000 ____D C:\Users\David\AppData\LocalLow\Sun
2015-10-19 03:45 - 2015-10-19 03:45 - 00000000 ____D C:\ProgramData\Oracle
2015-10-19 03:45 - 2015-10-19 03:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-19 03:44 - 2015-10-19 03:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-10-19 03:44 - 2015-10-19 03:45 - 00000000 ____D C:\Program Files\Java
2015-10-19 03:43 - 2015-10-19 03:43 - 00000000 ____D C:\Users\David\AppData\LocalLow\Oracle
2015-10-15 14:54 - 2015-10-15 14:54 - 00000000 ____D C:\Users\David\AppData\Local\FalloutNV
2015-10-15 10:40 - 2015-10-15 10:40 - 00000000 ____D C:\Users\David\Documents\FOMM
2015-10-15 10:26 - 2015-10-15 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unofficial Fallout 3 Patch
2015-10-15 10:18 - 2015-10-15 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
2015-10-15 10:18 - 2015-10-15 10:18 - 00000000 ____D C:\Users\David\AppData\Local\FOMM
2015-10-15 09:04 - 2015-11-04 06:05 - 00003796 _____ C:\Windows\System32\Tasks\klcp_update
2015-10-15 09:04 - 2015-11-03 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-10-15 00:02 - 2015-10-15 00:02 - 00000000 ___HD C:\Users\David\AppData\Roaming\ACV
2015-10-08 11:43 - 2015-10-08 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-08 11:43 - 2015-10-02 21:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-10-08 11:39 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 15716648 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-08 11:39 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-10-08 11:39 - 2015-10-03 00:06 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-10-08 11:32 - 2015-10-08 11:47 - 00000000 ____D C:\Users\David\Documents\STAR WARS Battlefront Beta
2015-10-06 13:33 - 2015-10-06 13:33 - 00000000 ____D C:\Users\David\Documents\Remedy

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 19:37 - 2015-09-02 04:10 - 00000000 ____D C:\Users\David\AppData\Roaming\Curse Client
2015-11-04 19:29 - 2009-07-14 00:13 - 00776050 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 19:26 - 2015-07-13 15:20 - 01230396 _____ C:\Windows\WindowsUpdate.log
2015-11-04 19:26 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-11-04 19:23 - 2015-08-05 13:01 - 00002874 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (David)
2015-11-04 19:23 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-11-04 19:21 - 2015-07-13 13:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-04 19:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 19:20 - 2009-07-13 23:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-04 19:20 - 2009-07-13 23:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-04 19:18 - 2015-08-05 13:01 - 00000000 ____D C:\Users\David\Desktop\PC Care
2015-11-04 19:10 - 2015-07-13 16:57 - 00000000 ____D C:\Windows\Minidump
2015-11-04 19:00 - 2015-07-13 19:17 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify
2015-11-04 18:49 - 2015-08-07 18:06 - 00347464 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-11-04 18:49 - 2015-08-07 17:40 - 00347464 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-11-04 18:49 - 2015-08-07 17:40 - 00076152 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-11-04 18:02 - 2015-07-13 19:17 - 00000000 ____D C:\Users\David\AppData\Local\Spotify
2015-11-04 17:57 - 2015-07-13 17:45 - 00000000 ____D C:\Users\David\AppData\Roaming\uTorrent
2015-11-04 17:13 - 2015-07-13 13:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-04 17:12 - 2015-07-13 21:09 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_David
2015-11-04 17:01 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-04 17:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-11-04 16:38 - 2015-07-13 16:12 - 00000000 ____D C:\Windows\Panther
2015-11-04 16:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-04 15:14 - 2015-07-13 12:23 - 00000000 ____D C:\Users\David
2015-11-04 14:27 - 2015-08-06 22:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 10:04 - 2015-09-21 00:45 - 00000000 ____D C:\Users\David\AppData\Roaming\DAEMON Tools Pro
2015-11-04 09:03 - 2015-08-06 14:47 - 00000000 ____D C:\Windows\system32\DAX2
2015-11-04 09:02 - 2015-08-06 14:47 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-11-04 08:29 - 2009-07-13 22:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-04 08:21 - 2015-07-23 12:11 - 00772914 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-04 06:50 - 2015-07-20 21:15 - 00000000 ____D C:\Users\David\AppData\Local\Battle.net
2015-11-04 06:35 - 2015-07-18 22:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-04 06:27 - 2015-07-18 22:14 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-04 06:27 - 2015-07-18 22:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-04 06:27 - 2015-07-18 22:14 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-04 06:02 - 2015-09-13 17:36 - 00000000 ____D C:\Users\David\Desktop\Arcade
2015-11-04 06:02 - 2015-09-03 04:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2015-11-04 06:02 - 2015-08-22 15:37 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Shock 2
2015-11-04 05:49 - 2015-07-13 21:09 - 00000000 ____D C:\ProgramData\ProductData
2015-11-04 05:49 - 2015-07-13 21:08 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-04 05:47 - 2015-09-28 18:26 - 00000000 ____D C:\Users\David\AppData\Roaming\Ubisoft
2015-11-04 05:47 - 2015-07-13 13:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-04 05:47 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-04 05:44 - 2015-08-20 19:03 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-11-04 05:13 - 2015-08-07 17:40 - 00347464 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-11-04 03:54 - 2015-07-13 13:47 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-03 16:05 - 2015-08-22 15:17 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-11-03 16:05 - 2015-08-20 19:03 - 00000000 ____D C:\ProgramData\Origin
2015-11-03 16:05 - 2015-07-20 21:15 - 00000000 ____D C:\Users\David\AppData\Roaming\Battle.net
2015-11-03 16:05 - 2015-07-13 21:09 - 00000000 ____D C:\Users\David\AppData\LocalLow\IObit
2015-11-03 16:05 - 2015-07-13 21:08 - 00000000 ____D C:\Users\David\AppData\Roaming\IObit
2015-11-03 16:05 - 2015-07-13 21:08 - 00000000 ____D C:\ProgramData\IObit
2015-11-03 16:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-11-03 16:02 - 2015-07-15 15:06 - 00000000 ____D C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2015-11-03 15:47 - 2015-08-05 20:52 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2015-11-03 06:40 - 2015-07-13 17:01 - 00000000 ____D C:\Users\David\AppData\Local\Steam
2015-11-01 14:43 - 2011-04-12 03:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-24 06:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-20 07:02 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-19 04:43 - 2015-08-19 16:49 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft
2015-10-15 15:11 - 2015-07-15 15:56 - 00000000 ____D C:\Users\David\AppData\Local\Nexus
2015-10-15 14:59 - 2015-07-15 16:21 - 00000000 ____D C:\Users\David\AppData\Local\LOOT
2015-10-15 14:54 - 2015-07-15 15:17 - 00000000 ____D C:\Users\David\Documents\My Games
2015-10-14 16:30 - 2009-07-14 00:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-14 11:25 - 2015-08-06 08:48 - 00000000 ____D C:\Users\David\AppData\Local\Fallout3
2015-10-09 00:16 - 2015-07-22 12:28 - 00000000 ____D C:\Users\David\Desktop\HLDJ
2015-10-08 11:44 - 2015-07-13 13:52 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-08 11:44 - 2015-07-13 13:52 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-08 11:43 - 2015-07-13 13:53 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA Corporation
2015-10-08 11:43 - 2015-07-13 13:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-08 05:54 - 2015-08-20 19:04 - 00000000 ____D C:\Users\David\AppData\Roaming\Origin
2015-10-07 09:11 - 2015-07-16 20:52 - 00000000 ____D C:\Users\David\AppData\Roaming\TS3Client
2015-10-07 00:02 - 2015-09-10 06:32 - 00000000 ____D C:\Users\David\Documents\The Witcher 3

==================== Files in the root of some directories =======

2015-08-11 16:06 - 2015-08-11 16:06 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu
2015-08-06 14:47 - 2015-08-06 14:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 05:08

==================== End of FRST.txt ============================

 

 

now for addition.txt ---

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by David (2015-11-04 19:42:44)
Running from C:\Users\David\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-07-13 17:23:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3739055898-2858865413-359055978-500 - Administrator - Disabled)
David (S-1-5-21-3739055898-2858865413-359055978-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3739055898-2858865413-359055978-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3739055898-2858865413-359055978-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{E94EFAB6-653F-4837-9E8A-F6377CA1EC0D}) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Alice: Madness Returns (HKLM-x32\...\Alice: Madness Returns_is1) (Version:  - )
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Assassin's Creed 4.Black Flag.Deluxe Edition.v 1.01 (HKLM-x32\...\Assassin's Creed 4.Black Flag.Deluxe Edition.v 1.01_is1) (Version: Assassin's Creed 4.Black Flag.Deluxe Edition.v 1.01 - RiP by Fenixx (15.11.2013))
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Black Mesa (HKLM-x32\...\{649490AB-0B04-49E2-A1F3-189F47B12A18}_is1) (Version: 1.0.0.0 - Crowbar Collective)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
Distance (HKLM-x32\...\Steam App 233610) (Version:  - Refract)
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GoldWave v6.13 (HKLM\...\GoldWave v6.13) (Version: 6.13 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Hatred (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1287 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.5.69 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version:  - Tripwire Interactive)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.68.201.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.8.3.304115 - Linden Research, Inc.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Shock 2 (HKLM-x32\...\GOGPACKSSHOCK2_is1) (Version: 2.0.0.9 - GOG.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
TrojanHunter 6.0 (HKLM-x32\...\TrojanHunter_is1) (Version: 6.0 - Bytelayer AB)
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Universe Sandbox ² (HKLM-x32\...\Steam App 230290) (Version:  - Giant Army)
Updated Unofficial Fallout 3 Patch v1.9.3 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.9.3 - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{F8A47958-47CC-4B57-AE7D-7DDC0A86BEF5}) (Version: 1.3.1311.1201 - SplitMediaLabs)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-11-2015 08:22:14 Windows Modules Installer
04-11-2015 09:00:12 Driver Booster : ASMedia XHCI 1.0 Controller
04-11-2015 09:09:41 Windows Modules Installer
04-11-2015 09:11:44 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-04 19:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F06D6B7-E93B-4A61-A808-B30BD95EC5EC} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {17FBEC78-C405-40F0-AA14-61C33B426AC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-04] (Google Inc.)
Task: {2A975A02-4FCE-48E2-B220-51DAC0CA0CAD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
Task: {36F49AA5-9BDA-4F39-AB17-D1897C939763} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {45E33CB3-3835-4365-A894-CAA784D08CBE} - System32\Tasks\{EB581F9B-A23F-41BF-AC86-0501479993C3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.10.0.101/en/abandoninstall?page=tsProgressBar
Task: {7FE9F337-1547-47FE-A05E-21AB16867084} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-04-27] (IObit)
Task: {9CD6834D-4D45-472E-849F-F26B19DCCA78} - System32\Tasks\Driver Booster SkipUAC (David) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-04-27] (IObit)
Task: {A140BC6B-AD70-41E2-B281-33F3891E5236} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\AutoUpdate.exe [2015-07-13] ()
Task: {A1F6C852-9248-4B27-A8F2-E1A3A2CBE928} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-04-07] (IObit)
Task: {BD8E6D05-B098-4BB2-94E8-451C9A1E0C1B} - System32\Tasks\ASC8_SkipUac_David => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {C40FB477-65C9-41B7-99D5-2EC411EB89E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-04] (Google Inc.)
Task: {D7530524-C2FF-492C-8BE3-97B8C50EB5D2} - System32\Tasks\Uninstaller_SkipUac_David => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {E98AC317-ADE2-453C-B066-03F464404925} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-04] (Adobe Systems Incorporated)
Task: {EC869444-77DF-4B23-B3FD-38C5FD30355A} - System32\Tasks\ASCU8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\Monitor.exe
Task: {F4EBB379-6EA7-4720-ABFD-1DF7BBE30D74} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-13 13:52 - 2015-10-02 21:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-13 21:09 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-07-13 21:09 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-07-13 21:09 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-07-13 13:19 - 2012-12-19 12:37 - 01199728 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-09-21 00:43 - 2015-09-21 00:43 - 00107520 ____R () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2015-11-04 06:27 - 2015-11-04 06:27 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
2015-07-13 17:01 - 2015-10-05 11:18 - 00778752 _____ () E:\Steam\SDL2.dll
2015-07-13 17:01 - 2015-07-03 11:12 - 04962816 _____ () E:\Steam\v8.dll
2015-07-13 17:01 - 2015-07-03 11:12 - 01556992 _____ () E:\Steam\icui18n.dll
2015-07-13 17:01 - 2015-07-03 11:12 - 01187840 _____ () E:\Steam\icuuc.dll
2015-07-13 17:01 - 2015-10-14 15:56 - 02423376 _____ () E:\Steam\video.dll
2015-07-13 17:01 - 2015-09-23 19:33 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-07-13 17:01 - 2015-09-23 19:33 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-07-13 17:01 - 2015-09-23 19:33 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-07-13 17:01 - 2015-09-23 19:33 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-07-13 17:01 - 2015-09-23 19:33 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-07-13 17:01 - 2015-10-14 15:56 - 00705104 _____ () E:\Steam\bin\chromehtml.DLL
2015-07-22 23:22 - 2015-10-09 13:13 - 00193024 _____ () E:\Steam\bin\openvr_api.dll
2015-07-13 17:01 - 2015-10-08 17:20 - 45010208 _____ () E:\Steam\bin\libcef.dll
2015-08-11 10:21 - 2015-08-11 10:21 - 00393608 _____ () C:\Users\David\AppData\Roaming\Curse Client\Bin\opus.dll
2015-08-11 10:21 - 2015-08-11 10:21 - 00443272 _____ () C:\Users\David\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4789 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3739055898-2858865413-359055978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0CC8C149-D585-4294-BE51-95D2FFA91558}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4855878D-0903-4E43-9973-C9C43DFDD5EA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{86FC0E0E-12A4-4D28-93B1-0B5ACC9BB5F6}C:\users\david\appdata\local\temp\i1436823872\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\david\appdata\local\temp\i1436823872\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{53EC48E0-3BEA-479D-A025-3CD51E1B6B1C}C:\users\david\appdata\local\temp\i1436823872\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\david\appdata\local\temp\i1436823872\windows\resource\jre\bin\javaw.exe
FirewallRules: [{B4A9C994-D9B2-47C4-9B43-E188960E9679}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{87F3D1DF-0B5E-4D8A-9351-3BF3005AA1D2}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{68F459E4-26FC-4A44-A676-58D4FE301352}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{125F2DA0-090C-497E-9F27-F57421EB87D8}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{2B496AFB-072D-4F5F-A576-65EB71B43335}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC39514D-F743-4E0C-A7E0-32BA88E8D97B}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E995309-235F-4BD2-A3C0-118F14803D1A}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13E0E1EE-7DDE-4706-B959-C5B73E1B64D4}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{34C2F509-B47A-4F57-9DCF-F022BD02B0A7}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7468497-D5B6-4428-BEF0-3C235C904F6C}] => (Allow) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5B71CD6C-89A7-431D-8278-CBB57F2A911C}E:\quake iii\quake3\quake3.exe] => (Allow) E:\quake iii\quake3\quake3.exe
FirewallRules: [UDP Query User{46439E6D-1F6B-42A6-B128-F8C72D77718E}E:\quake iii\quake3\quake3.exe] => (Allow) E:\quake iii\quake3\quake3.exe
FirewallRules: [TCP Query User{EA1859D1-5BE3-4DD9-B06E-EA1274B8CFCC}E:\quake iii\quake3.exe] => (Allow) E:\quake iii\quake3.exe
FirewallRules: [UDP Query User{9B2977AD-3838-45F7-B27D-9F0D9C5A8989}E:\quake iii\quake3.exe] => (Allow) E:\quake iii\quake3.exe
FirewallRules: [TCP Query User{58C31E57-51EE-463F-8BE8-8DA000EEB1F9}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E79446F2-CC87-4006-83AD-DF2209976785}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E4F739E7-9140-4F0E-9010-9AA5BF344ECC}] => (Allow) E:\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{5A366700-FB89-4732-94AE-076CC9D29BFA}] => (Allow) E:\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{1332B5B4-D7C1-47F7-B556-DF7DD5367776}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{8947EB64-D95C-4EBB-9DB9-7CDF5F2D6572}] => (Allow) E:\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{D8E53104-BD01-485F-9B8E-E14D490FE45E}] => (Allow) E:\Battle.net\Battle.net.exe
FirewallRules: [{8C9CAD95-F899-47CF-A69E-5C0745E56896}] => (Allow) E:\Battle.net\Battle.net.exe
FirewallRules: [{90718454-FB64-43D6-B2B7-7DB384AB8525}] => (Allow) E:\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{64A23141-7EF5-4F35-BAAE-F2EE47CF3EF1}] => (Allow) E:\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{DB6965D2-48E9-4CD2-8013-F5CAFA3A75B8}] => (Allow) E:\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{3BCC57CD-5567-4614-AE00-FB9AE8E91B26}] => (Allow) E:\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{5EB489A7-47E4-4EE2-803F-3F97C8772CCB}] => (Allow) E:\Steam\steamapps\common\Contagion\contagionds.exe
FirewallRules: [{3ADBE78F-F420-4E82-B722-BE8BBB99FC7E}] => (Allow) E:\Steam\steamapps\common\Contagion\contagionds.exe
FirewallRules: [{B90100CD-0AF3-4E08-8BEC-6068707EDE10}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{456E4734-5E9E-4CBE-9ADB-B6B73FFF3BA6}] => (Allow) E:\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{FB53FB84-D8D3-43C1-AC26-34E4A1B095CA}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{487BE1BD-5480-4146-AF13-7EEA2BF0D4EA}] => (Allow) E:\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{8EA895E6-E588-42AF-A16F-B5232B7E7778}E:\hiresstudios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hiresstudios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{9378A692-59FB-4A7C-968D-80722D23AC40}E:\hiresstudios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\hiresstudios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{AAB4DB10-094F-4B46-9E84-60603980546A}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{84DDA53F-8E0A-4EEF-8AE5-616C2FF4D0D6}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{E33EF818-A7C5-405A-8454-9F8BB26B032A}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{D1B1B163-0CDA-4A38-8985-51220BC6F4F0}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A0F91B6F-7C21-46FF-A2E4-073B21020725}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0BEA5FC-CAA1-4946-8C25-57CF328B3EE1}] => (Allow) E:\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{A445D908-9E14-4183-9B68-2BC972DC5251}] => (Allow) E:\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{2A680FD0-9C19-4C25-A3A5-6473EB53FE5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE5DCD1D-EABB-4D76-82AC-DC29E550535F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{218B122E-296F-40F9-92A3-A84B9D2002BC}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{59D07696-E752-4DA3-872F-1B31B2FAEF57}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D848191E-A2D8-4401-9016-893FDB0D6E2A}] => (Allow) E:\Hearthstone\Hearthstone.exe
FirewallRules: [{B79851A1-3977-406B-82F6-83C3E32BE20E}] => (Allow) E:\Hearthstone\Hearthstone.exe
FirewallRules: [{85B67086-E104-4F26-B4CC-66646822067E}] => (Allow) E:\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [{E37C5AD2-3C53-482F-BAB5-FBB7211F0665}] => (Allow) E:\Steam\steamapps\common\APB Reloaded\Launcher\APBLauncher.exe
FirewallRules: [TCP Query User{6C0A792D-441D-415D-8893-61BC4177E408}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5E0E3210-8888-4168-9566-77ADB8526847}E:\diablo iii\diablo iii.exe] => (Allow) E:\diablo iii\diablo iii.exe
FirewallRules: [{0D6E7438-7995-4217-9124-D28BEF1516B0}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{161D5CD9-F936-4600-B84D-DD7E439503ED}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [TCP Query User{0C52905F-3996-4AA8-B6F9-F31A5261A939}E:\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) E:\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [UDP Query User{E9242D6D-B2A0-464D-A020-68A12F852499}E:\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe] => (Block) E:\alice madness returns\alice2\binaries\win32\alicemadnessreturns.exe
FirewallRules: [TCP Query User{7F92C92E-5FF6-42A1-98DD-D753A293BF22}E:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D87480A5-D035-49D8-A01C-AD7B43E49864}E:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{32EB35D6-1692-4ED8-B149-350A613DAC17}C:\users\david\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_enus.exe
FirewallRules: [UDP Query User{4EE57E97-35FB-4335-8552-68BB505CC84E}C:\users\david\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_enus.exe
FirewallRules: [TCP Query User{289E1FD8-73AB-43F6-B1F9-42D9471C304D}C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [UDP Query User{28607437-7F60-466F-81D5-91366A330870}C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\david\downloads\downloader_diablo2_lord_of_destruction_enus.exe
FirewallRules: [{6F8AD82E-B244-4E8B-9011-46E94D23D134}] => (Allow) E:\Steam\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{1E8DE18C-E1F3-4BCA-A92C-9ECB88787A4F}] => (Allow) E:\Steam\steamapps\common\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{5C15413D-50E7-4DAE-B756-B5F625765C45}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{38267F93-B235-4B10-8E1D-C72A4C09A47C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D4807ED8-E8D9-455A-BE93-C243FDA77243}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{47B65EA0-9BC6-4247-BD51-1953DF091478}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8502877A-BB4D-4D4C-BC6E-6A8C94C3D17A}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A7036982-F842-441D-81D8-3D8C5A1026C6}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{5144F1AF-99AE-40B2-A3BF-1DBFD39B8361}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{6A6FD48C-5BE2-4634-A9AF-FD6BD8106232}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{B73C0D20-FC70-41BB-818F-69A58BDD4C7D}E:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6363D4BB-94CE-4D44-832D-B33CF43402EE}E:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{45E74BCA-107E-4979-85A8-02963E20008D}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E60EEC4E-B5EB-4F84-8B4A-F670CEA99306}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{38A84EBE-18EF-4277-8CF1-DFF71893F6BD}C:\gog games\system shock 2\shock2.exe] => (Allow) C:\gog games\system shock 2\shock2.exe
FirewallRules: [UDP Query User{B7438F87-E438-48C1-BAA4-9F0CA829B640}C:\gog games\system shock 2\shock2.exe] => (Allow) C:\gog games\system shock 2\shock2.exe
FirewallRules: [TCP Query User{3907E1BE-0FE1-4145-BF85-28D4EABD9DEF}C:\users\david\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\david\appdata\local\temp\ss2tool\rsync.exe
FirewallRules: [UDP Query User{17730FC9-829F-40D0-94D7-311CE17C4AFD}C:\users\david\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\david\appdata\local\temp\ss2tool\rsync.exe
FirewallRules: [{07EA3E2F-8C90-44E1-AF5C-5CDB5C7A7163}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{C8F9C739-FCB0-4039-BC09-324A42A6829C}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{E0B5FEC2-89CA-4E7C-8759-E3FD8B399549}E:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{71FEB517-6531-4E94-A666-7BF78D1FB92B}E:\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{A69D4379-BBEA-4C49-BB9C-A77335D61A3D}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{C56E6D4D-53D5-4847-AB52-A91BE1973D7D}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{5E98A73D-A4FD-48EF-A7E7-7F206A7923D5}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{43A5CFE6-1F1E-4D50-91F2-580E3DEB8478}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{DBAFE671-103A-4AFC-B4F7-EFB31480639C}] => (Allow) E:\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{D4CC3ED7-CF9E-4079-9CF5-51605A2F5275}] => (Allow) E:\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{DE08F112-D1F5-4C62-BD73-E4CFD0587D5F}] => (Allow) E:\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{620A733A-C6A5-4FF9-B111-BD462DDB3B02}] => (Allow) E:\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{C200442A-1978-4ECB-BC04-38054B1E9103}] => (Allow) E:\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{ADB84390-A4AF-411C-ACE3-AFBC9DB24E32}] => (Allow) E:\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{4C2C85E4-102C-4013-A4DA-E52C7639DDE3}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{3D007526-14EC-42B2-9692-F6FDE90CCEC0}] => (Allow) E:\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{EC9FF0D2-4A8E-4107-95FD-C58B01D7E9D3}] => (Allow) E:\Steam\steamapps\common\Distance\Distance.exe
FirewallRules: [{2AA18FB2-C68B-469C-86D5-9B1A18392E12}] => (Allow) E:\Steam\steamapps\common\Distance\Distance.exe
FirewallRules: [TCP Query User{BBB7E462-F45E-48AF-84FC-95219F83DEF9}E:\2ndwife\secondlifeviewer\slvoice.exe] => (Allow) E:\2ndwife\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{F06E0793-B78F-4C11-A9B0-DFA3F29499E6}E:\2ndwife\secondlifeviewer\slvoice.exe] => (Allow) E:\2ndwife\secondlifeviewer\slvoice.exe
FirewallRules: [{21D1F07B-A543-4F76-837D-F8B9790601D9}] => (Allow) E:\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{8A29898A-6A46-4DE4-89F5-B26ECB85D80E}] => (Allow) E:\Steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{7FB01480-862D-47EC-953D-816C10524F8D}] => (Allow) E:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{111D4675-F3AB-4254-A6A5-E21C666E85F9}] => (Allow) E:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [TCP Query User{D6C1692F-D248-4CB2-9EE8-3849E29304BE}E:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) E:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{8FFC5294-01FD-42D0-ADD5-034CE11707BA}E:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) E:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{7F7B69A9-0C1C-4F1A-814A-1CEFABDA90F9}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{1006E7B3-993A-49B2-8F9F-87B9B276501B}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [TCP Query User{B143FC68-DB20-4AD6-A787-7DA944CE5D8E}E:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{60FC700E-14CD-4F5D-9CDA-98582C4D4576}E:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [{DD2B8F50-3E6C-40A3-A1BB-60A4F548FD13}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B92C1ACF-F024-4E6D-8F57-C83C8066E8EC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{00B356C2-F19D-48EC-8DB8-B1AA55C31C8D}] => (Allow) E:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe
FirewallRules: [{C3314C7D-2F59-47AD-B51C-D96402A65CC7}] => (Allow) E:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe
FirewallRules: [{D4E4538C-FA9D-40E2-A5F6-31BFA74A6346}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{AFACC911-8BEB-4EF9-A4C1-8EDF38A4AE82}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{13E0133A-0139-450C-8D43-46D13CF33C0C}] => (Allow) E:\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{8B50A8A8-AE24-4A37-A996-C9B1A33B2B01}] => (Allow) E:\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{5168EB52-5615-4389-8BAD-C3F11D15ECB9}] => (Allow) E:\Steam\steamapps\common\Alan Wake\AlanWake.exe
FirewallRules: [{319B0113-6C8F-4902-B994-D67B459262EB}] => (Allow) E:\Steam\steamapps\common\Alan Wake\AlanWake.exe
FirewallRules: [{A057FF34-3625-43F5-A40E-9DFA8C06D300}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{28FD8471-082F-4959-84E9-4BDBDEE34012}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8C80F666-DA55-4E0B-AFBD-93073F5FDA65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D360F261-0958-4C63-848F-337B9411DC4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4168E076-4768-4632-8C44-8363C7E74B72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3F6EF541-71FC-4E29-8568-5D5D9136A605}] => (Allow) E:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{4B9B071B-07CD-4D95-B65D-5A6131D3E0A3}] => (Allow) E:\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{181C4B3F-1443-4F5D-BF46-797FD034CABC}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{1312D55B-FCDE-437C-9128-9A4D5D711BBC}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{CF5CB656-3E6A-4AED-A0C4-BC6FC6E7D1D9}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [UDP Query User{2E3C57A5-8DAE-4C25-9628-1F8CDDE13D4A}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{14BF333E-A87B-496E-9266-E6BCF6B55329}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{11EEFEC8-CE4E-4062-9D33-AF2930C28C82}] => (Allow) E:\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{8A026A8D-CDE6-464E-A88A-C1A6558492B1}] => (Allow) E:\Steam\steamapps\common\APB Reloaded\Binaries\APB.exe
FirewallRules: [{D4C00D98-6A18-40D0-9A43-4194E9858F27}] => (Allow) E:\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe
FirewallRules: [{2CDED8D8-F247-4B0E-B083-78343FF911DA}] => (Allow) E:\Steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 802.11bgn 1T1R Wireless Adapter
Description: 802.11bgn 1T1R Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28ux
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2015 07:23:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 07:13:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 05:39:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x89c
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (11/04/2015 05:35:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 05:31:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x8007043c).

Error: (11/04/2015 05:20:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2015 05:15:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 46.0.2490.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1720

Start Time: 01d1174e3bbdd09f

Termination Time: 37

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 85c0feb1-8341-11e5-a5aa-dc85de438fee

Error: (11/04/2015 05:14:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 46.0.2490.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1158

Start Time: 01d1174e094d00cd

Termination Time: 4

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 6e948ce6-8341-11e5-a5aa-dc85de438fee

Error: (11/04/2015 05:12:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 46.0.2490.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16c8

Start Time: 01d1174d3070cf9d

Termination Time: 7

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 1345a240-8341-11e5-a5aa-dc85de438fee

Error: (11/04/2015 03:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0xc54
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3


System errors:
=============
Error: (11/04/2015 07:21:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Broadcom Wireless LAN Tray Service service failed to start due to the following error:
%%3

Error: (11/04/2015 07:21:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AdvancedSystemCareAntivirus service failed to start due to the following error:
%%3

Error: (11/04/2015 07:20:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/04/2015 07:20:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/04/2015 07:19:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/04/2015 07:10:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Broadcom Wireless LAN Tray Service service failed to start due to the following error:
%%3

Error: (11/04/2015 07:10:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AdvancedSystemCareAntivirus service failed to start due to the following error:
%%3

Error: (11/04/2015 07:10:42 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff8a011d0e000, 0x0000000000000000, 0xfffff8000352fcca, 0x0000000000000000)C:\Windows\MEMORY.DMP

Error: (11/04/2015 07:10:42 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description:

Error: (11/04/2015 07:10:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:09:00 PM on ‎11/‎4/‎2015 was unexpected.


CodeIntegrity:
===================================
  Date: 2015-11-04 19:20:21.209
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-04 19:20:21.209
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 31%
Total physical RAM: 8130.38 MB
Available physical RAM: 5545.12 MB
Total Virtual: 16260.77 MB
Available Virtual: 13645.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:58.83 GB) NTFS
Drive e: (WD10EZEX) (Fixed) (Total:931.41 GB) (Free:376.52 GB) NTFS
Drive f: (J_CCSA_X64F) (Removable) (Total:7.43 GB) (Free:6.38 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 251D87A4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 251D87B8)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by ayydjango, 07 November 2015 - 07:04 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see you have run combofix, could you post that log please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\Run: [{F6FB2203-8001-47B9-BA15-DB5FBDAE3675}] => regsvr32.exe "C:\ProgramData\Bacwom\TucrAdcu.dll"
S2 ASCAntivirusSrv; no ImagePath
S3 BS3265342653; \??\C:\Users\David\AppData\Local\Temp\NTFS.sys [X]
2015-11-04 19:37 - 2015-11-04 19:40 - 00001750 _____ C:\Windows\system32\DB3265342653
2015-10-31 13:20 - 2015-10-31 13:20 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-31 10:48 - 2015-11-03 17:25 - 03550700 _____ C:\Windows\system32\CFG3265342653
2015-10-31 10:39 - 2015-10-31 10:39 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\ProgramData\Bacwom
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
ayydjango

ayydjango

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Appreciate the quick responses, by this point chrome fails to even start now so I just uninstalled it completely. Here are the results,

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by David (2015-11-06 05:14:01) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\...\Run: [{F6FB2203-8001-47B9-BA15-DB5FBDAE3675}] => regsvr32.exe "C:\ProgramData\Bacwom\TucrAdcu.dll"
S2 ASCAntivirusSrv; no ImagePath
S3 BS3265342653; \??\C:\Users\David\AppData\Local\Temp\NTFS.sys [X]
2015-11-04 19:37 - 2015-11-04 19:40 - 00001750 _____ C:\Windows\system32\DB3265342653
2015-10-31 13:20 - 2015-10-31 13:20 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-10-31 10:48 - 2015-11-03 17:25 - 03550700 _____ C:\Windows\system32\CFG3265342653
2015-10-31 10:39 - 2015-10-31 10:39 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\ProgramData\Bacwom
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{F6FB2203-8001-47B9-BA15-DB5FBDAE3675} => value removed successfully
ASCAntivirusSrv => service removed successfully
BS3265342653 => service removed successfully
C:\Windows\system32\DB3265342653 => moved successfully
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} => moved successfully
C:\Windows\system32\CFG3265342653 => moved successfully
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => moved successfully
C:\ProgramData\Bacwom => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3739055898-2858865413-359055978-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3739055898-2858865413-359055978-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 66.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 05:14:33 ====


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you post the log at c:\combofix.txt please as I need to see what it removed and what else it located

 

Also could I have a fresh FRST scan please


  • 0

#5
ayydjango

ayydjango

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

With pleasure,

ComboFix 15-11-05.01 - David 11/06/2015  11:41:31.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8130.6169 [GMT -5:00]
Running from: c:\users\David\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-06 to 2015-11-06  )))))))))))))))))))))))))))))))
.
.
2015-11-06 16:46 . 2015-11-06 16:46	--------	d-----w-	c:\users\HomeGroupUser$\AppData\Local\temp
2015-11-06 16:46 . 2015-11-06 16:46	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2015-11-06 16:46 . 2015-11-06 16:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-11-06 16:46 . 2015-11-06 16:46	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-11-06 10:26 . 2015-11-06 10:26	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD2EFF34-5B6E-4CDB-9543-964BC0533F1E}\offreg.2280.dll
2015-11-06 10:14 . 2015-11-06 10:22	--------	d-----w-	c:\programdata\Bacwom
2015-11-05 16:57 . 2015-11-05 16:57	--------	d-----w-	c:\users\David\AppData\Local\Blizzard Entertainment
2015-11-05 00:41 . 2015-11-06 10:16	--------	d-----w-	C:\FRST
2015-11-04 23:16 . 2015-11-04 23:16	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD2EFF34-5B6E-4CDB-9543-964BC0533F1E}\offreg.2720.dll
2015-11-04 22:40 . 2015-11-04 22:40	--------	d-----w-	c:\programdata\TrojanHunter
2015-11-04 22:32 . 2015-11-04 22:32	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2015-11-04 22:32 . 2015-11-04 22:32	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2015-11-04 22:32 . 2015-11-04 22:32	8856	----a-w-	c:\windows\system32\icardres.dll
2015-11-04 22:32 . 2015-11-04 22:32	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2015-11-04 22:32 . 2015-11-04 22:32	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2015-11-04 22:32 . 2015-11-04 22:32	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2015-11-04 22:32 . 2015-11-04 22:32	171160	----a-w-	c:\windows\system32\infocardapi.dll
2015-11-04 22:32 . 2015-11-04 22:32	1389208	----a-w-	c:\windows\system32\icardagt.exe
2015-11-04 16:07 . 2015-11-04 16:07	--------	d-----w-	c:\users\David\AppData\Roaming\QuickScan
2015-11-04 14:57 . 2015-11-04 14:57	--------	d-----w-	c:\program files (x86)\MagicISO
2015-11-04 13:51 . 2015-11-04 22:43	--------	d-----w-	c:\users\David\AppData\Local\VirtualStore
2015-11-04 12:43 . 2015-11-04 12:43	--------	d-----w-	c:\users\David\AppData\Local\CEF
2015-11-04 12:00 . 2015-11-04 12:00	--------	d-----w-	c:\users\David\AppData\Local\Google
2015-11-04 11:53 . 2015-11-04 13:52	--------	d-----w-	c:\users\David\AppData\Roaming\ProductData
2015-11-03 23:21 . 2015-11-03 23:21	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD2EFF34-5B6E-4CDB-9543-964BC0533F1E}\offreg.6024.dll
2015-11-01 16:12 . 2015-11-04 22:40	--------	d-----w-	c:\program files (x86)\TrojanHunter
2015-10-31 17:31 . 2015-10-31 17:31	--------	d-----w-	c:\windows\system32\appmgmt
2015-10-31 15:42 . 2015-10-31 15:42	--------	d-----w-	c:\program files\Common Files\Microsoft
2015-10-27 09:44 . 2015-10-13 09:47	11140960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD2EFF34-5B6E-4CDB-9543-964BC0533F1E}\mpengine.dll
2015-10-20 12:00 . 2015-10-20 12:07	--------	d-----w-	c:\programdata\BlueStacksSetup
2015-10-19 09:07 . 2015-10-19 09:14	--------	d-----w-	c:\users\David\AppData\Roaming\.technic
2015-10-19 09:02 . 2015-10-19 09:23	--------	d-----w-	c:\users\David\AppData\Local\ftblauncher
2015-10-19 09:02 . 2015-10-19 09:03	--------	d-----w-	c:\users\David\AppData\Roaming\ftblauncher
2015-10-19 08:46 . 2015-10-19 08:46	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-10-19 08:45 . 2015-10-19 09:02	--------	d-----w-	c:\users\David\.oracle_jre_usage
2015-10-19 08:45 . 2015-10-19 08:45	110688	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-10-19 08:45 . 2015-10-19 08:45	--------	d-----w-	c:\programdata\Oracle
2015-10-19 08:44 . 2015-10-19 08:45	--------	d-----w-	c:\program files\Java
2015-10-15 19:54 . 2015-10-15 19:54	--------	d-----w-	c:\users\David\AppData\Local\FalloutNV
2015-10-15 15:18 . 2015-10-15 15:18	--------	d-----w-	c:\users\David\AppData\Local\FOMM
2015-10-15 05:02 . 2015-10-15 05:02	--------	d--h--w-	c:\users\David\AppData\Roaming\ACV
2015-10-08 16:43 . 2015-10-03 02:18	102520	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2015-10-08 16:27 . 2015-10-08 16:27	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-06 10:36 . 2015-08-07 23:06	347464	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2015-11-06 10:36 . 2015-08-07 22:40	347464	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-11-06 10:36 . 2015-08-07 22:40	76152	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2015-11-06 06:04 . 2015-08-07 22:40	347464	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-11-04 11:27 . 2015-07-19 03:14	780488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-04 11:27 . 2015-07-19 03:14	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-03 05:06 . 2015-07-13 18:53	1756424	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-10-03 05:06 . 2015-07-13 18:53	1710568	----a-w-	c:\windows\system32\nvspcap64.dll
2015-10-03 05:06 . 2015-07-13 18:53	1423120	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-10-03 05:06 . 2015-07-13 18:53	1316000	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-10-03 05:06 . 2015-07-13 18:52	112944	----a-w-	c:\windows\system32\OpenCL.dll
2015-10-03 05:06 . 2015-07-13 18:52	105080	----a-w-	c:\windows\SysWow64\OpenCL.dll
2015-10-03 05:06 . 2015-07-13 18:49	72504	----a-w-	c:\windows\system32\nvaudcap64v.dll
2015-10-03 05:06 . 2015-07-13 18:49	3573832	----a-w-	c:\windows\system32\nvapi64.dll
2015-10-03 05:06 . 2015-07-13 18:49	3154104	----a-w-	c:\windows\SysWow64\nvapi.dll
2015-10-03 05:06 . 2015-07-13 18:49	17395512	----a-w-	c:\windows\system32\nvwgf2umx.dll
2015-10-03 05:06 . 2015-07-13 18:49	12769408	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2015-10-03 02:49 . 2015-07-13 18:52	6358648	----a-w-	c:\windows\system32\nvcpl.dll
2015-10-03 02:49 . 2015-07-13 18:52	2982520	----a-w-	c:\windows\system32\nvsvc64.dll
2015-10-03 02:49 . 2015-08-05 18:10	2554488	----a-w-	c:\windows\system32\nvsvcr.dll
2015-10-03 02:49 . 2015-07-13 18:52	938800	----a-w-	c:\windows\system32\nvvsvc.exe
2015-10-03 02:49 . 2015-07-13 18:52	62768	----a-w-	c:\windows\system32\nvshext.dll
2015-10-03 02:49 . 2015-07-13 18:52	385328	----a-w-	c:\windows\system32\nvmctray.dll
2015-10-01 09:33 . 2015-07-13 18:52	5284082	----a-w-	c:\windows\system32\nvcoproc.bin
2015-09-21 05:52 . 2015-09-21 05:45	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2015-09-16 08:50 . 2015-09-17 00:11	236832	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
2015-08-22 20:17 . 2015-08-22 20:17	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2015-08-22 20:17 . 2015-08-22 20:17	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2015-08-22 20:17 . 2015-08-22 20:17	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2015-08-22 20:17 . 2015-08-22 20:17	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2015-08-18 18:12 . 2015-08-18 18:12	2434856	----a-w-	c:\windows\SysWow64\pbsvc_bc2.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728]
"Spotify Web Helper"="c:\users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-10-17 2030912]
"{F6FB2203-8001-47B9-BA15-DB5FBDAE3675}"="c:\programdata\Bacwom\TucrAdcu.dll" [2015-11-06 462848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-03-23 296216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"THGuard"="c:\program files (x86)\TrojanHunter\THGuard.exe" [2015-06-18 1082832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;e:\hiresstudios\HiPatchService.exe;e:\hiresstudios\HiPatchService.exe [x]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 netr7364;Conceptronic RT73 Wireles Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R3 Origin Client Service;Origin Client Service;e:\origin\OriginClientService.exe;e:\origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-19 11:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-11-04 10:49	2471744	----a-w-	c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-03 1710568]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-11-04 16407296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 71.10.216.1 71.10.216.2
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ge7em660.default-1446686594801\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-06  11:47:28
ComboFix-quarantined-files.txt  2015-11-06 16:47
ComboFix2.txt  2015-11-05 00:26
.
Pre-Run: 61,895,442,432 bytes free
Post-Run: 61,576,810,496 bytes free
.
- - End Of File - - F283791ABD7BA28BAE9350EB0317F43F
A36C5E4F47E84449FF07ED3517B43A31

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing untoward showing there are you able to run an AV ?

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#7
ayydjango

ayydjango

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

The downloaded .exe appears to have the same result as trying to install an anti-virus or malware remover.. Just doesn't even start.

 

Edit: Um... Not sure if this is related, but after running all these my Smite game is failing to start up aswell with a authentication error, and digging further into the root it was cause the launcher was getting an 'invalid command line' error when trying to start. Like I said, not sure if this is predominantly malware, or the virus, or the downloads here.


Edited by ayydjango, 06 November 2015 - 05:44 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You do not appears to have any malware, however, it may be just that I am not seeing it

Could you run the following from safe mode with networking



Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :


5. Update signature database

Then press "Execute selected scripts"
avz2.JPG

Once that has execute then
select "File" > "Standards scripts"
Place a tick in :

3. Advanced System Analysis with malware removal mode enabled


When finished look in the folder AVZ4 on your desktop
Open the LOG folder
Attach virusinfo_syscure to your next post
vz3.JPG
  • 0

#9
ayydjango

ayydjango

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

After I ran the program I noticed at the end it said that it found no malware. lol. Here's the file

Attached Files


Edited by ayydjango, 07 November 2015 - 07:03 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If this fails we will need to work outside of windows for that you will need a USB stick handy

Open AVZ as before
Click "File" > "Custom scripts"
avzfix1.png

A dialogue will open
Copy and paste the following script into the marked space then press run
avzfix2.JPG

Script for insertion :
 
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteFile('regsvr32.exe C:\ProgramData\Bacwom\TucrAdcu.dll','32');
 BC_DeleteFile('regsvr32.exe C:\ProgramData\Bacwom\TucrAdcu.dll');
 RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','{F6FB2203-8001-47B9-BA15-DB5FBDAE3675}');
 DeleteFile('C:\ProgramData\Bacwom\TucrAdcu.dll','32');
 BC_DeleteFile('C:\ProgramData\Bacwom\TucrAdcu.dll');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Ensure that you copy from begin to end
  • 0

#11
ayydjango

ayydjango

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Lol, well I got my USB handy because it doesn't appear to have done anything significant to my pc. Still unable to install any AV, or malware fighter, or use my steam browser. haha. troublesome computers.


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this scan will take a while to run as it will check every single file. Leave it overnight would be best

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    liveusb_ru.jpg
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Live%20boot%20screen.png
  • Use arrow keys to select DrWeb-LiveCD (Default)

    drwebselect.JPG
  • Press select objects for scanning

    drwebfolders.JPG
  • When the system is loaded, check the disks or folders you want to scan, and click on Start.
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
    drwebscan.JPG
  • When it has completed

    drwebscancomplete.JPG
  • Select Open Report and copy to the USB
  • Once completed reboot to normal windows, and attach the report here

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP