need help with rundll32.exe!

alecksanndur · October 3, 2013

Hello, recently i've noticed that as time goes by rundll32.exe starts to gradually taking up a lot of my memory, it even took up 800k of my memory at one point. Usually just restarting fixes the problem but it starts to gradually get larger again. I also noticed that their were 2 of rundll32.exe in my task manager, one stays low while the other takes a lot of my memory. I've scanned with malwarebytes and avast yet nothing comes up as a virus or malware. I've looked around and havn't found a solution, if anyone could help it'd be greatly appreciated.

kevinf80 · October 3, 2013

Hello alecksanndur and welcome,

Rundll.exe running is not always a sign that malware is on your system, see this link http://www.howtogeek.com/howto/windows-vista/what-is-rundll32exe-and-why-is-it-running/

Run the following for me :-

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin

alecksanndur · October 3, 2013

well, i accidentally left my computer running while i was asleep, and when i checked it this morning rundll.exe was at 2,000,000, so i definitely think something is wrong, since i didn't have any programs open or anything. i'm about to run that tool though.

alecksanndur · October 3, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Alex (administrator) on ALEX-PC on 03-10-2013 09:17:43

Running from C:\Users\Alex\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Google Inc.) C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Google Inc.) C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe

(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

(Google Inc.) C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-02-09] (Synaptics Incorporated)

HKLM\...\Run: [PSQLLauncher] - C:\Program Files\Protector Suite\launcher.exe [84744 2010-04-27] (UPEK Inc.)

HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor)

HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)

HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)

Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)

HKCU\...\Run: [Google Update] - C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2011-07-28] (Google Inc.)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1814440 2013-09-21] (Valve Corporation)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

HKCU\...\Run: [ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff

MountPoints2: F - F:\setup.exe

MountPoints2: {86f374e2-5076-11e2-9434-0090f5be4820} - G:\setup.exe -a

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-25] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2008-01-15] (CyberLink)

HKLM-x32\...\Run: [P2Go_Menu] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-09-04] (cyberlink)

HKLM-x32\...\Run: [RemoteControl] - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [87336 2009-04-16] (Cyberlink Corp.)

HKLM-x32\...\Run: [LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [62760 2009-04-16] ()

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

HKLM-x32\...\Run: [sMessaging] - C:\Users\Alex\AppData\Local\Strongvault Online Backup\SMessaging.exe

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll

BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com

URLSearchHook: (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File

URLSearchHook: (No Name) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No File

SearchScopes: HKCU - {3698B55F-C4F3-46B8-8D1B-6514A328675F} URL = http://search.us.com/serp/1/?guid={4279877B-710A-41FD-AEEB-CAA62F4A89E7}&action=default_search&k={searchTerms}

SearchScopes: HKCU - {BB657B86-CA82-41ED-9679-8F103E438382} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN20201987631172312&UM=2

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: No Name - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: No Name - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No File

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: GreatArcadeHits Add-on - {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Alex\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll (GreatArcadeHits)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - a Search.us.com Toolbar - {7A48A661-F338-4212-9940-C0548B26270B} - C:\Users\Alex\AppData\Local\TNT2\Profiles\10265\passport64.dll No File

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM-x32 - No Name - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - No File

Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File

Toolbar: HKCU - a Search.us.com Toolbar - {7A48A661-F338-4212-9940-C0548B26270B} - C:\Users\Alex\AppData\Local\TNT2\Profiles\10265\passport64.dll No File

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:

========

FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hyrlntx5.default

FF user.js: detected! => C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hyrlntx5.default\user.js

FF SelectedSearchEngine: Google

FF DefaultSearchEngine: Google

FF SearchEngineOrder.1: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hyrlntx5.default\searchplugins\conduit.xml

FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hyrlntx5.default\searchplugins\MyStart Search.xml

FF SearchPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\hyrlntx5.default\searchplugins\safeguard-secure-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKCU\...\FIREFOX\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Users\Alex\AppData\Local\GreatArcadeHits\gahff.xpi

FF Extension: No Name - C:\Users\Alex\AppData\Local\GreatArcadeHits\gahff.xpi

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll ()

CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File

CHR Plugin: (Conduit Radio Plugin) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Google Update) - C:\Users\Alex\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0

CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Search by Image (by Google)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.5.0_0

CHR Extension: (AdBlock) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0

CHR Extension: (avast! Online Security) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0

CHR Extension: (StumbleUpon) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.9.19.1_0

CHR Extension: (SelectionLinks) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej\3.0_0

CHR Extension: (Man of Steel) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\knfmphhfikndpfbllhdojajhgpmlnlef\1_0

CHR Extension: (Little Alchemy) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0

CHR Extension: (Google Maps) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0

CHR Extension: (Planner 5D) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Hover Zoom) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0

CHR Extension: (My Chrome Theme) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0

CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Alex\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Alex\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx

CHR HKLM-x32\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files (x86)\OApps\chromeaddon2.crx

CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Alex\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)

R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792 2011-02-15] ()

R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [106472 2013-09-18] (Razer Inc.)

S2 Adobe Licensing Console; %SystemRoot%\system32\msvfd32.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-12-26] ()

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-25] (DT Soft Ltd)

S3 GamingMsFltr; C:\Windows\System32\drivers\gamingms.sys [11520 2009-12-07] (Primax Ltd)

R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-12-26] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)

S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [146928 2009-09-04] (CyberLink Corp.)

S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]

S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

S3 motandroidusb; System32\Drivers\motoandroid.sys [x]

S3 motccgp; system32\DRIVERS\motccgp.sys [x]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]

S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]

S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]

S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-03 09:17 - 2013-10-03 09:17 - 00000000 ____D C:\FRST

2013-10-03 09:15 - 2013-10-03 09:15 - 00001433 _____ C:\Users\Alex\Desktop\FRST64 - Shortcut.lnk

2013-10-03 09:14 - 2013-10-03 09:15 - 01954124 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2013-10-03 09:00 - 2013-10-03 09:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD

2013-10-03 01:14 - 2013-10-03 01:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes

2013-10-03 01:14 - 2013-10-03 01:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-03 01:14 - 2013-10-03 01:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-03 01:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-10-03 01:13 - 2013-10-03 01:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-03 00:47 - 2013-10-03 01:45 - 00007604 _____ C:\Users\Alex\AppData\Local\Resmon.ResmonCfg

2013-10-03 00:20 - 2013-10-03 00:21 - 00197979 _____ C:\Users\Alex\Downloads\Visage1.0 (1).zip

2013-10-03 00:19 - 2013-10-03 00:19 - 00429871 _____ (www.1HourSoftware.com) C:\Users\Alex\Downloads\RunAndHide.exe

2013-10-03 00:09 - 2013-10-03 00:09 - 00197979 _____ C:\Users\Alex\Downloads\Visage1.0.zip

2013-10-03 00:09 - 2013-10-03 00:09 - 00000000 ____D C:\Users\Alex\Downloads\Visage1.0

2013-10-02 23:55 - 2013-10-02 23:55 - 02356494 _____ C:\Users\Alex\Downloads\Enigma4Patch1.rmskin

2013-10-02 17:04 - 2013-10-02 17:04 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-02 17:03 - 2013-10-02 17:03 - 01386624 _____ C:\Users\Alex\Downloads\Rainmeter-2.5.exe

2013-10-01 19:55 - 2013-10-01 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-10-01 19:50 - 2013-10-01 19:51 - 24278649 _____ C:\Users\Alex\Downloads\vlc-2.1.0-win32.exe

2013-10-01 19:50 - 2013-10-01 19:50 - 00000000 ____D C:\Users\Alex\AppData\Local\GreatArcadeHits

2013-10-01 19:49 - 2013-10-03 08:56 - 00000000 ____D C:\Program Files (x86)\SweetPacks

2013-10-01 19:49 - 2013-10-03 01:22 - 00000000 ____D C:\Windows\SysWOW64\WNLT

2013-10-01 19:49 - 2013-10-03 01:22 - 00000000 ____D C:\Windows\SysWOW64\jmdp

2013-10-01 19:49 - 2013-10-03 01:19 - 00000000 ____D C:\ProgramData\Conduit

2013-10-01 19:49 - 2013-10-01 19:50 - 00000000 ____D C:\Program Files (x86)\Conduit

2013-10-01 19:49 - 2013-10-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\ARFC

2013-10-01 19:49 - 2013-10-01 19:49 - 00000000 ____D C:\Users\Alex\AppData\Local\CRE

2013-10-01 19:49 - 2013-10-01 19:49 - 00000000 ____D C:\Users\Alex\AppData\Local\Conduit

2013-10-01 19:49 - 2013-07-17 10:20 - 01648432 _____ C:\Windows\system32\dmwu.exe

2013-10-01 19:49 - 2013-07-17 10:17 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll

2013-10-01 19:47 - 2013-10-01 19:47 - 00592856 _____ C:\Users\Alex\Downloads\cbsidlm-tr1_15-VLC_Media_Player-BP-10267151.exe

2013-10-01 19:41 - 2013-10-01 19:41 - 00000000 ____D C:\ProgramData\Oracle

2013-10-01 19:38 - 2013-10-01 19:38 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-10-01 19:38 - 2013-10-01 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-10-01 19:38 - 2013-10-01 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-10-01 19:38 - 2013-10-01 19:38 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-10-01 19:36 - 2013-10-01 19:36 - 00913832 _____ (Oracle Corporation) C:\Users\Alex\Downloads\chromeinstall-7u40.exe

2013-10-01 19:28 - 2013-10-01 19:28 - 00000000 ____D C:\Users\Alex\AppData\Local\VirtualStore

2013-09-30 14:10 - 2013-09-30 14:10 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-29 20:25 - 2013-09-29 20:25 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2013-09-29 20:25 - 2013-09-29 20:25 - 00009924 _____ C:\Windows\system32\bootdelete.lst

2013-09-29 20:17 - 2013-09-29 20:26 - 00000000 ____D C:\ProgramData\HitmanPro

2013-09-29 19:36 - 2013-09-29 19:36 - 00000000 ____D C:\Users\Alex\Documents\CAPCOM

2013-09-29 19:15 - 2013-09-29 19:35 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6

2013-09-29 18:43 - 2013-09-29 18:43 - 00000000 ____D C:\Users\Alex\Documents\Razer

2013-09-29 18:14 - 2013-09-29 18:15 - 00000000 ____D C:\aa84dca5a5ecc5ab8a91ee

2013-09-29 17:50 - 2013-09-29 17:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gone Home

2013-09-29 17:49 - 2013-09-29 17:50 - 00000000 ____D C:\Program Files (x86)\Gone Home

2013-09-19 18:45 - 2013-09-19 18:45 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

2013-09-19 18:41 - 2013-09-12 02:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-09-19 18:41 - 2013-09-12 02:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-09-19 18:41 - 2013-09-12 02:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-09-19 18:41 - 2013-06-16 06:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2013-09-19 18:41 - 2013-06-16 06:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2013-09-17 00:50 - 2013-10-03 08:59 - 00007228 _____ C:\Windows\setupact.log

2013-09-17 00:50 - 2013-09-17 00:50 - 00000000 _____ C:\Windows\setuperr.log

2013-09-16 14:03 - 2013-08-20 07:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2013-09-16 14:03 - 2013-08-20 07:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2013-09-14 02:09 - 2013-09-14 02:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\fltk.org

2013-09-14 02:09 - 2013-09-14 02:09 - 00000000 ____D C:\ProgramData\fltk.org

2013-09-13 23:07 - 2013-10-01 18:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Origin

2013-09-13 20:38 - 2013-09-13 20:38 - 00000023 _____ C:\Windows\BlendSettings.ini

2013-09-13 18:56 - 2013-09-13 18:56 - 00000000 ____D C:\Users\Alex\Documents\Ubisoft

2013-09-13 18:56 - 2013-09-13 18:56 - 00000000 ____D C:\ProgramData\Orbit

2013-09-13 12:30 - 2013-09-13 12:30 - 00000000 ____D C:\Users\Alex\AppData\Local\Ubisoft Game Launcher

2013-09-13 12:09 - 2013-09-17 00:44 - 00000000 ____D C:\Program Files (x86)\Ubisoft

2013-09-12 22:01 - 2013-09-14 02:09 - 00000000 ____D C:\Users\Alex\Documents\Amnesia

2013-09-12 11:22 - 2013-09-12 11:22 - 00000000 ____D C:\Program Files (x86)\Frictional Games

2013-09-12 11:16 - 2013-09-12 11:20 - 00000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent

2013-09-12 03:04 - 2013-08-09 23:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-12 03:04 - 2013-08-09 23:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-12 03:04 - 2013-08-09 23:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-12 03:04 - 2013-08-09 23:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-12 03:04 - 2013-08-09 23:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-12 03:04 - 2013-08-09 23:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-12 03:04 - 2013-08-09 23:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-12 03:04 - 2013-08-09 23:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-12 03:04 - 2013-08-09 21:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-12 03:04 - 2013-08-09 21:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-12 03:04 - 2013-08-09 21:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-12 03:04 - 2013-08-09 21:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-12 03:04 - 2013-08-09 21:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-12 03:04 - 2013-08-09 21:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-12 03:04 - 2013-08-09 21:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-12 03:04 - 2013-08-09 21:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-12 03:04 - 2013-08-09 21:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-12 03:04 - 2013-08-09 20:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-12 03:04 - 2013-08-09 20:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-12 03:03 - 2013-08-09 23:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-12 03:03 - 2013-08-09 23:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-12 03:03 - 2013-08-09 23:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-12 03:03 - 2013-08-09 23:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-12 03:03 - 2013-08-09 23:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-12 03:03 - 2013-08-09 23:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-12 03:03 - 2013-08-09 21:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-12 03:03 - 2013-08-09 21:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-12 03:03 - 2013-08-09 21:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-12 03:03 - 2013-08-09 21:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-12 03:03 - 2013-08-09 21:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-12 03:03 - 2013-08-09 21:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2013-09-11 12:29 - 2013-08-07 19:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-11 12:29 - 2013-08-04 20:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-11 12:29 - 2013-08-01 20:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-11 12:29 - 2013-08-01 20:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-11 12:29 - 2013-08-01 20:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-11 12:29 - 2013-08-01 20:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-11 12:29 - 2013-08-01 20:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-11 12:29 - 2013-08-01 20:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-11 12:29 - 2013-08-01 20:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-11 12:29 - 2013-08-01 20:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-11 12:29 - 2013-08-01 20:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 20:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-11 12:29 - 2013-08-01 19:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-11 12:29 - 2013-08-01 19:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-11 12:29 - 2013-08-01 19:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-11 12:29 - 2013-08-01 19:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-11 12:29 - 2013-08-01 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-11 12:29 - 2013-08-01 18:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-11 12:29 - 2013-08-01 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-11 12:29 - 2013-08-01 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-11 12:29 - 2013-08-01 18:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-11 12:29 - 2013-08-01 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-11 12:29 - 2013-08-01 18:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 18:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 18:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-11 12:29 - 2013-08-01 18:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-11 12:29 - 2013-07-25 20:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-11 12:29 - 2013-07-25 20:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-11 12:29 - 2013-07-25 19:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-11 12:29 - 2013-07-25 19:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-07 03:19 - 2013-10-03 03:06 - 00000000 ____D C:\Program Files (x86)\Saints Row IV

2013-09-06 17:05 - 2013-09-06 17:06 - 00000000 ____D C:\Users\Alex\AppData\Local\PAYDAY 2

2013-09-05 23:45 - 2013-09-17 00:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

==================== One Month Modified Files and Folders =======

2013-10-03 09:17 - 2013-10-03 09:17 - 00000000 ____D C:\FRST

2013-10-03 09:15 - 2013-10-03 09:15 - 00001433 _____ C:\Users\Alex\Desktop\FRST64 - Shortcut.lnk

2013-10-03 09:15 - 2013-10-03 09:14 - 01954124 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2013-10-03 09:15 - 2012-12-07 17:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-03 09:15 - 2011-07-28 16:03 - 00000000 ____D C:\Program Files (x86)\Steam

2013-10-03 09:13 - 2011-07-28 04:34 - 00000000 ___RD C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-03 09:06 - 2009-07-13 22:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-03 09:06 - 2009-07-13 22:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-03 09:02 - 2011-07-28 04:32 - 01186208 _____ C:\Windows\WindowsUpdate.log

2013-10-03 09:00 - 2013-10-03 09:00 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD

2013-10-03 08:59 - 2013-09-17 00:50 - 00007228 _____ C:\Windows\setupact.log

2013-10-03 08:58 - 2011-07-28 15:39 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-03 08:58 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-03 08:57 - 2012-12-07 18:59 - 00256158 _____ C:\Windows\PFRO.log

2013-10-03 08:56 - 2013-10-01 19:49 - 00000000 ____D C:\Program Files (x86)\SweetPacks

2013-10-03 08:41 - 2011-07-28 15:57 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3529416141-469772943-2869812416-1002UA.job

2013-10-03 03:06 - 2013-09-07 03:19 - 00000000 ____D C:\Program Files (x86)\Saints Row IV

2013-10-03 01:45 - 2013-10-03 00:47 - 00007604 _____ C:\Users\Alex\AppData\Local\Resmon.ResmonCfg

2013-10-03 01:22 - 2013-10-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\WNLT

2013-10-03 01:22 - 2013-10-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\jmdp

2013-10-03 01:22 - 2013-05-13 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-10-03 01:19 - 2013-10-01 19:49 - 00000000 ____D C:\ProgramData\Conduit

2013-10-03 01:14 - 2013-10-03 01:14 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Malwarebytes

2013-10-03 01:14 - 2013-10-03 01:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-10-03 01:14 - 2013-10-03 01:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-03 01:14 - 2013-10-03 01:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe

2013-10-03 01:07 - 2012-12-07 16:35 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent

2013-10-03 00:21 - 2013-10-03 00:20 - 00197979 _____ C:\Users\Alex\Downloads\Visage1.0 (1).zip

2013-10-03 00:19 - 2013-10-03 00:19 - 00429871 _____ (www.1HourSoftware.com) C:\Users\Alex\Downloads\RunAndHide.exe

2013-10-03 00:09 - 2013-10-03 00:09 - 00197979 _____ C:\Users\Alex\Downloads\Visage1.0.zip

2013-10-03 00:09 - 2013-10-03 00:09 - 00000000 ____D C:\Users\Alex\Downloads\Visage1.0

2013-10-02 23:55 - 2013-10-02 23:55 - 02356494 _____ C:\Users\Alex\Downloads\Enigma4Patch1.rmskin

2013-10-02 17:04 - 2013-10-02 17:04 - 00000000 ____D C:\ProgramData\Package Cache

2013-10-02 17:03 - 2013-10-02 17:03 - 01386624 _____ C:\Users\Alex\Downloads\Rainmeter-2.5.exe

2013-10-02 16:29 - 2011-07-28 15:59 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-10-02 14:41 - 2011-07-28 15:57 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3529416141-469772943-2869812416-1002Core.job

2013-10-01 22:12 - 2012-12-07 16:07 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-10-01 22:12 - 2012-12-07 16:07 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-10-01 19:57 - 2013-05-13 21:40 - 00000000 ____D C:\Users\Alex\AppData\Local\Mozilla

2013-10-01 19:55 - 2013-10-01 19:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-10-01 19:51 - 2013-10-01 19:50 - 24278649 _____ C:\Users\Alex\Downloads\vlc-2.1.0-win32.exe

2013-10-01 19:50 - 2013-10-01 19:50 - 00000000 ____D C:\Users\Alex\AppData\Local\GreatArcadeHits

2013-10-01 19:50 - 2013-10-01 19:49 - 00000000 ____D C:\Program Files (x86)\Conduit

2013-10-01 19:50 - 2012-12-25 10:36 - 00000000 _____ C:\END

2013-10-01 19:49 - 2013-10-01 19:49 - 00000000 ____D C:\Windows\SysWOW64\ARFC

2013-10-01 19:49 - 2013-10-01 19:49 - 00000000 ____D C:\Users\Alex\AppData\Local\CRE

2013-10-01 19:49 - 2013-10-01 19:49 - 00000000 ____D C:\Users\Alex\AppData\Local\Conduit

2013-10-01 19:47 - 2013-10-01 19:47 - 00592856 _____ C:\Users\Alex\Downloads\cbsidlm-tr1_15-VLC_Media_Player-BP-10267151.exe

2013-10-01 19:43 - 2012-12-15 16:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc

2013-10-01 19:41 - 2013-10-01 19:41 - 00000000 ____D C:\ProgramData\Oracle

2013-10-01 19:38 - 2013-10-01 19:38 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-10-01 19:38 - 2013-10-01 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-10-01 19:38 - 2013-10-01 19:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-10-01 19:38 - 2013-10-01 19:38 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-10-01 19:38 - 2012-12-07 16:22 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-10-01 19:38 - 2012-12-07 16:22 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-10-01 19:36 - 2013-10-01 19:36 - 00913832 _____ (Oracle Corporation) C:\Users\Alex\Downloads\chromeinstall-7u40.exe

2013-10-01 19:28 - 2013-10-01 19:28 - 00000000 ____D C:\Users\Alex\AppData\Local\VirtualStore

2013-10-01 19:28 - 2009-07-13 23:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-01 19:11 - 2012-12-27 18:48 - 00000000 ____D C:\Users\Alex\AppData\Local\4A Games

2013-10-01 18:58 - 2012-12-08 17:04 - 00000000 ____D C:\Games

2013-10-01 18:46 - 2013-09-13 23:07 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Origin

2013-10-01 18:46 - 2013-02-24 03:54 - 00000000 ____D C:\ProgramData\Electronic Arts

2013-10-01 18:46 - 2013-02-24 03:53 - 00000000 ____D C:\ProgramData\Origin

2013-10-01 12:36 - 2012-12-07 17:18 - 00000000 ____D C:\Users\Alex\Downloads\Torrents

2013-10-01 11:55 - 2009-07-13 23:13 - 00795056 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-30 17:25 - 2013-04-22 22:24 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype

2013-09-30 14:10 - 2013-09-30 14:10 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-30 14:10 - 2013-04-22 22:24 - 00000000 ____D C:\ProgramData\Skype

2013-09-29 21:51 - 2013-01-16 02:08 - 00000000 ____D C:\Users\Alex\AppData\Local\SKIDROW

2013-09-29 21:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF

2013-09-29 21:45 - 2012-12-08 15:42 - 00625195 _____ C:\Windows\DirectX.log

2013-09-29 20:26 - 2013-09-29 20:17 - 00000000 ____D C:\ProgramData\HitmanPro

2013-09-29 20:25 - 2013-09-29 20:25 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2013-09-29 20:25 - 2013-09-29 20:25 - 00009924 _____ C:\Windows\system32\bootdelete.lst

2013-09-29 19:36 - 2013-09-29 19:36 - 00000000 ____D C:\Users\Alex\Documents\CAPCOM

2013-09-29 19:35 - 2013-09-29 19:15 - 00000000 ____D C:\Program Files (x86)\Resident Evil 6

2013-09-29 19:15 - 2012-12-25 10:36 - 00000000 ____D C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite

2013-09-29 18:43 - 2013-09-29 18:43 - 00000000 ____D C:\Users\Alex\Documents\Razer

2013-09-29 18:42 - 2012-12-11 01:36 - 00000000 ____D C:\Users\Alex\AppData\Local\Razer

2013-09-29 18:42 - 2012-12-11 01:36 - 00000000 ____D C:\ProgramData\Razer

2013-09-29 18:42 - 2012-12-11 01:36 - 00000000 ____D C:\Program Files (x86)\Razer

2013-09-29 18:31 - 2013-08-15 18:52 - 00003015 _____ C:\autoupdate.log

2013-09-29 18:17 - 2012-12-11 01:35 - 00787670 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-29 18:15 - 2013-09-29 18:14 - 00000000 ____D C:\aa84dca5a5ecc5ab8a91ee

2013-09-29 17:50 - 2013-09-29 17:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gone Home

2013-09-29 17:50 - 2013-09-29 17:49 - 00000000 ____D C:\Program Files (x86)\Gone Home

2013-09-19 20:15 - 2012-12-07 17:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-19 20:15 - 2012-12-07 17:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-19 20:15 - 2012-12-07 17:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-19 18:45 - 2013-09-19 18:45 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

2013-09-19 18:45 - 2011-07-28 15:38 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-09-17 23:57 - 2012-12-07 18:42 - 00000000 ____D C:\Users\Alex\Documents\my games

2013-09-17 01:30 - 2009-07-13 22:45 - 00268856 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-17 01:29 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns

2013-09-17 01:24 - 2011-07-28 04:32 - 00000000 ____D C:\Users\Alex

2013-09-17 00:50 - 2013-09-17 00:50 - 00000000 _____ C:\Windows\setuperr.log

2013-09-17 00:50 - 2011-07-28 04:34 - 00058416 _____ C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-17 00:48 - 2013-01-26 06:36 - 00000000 ____D C:\Windows\Minidump

2013-09-17 00:44 - 2013-09-13 12:09 - 00000000 ____D C:\Program Files (x86)\Ubisoft

2013-09-17 00:40 - 2013-01-22 00:46 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2013-09-17 00:40 - 2013-01-21 22:13 - 00000000 ____D C:\Users\Alex\AppData\Roaming\NCH Software

2013-09-17 00:40 - 2013-01-21 22:13 - 00000000 ____D C:\Program Files (x86)\NCH Software

2013-09-17 00:14 - 2011-04-25 08:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-17 00:03 - 2013-09-05 23:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-09-16 22:14 - 2011-01-22 05:26 - 00000000 __SHD C:\Recovery

2013-09-14 02:09 - 2013-09-14 02:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\fltk.org

2013-09-14 02:09 - 2013-09-14 02:09 - 00000000 ____D C:\ProgramData\fltk.org

2013-09-14 02:09 - 2013-09-12 22:01 - 00000000 ____D C:\Users\Alex\Documents\Amnesia

2013-09-13 20:38 - 2013-09-13 20:38 - 00000023 _____ C:\Windows\BlendSettings.ini

2013-09-13 18:56 - 2013-09-13 18:56 - 00000000 ____D C:\Users\Alex\Documents\Ubisoft

2013-09-13 18:56 - 2013-09-13 18:56 - 00000000 ____D C:\ProgramData\Orbit

2013-09-13 12:30 - 2013-09-13 12:30 - 00000000 ____D C:\Users\Alex\AppData\Local\Ubisoft Game Launcher

2013-09-12 11:22 - 2013-09-12 11:22 - 00000000 ____D C:\Program Files (x86)\Frictional Games

2013-09-12 11:20 - 2013-09-12 11:16 - 00000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent

2013-09-12 11:06 - 2011-07-28 04:34 - 00000000 ___RD C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-12 03:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache

2013-09-12 03:03 - 2013-08-15 14:25 - 00000000 ____D C:\Windows\system32\MRT

2013-09-12 03:01 - 2011-01-10 06:45 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-12 02:58 - 2013-09-19 18:41 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-09-12 02:58 - 2013-09-19 18:41 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-09-12 02:58 - 2013-09-19 18:41 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-09-12 02:58 - 2012-12-07 17:55 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2013-09-12 02:58 - 2012-12-07 17:55 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2013-09-12 02:58 - 2011-07-28 15:37 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2013-09-12 02:58 - 2011-07-28 15:37 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2013-09-12 02:58 - 2011-07-28 15:37 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2013-09-12 02:58 - 2011-07-28 15:37 - 00022814 _____ C:\Windows\system32\nvinfo.pb

2013-09-12 01:25 - 2011-07-28 15:38 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2013-09-12 01:25 - 2011-07-28 15:38 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2013-09-12 01:25 - 2011-07-28 15:38 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2013-09-12 01:25 - 2011-07-28 15:38 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2013-09-12 01:25 - 2011-07-28 15:38 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2013-09-12 01:25 - 2011-07-28 15:38 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2013-09-10 03:23 - 2012-12-25 01:26 - 00000000 ____D C:\Windows\System32\Tasks\Games

2013-09-07 18:12 - 2012-12-20 02:18 - 00000000 ____D C:\ProgramData\Blizzard Entertainment

2013-09-07 04:25 - 2012-12-23 07:26 - 00000000 ____D C:\Users\Alex\AppData\Roaming\dvdcss

2013-09-06 17:06 - 2013-09-06 17:05 - 00000000 ____D C:\Users\Alex\AppData\Local\PAYDAY 2

Some content of TEMP:

====================

C:\Users\Alex\AppData\Local\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 14:09

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by Alex at 2013-10-03 09:18:20

Running from C:\Users\Alex\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

«Amnesia. A Machine for Pigs» (x32)

µTorrent (HKCU Version: 3.3.1.30017)

A Virus Named TOM (x32)

Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)

Adobe Reader X (10.1.8) (x32 Version: 10.1.8)

Amnesia - The Dark Descent (x32 Version: 1.0.0)

Anna - Extended Edition (x32)

ASIO4ALL (x32 Version: 2.10)

avast! Free Antivirus (x32 Version: 8.0.1497.0)

Bastion (x32)

BioShock Infinite (x32)

BisonCam (x32 Version: 9.2.1.71.42)

Borderlands 2 (x32)

CDisplay 1.8 (x32)

Chivalry: Medieval Warfare (x32)

Counter-Strike: Global Offensive (x32)

CyberLink DVD Suite (x32 Version: 5.5.2006)

CyberLink Power2Go (x32 Version: 6.0.0.1630)

CyberLink PowerDVD (x32 Version: 7.3.5711.0)

DAEMON Tools Lite (x32 Version: 4.46.1.0327)

DC Universe Online (x32)

Diablo III (x32 Version: 1.0.8.16603)

Dragon Age: Origins (x32 Version: 1.04)

Eets Munchies (x32)

Europa Universalis III (x32)

FEZ (x32)

FTL: Faster Than Light (x32)

GeForce Experience NvStream Client Components (Version: 0.1.87)

Gone Home (x32)

Google Chrome (HKCU Version: 30.0.1599.66)

GreatArcadeHits (HKCU Version: 1.0)

Hotkey 3.3028 (x32 Version: 3.3028)

IB Updater Service (x32 Version: 4.0.5.7)

Intel PROSet Wireless

Intel PROSet Wireless (x32)

Intel® Management Engine Components (x32 Version: 7.0.0.1118)

Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)

Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)

ITE Infrared Transceiver (x32 Version: 1.00.0000)

Java 7 Update 40 (x32 Version: 7.0.400)

Java Auto Updater (x32 Version: 2.1.9.8)

JMicron Ethernet Adapter NDIS Driver (x32 Version: 6.0.24.7)

JMicron Flash Media Controller Driver (x32 Version: 1.0.54.1)

Leviathan: Warships (x32)

LIMBO (x32)

Logitech Gaming Software (Version: 8.40.83)

Logitech Gaming Software 5.10 (Version: 5.10.127)

Logitech Gaming Software 8.40 (Version: 8.40.83)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Metro: Last Light © Deep Silver version 1 (x32 Version: 1)

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)

Microsoft .NET Framework 1.1 (x32)

Microsoft .NET Framework 4.5 (Version: 4.5.50709)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)

Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)

Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)

Microsoft Silverlight (Version: 5.1.20513.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)

Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)

MotoHelper MergeModules (x32 Version: 1.2.0)

Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)

Mozilla Maintenance Service (x32 Version: 24.0)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

Neverwinter (x32)

NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)

NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01)

NVIDIA 3D Vision Driver 327.23 (Version: 327.23)

NVIDIA Control Panel 327.23 (Version: 327.23)

NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)

NVIDIA Graphics Driver 327.23 (Version: 327.23)

NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)

NVIDIA Install Application (Version: 2.1002.133.902)

NVIDIA PhysX (x32 Version: 9.13.0725)

NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)

NVIDIA Update 8.3.14 (Version: 8.3.14)

NVIDIA Update Components (Version: 8.3.14)

NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)

PAYDAY 2 (x32)

Protector Suite 2009 (Version: 5.9.3.6379)

Razer Game Booster (x32 Version: 4.0.68.0)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6262)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)

Resident Evil 6 version 1 (x32 Version: 1)

Rocketbirds: Hardboiled Chicken (x32)

Rogue Legacy version 0.0.0.9 (x32 Version: 0.0.0.9)

Saints Row IV (x32 Version: 1)

SHIELD Streaming (Version: 1.05.28)

Sine Mora (x32)

SkyDrift (x32)

Skype™ 6.7 (x32 Version: 6.7.102)

Steam (x32 Version: 1.0.0.0)

Strongvault Online Backup (x32 Version: 5.0.2.34)

Synaptics Pointing Device Driver (Version: 15.0.8.0)

The Elder Scrolls IV: Oblivion (x32)

The Elder Scrolls V: Skyrim (x32)

The Walking Dead (x32)

The Witcher: Enhanced Edition (x32)

THX TruStudio Pro (x32 Version: TAMB-CVS1D-1-LB R07)

Tom Clancy's Splinter Cell® Blacklist™ (x32 Version: 1.01)

Torchlight II (x32)

Tropico 3 - Steam Special Edition (x32)

VLC media player 2.1.0 (x32 Version: 2.1.0)

War of the Roses (x32)

WebCam Installer (x32 Version: 3.32)

Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

==================== Restore Points =========================

02-10-2013 23:04:26 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {17668360-4440-44DE-9D2B-E7E02C143C62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3529416141-469772943-2869812416-1002Core => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-28] (Google Inc.)

Task: {847E866A-8959-4587-9379-22113FB27CA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)

Task: {8599164D-8F31-4BF8-9546-1B5E2FAE5756} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3529416141-469772943-2869812416-1002UA => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-28] (Google Inc.)

Task: {B53B1474-973F-4559-A49E-D607591C5741} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

Task: {E46C8A36-7510-49AA-8B79-E7BA34916063} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe

Task: {EE654031-1532-493D-B932-D856B6F0833A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3529416141-469772943-2869812416-1002Core.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3529416141-469772943-2869812416-1002UA.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-25 08:44 - 2010-11-12 13:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2011-05-02 12:41 - 2011-05-02 12:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll

2013-10-03 05:25 - 2013-10-03 02:06 - 02104320 _____ () C:\Program Files\AVAST Software\Avast\defs\13100300\algo.dll

2013-09-29 18:42 - 2012-11-20 16:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\D3DX8Wrapper.dll

2013-09-29 18:42 - 2013-03-18 14:53 - 07477262 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\avcodec-54.dll

2013-09-29 18:42 - 2013-03-18 14:53 - 00156174 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\keutil-51.dll

2013-09-29 18:42 - 2013-03-18 14:53 - 01191950 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\avformat-54.dll

2013-09-29 18:42 - 2013-03-18 14:53 - 00333326 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\swscale-2.dll

2008-01-15 16:20 - 2008-01-15 16:20 - 00648488 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2008-01-15 16:20 - 2008-01-15 16:20 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-08-15 19:08 - 2013-08-15 19:08 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll

2011-04-25 08:44 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-10-02 08:43 - 2013-09-26 13:07 - 00698832 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\libglesv2.dll

2013-10-02 08:43 - 2013-09-26 13:07 - 00099792 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\libegl.dll

2013-10-02 08:43 - 2013-09-26 13:08 - 04055504 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll

2013-10-02 08:43 - 2013-09-26 13:08 - 00415184 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll

2013-10-02 08:43 - 2013-09-26 13:07 - 01604560 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\Application\30.0.1599.66\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport

Description: avast! Firewall NDIS Filter Miniport

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: ALWIL Software

Service: aswNdis

Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Resolution: A registry problem was detected.

This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:

==================

Error: (10/01/2013 07:50:29 PM) (Source: Application Error) (User: )

Description: Faulting application name: 908, version: 0.0.0.0, time stamp: 0x520b2f23

Faulting module name: 908, version: 0.0.0.0, time stamp: 0x520b2f23

Exception code: 0x40000015

Fault offset: 0x0006612c

Faulting process id: 0x1e14

Faulting application start time: 0x9080

Faulting application path: 9081

Faulting module path: 9082

Report Id: 9083

Error: (09/29/2013 09:44:10 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Program Files (x86)\5th Cell Media\Scribblenauts Unmasked A DC Comics Adventure\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files (x86)\5th Cell Media\Scribblenauts Unmasked A DC Comics Adventure\_CommonRedist\DirectX\Jun2010\DXSETUP.exe"; Description = Installed DirectX; Error = 0x80070005).

Error: (09/20/2013 09:27:18 AM) (Source: Application Hang) (User: )

Description: The program chrome.exe version 29.0.1547.76 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 29e4

Start Time: 01ceb5c496094539

Termination Time: 27

Application Path: C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 1d45ee3f-2209-11e3-ab90-0090f5be4820

Error: (09/17/2013 00:18:11 AM) (Source: FastFreeConverter) (User: )

Description: Service operation failed

Error: (09/17/2013 00:18:11 AM) (Source: FastFreeConverter) (User: )

Description: ControlService failed on kill service, code: 1062

Error: (09/17/2013 00:06:06 AM) (Source: Microsoft-Windows-RestartManager) (User: Alex-PC)

Description: Application or service 'Apple Mobile Device' could not be restarted.

Error: (09/16/2013 01:42:11 PM) (Source: NvStreamSvc) (User: )

Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/16/2013 01:42:08 PM) (Source: NvStreamSvc) (User: )

Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/15/2013 04:21:28 PM) (Source: FastFreeConverter) (User: )

Description: Can't download info about new versions from: http://www.fastfreeconverter.com/fastfreeconverter/updater/u.php?timestamp=1379283688&app_id=897fe3cf56c545c16d62b7cd4ffa0ec5&version=5.5&updaterVersion=1.0.4&channel=somoto, to local path: C:\Windows\TEMP\FastFreeConverterUpdt_update.txt

Error: (09/15/2013 04:21:28 PM) (Source: FastFreeConverter) (User: )

Description: Can't query a value of the ProxyServer registry value, code: 2

System errors:

=============

Error: (10/03/2013 08:59:24 AM) (Source: Service Control Manager) (User: )

Description: The lirsgt service failed to start due to the following error:

%%577

Error: (10/03/2013 08:59:20 AM) (Source: Service Control Manager) (User: )

Description: The atksgt service failed to start due to the following error:

%%577

Error: (10/03/2013 08:58:19 AM) (Source: Service Control Manager) (User: )

Description: The Adobe Licensing Console service failed to start due to the following error:

%%2

Error: (10/03/2013 01:23:59 AM) (Source: Service Control Manager) (User: )

Description: The lirsgt service failed to start due to the following error:

%%577

Error: (10/03/2013 01:23:56 AM) (Source: Service Control Manager) (User: )

Description: The atksgt service failed to start due to the following error:

%%577

Error: (10/03/2013 01:23:04 AM) (Source: Service Control Manager) (User: )

Description: The Adobe Licensing Console service failed to start due to the following error:

%%2

Error: (10/02/2013 04:43:33 AM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/01/2013 07:31:13 PM) (Source: Service Control Manager) (User: )

Description: The Steam Client Service service failed to start due to the following error:

%%1053

Error: (10/01/2013 07:31:13 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (10/01/2013 07:29:29 PM) (Source: Service Control Manager) (User: )

Description: The lirsgt service failed to start due to the following error:

%%577

Microsoft Office Sessions:

=========================

Error: (10/01/2013 07:50:29 PM) (Source: Application Error)(User: )

Description: 9080.0.0.0520b2f239080.0.0.0520b2f23400000150006612c1e1401cebf11c37561bdC:\Users\Alex\AppData\Local\Temp\nsxC0FF.tmp\7\908C:\Users\Alex\AppData\Local\Temp\nsxC0FF.tmp\7\90803645b00-2b05-11e3-9c92-0090f5be4820

Error: (09/29/2013 09:44:10 PM) (Source: System Restore)(User: )

Description: C:\Program Files (x86)\5th Cell Media\Scribblenauts Unmasked A DC Comics Adventure\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files (x86)\5th Cell Media\Scribblenauts Unmasked A DC Comics Adventure\_CommonRedist\DirectX\Jun2010\DXSETUP.exe"Installed DirectX0x80070005

Error: (09/20/2013 09:27:18 AM) (Source: Application Hang)(User: )

Description: chrome.exe29.0.1547.7629e401ceb5c49609453927C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe1d45ee3f-2209-11e3-ab90-0090f5be4820

Error: (09/17/2013 00:18:11 AM) (Source: FastFreeConverter)(User: )

Description: Service operation failed

Error: (09/17/2013 00:18:11 AM) (Source: FastFreeConverter)(User: )

Description: ControlService failed on kill service, code: 1062

Error: (09/17/2013 00:06:06 AM) (Source: Microsoft-Windows-RestartManager)(User: Alex-PC)

Description: 0AppleMobileDeviceService.exeApple Mobile Device03026217813200

Error: (09/16/2013 01:42:11 PM) (Source: NvStreamSvc)(User: )

Description: NvStreamSvcUnregistering VAD endpoint [0]

Error: (09/16/2013 01:42:08 PM) (Source: NvStreamSvc)(User: )

Description: NvStreamSvcNvVAD endpoint registered successfully [0]

Error: (09/15/2013 04:21:28 PM) (Source: FastFreeConverter)(User: )

Description: Can't download info about new versions from: http://www.fastfreeconverter.com/fastfreeconverter/updater/u.php?timestamp=1379283688&app_id=897fe3cf56c545c16d62b7cd4ffa0ec5&version=5.5&updaterVersion=1.0.4&channel=somoto, to local path: C:\Windows\TEMP\FastFreeConverterUpdt_update.txt

Error: (09/15/2013 04:21:28 PM) (Source: FastFreeConverter)(User: )

Description: Can't query a value of the ProxyServer registry value, code: 2

CodeIntegrity Errors:

===================================

Date: 2013-10-03 08:59:24.144

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 08:59:24.097

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 08:59:20.026

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 08:59:19.807

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 01:23:59.370

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 01:23:59.260

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 01:23:56.307

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-03 01:23:56.182

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-01 19:29:29.785

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-01 19:29:29.707

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 31%

Total physical RAM: 8169.57 MB

Available physical RAM: 5630 MB

Total Pagefile: 16337.32 MB

Available Pagefile: 13355.13 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:698.54 GB) (Free:298.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E105D4CA)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================

kevinf80 · October 3, 2013

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. (Not to a shortcut link)

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Download Dr Web Cureit from here http://www.freedrweb.com/cureit (Scroll to bottom of page) save to your desktop.

The file will be randomly named
Reboot to safe mode
Run Dr Web
Tick the I agree box and select continue

Click select objects for scanning

Tick all boxes as shown
Click the wrench and select automatically apply actions to threats
Press start scan
The scan will now commence
Once the scan has finished click open report
A notepad will open
Select File > Save as..
Save it to your desktop

Attach the Dr Web cureit log to your next reply… Copy and paste the other two logs....

fixlist.txt

alecksanndur · October 3, 2013

okay, did the first 2 tests and saved the logs. i'm running the drcureit scan right now, and will post the logs immediately after. should be a couple minutes.

and thanks for the quick response, this ram issue has been driving me nuts.

alecksanndur · October 3, 2013

so i did the drwebcureit, and it said it found 2 threats and moved them automatically, but i couldn't find any option for opening a report or log? i have the logs for the other two scans though so i'm attaching them now.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013

Ran by Alex at 2013-10-03 11:06:17 Run:1

Running from C:\Users\Alex\Downloads\Fix Stuff

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

HKCU\...\Run: [ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff

C:\Program Files (x86)\Conduit

SearchScopes: HKCU - {3698B55F-C4F3-46B8-8D1B-6514A328675F} URL = http://search.us.com/serp/1/?guid={4279877B-710A-41FD-AEEB-CAA62F4A89E7}&action=default_search&k={searchTerms}

SearchScopes: HKCU - {BB657B86-CA82-41ED-9679-8F103E438382} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN20201987631172312&UM=2