Jump to content

Possible Infection


Recommended Posts

Hi,
 

WIth Google Chrome, when I open a browser it will automatically open nine old tabs/pages, and it will continue to do this no matter how many times I reboot.


I think this is the problem:

 

CHR StartupUrls: ""https://uk-mg42.mail.yahoo.com/neo/launch?.rand=ao9g3o57thql8", "hxxp://ukradioplayer.radiocity.co.uk/", "hxxp://productforums.google.com/forum/#!forum/chrome", "hxxp://productforums.google.com/forum/#!category-topic/chrome/report-a-problem-and-get-troubleshooting-help/FTVGkp78ck4", "hxxp://productforums.google.com/forum/#!forum/chrome/categories", "hxxp://productforums.google.com/forum/#!categories/chrome/windows", "hxxp://productforums.google.com/forum/#!category-topic/chrome/windows/r5pfBfBbN5U", "https://www.google.co.uk/"

 Please try this:
https://support.google.com/chrome/answer/3296214?hl=en-GB
 

Link to post
Share on other sites

Cheers, Deeprybka! I went into Chrome's setting to do as advised and noticed "On Startup" Was chanced to "Open A specific page or set of pages" I have no idea how it managed to change to this setting without me acknowledging this result..but clicking the option to "Open the New Tab page" On Start Up, did the trick.

 

Just waiting on one more issue to be resolved

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.07.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16844
Home PC :: HOMEPC-PC [administrator]

13/07/2014 14:26:23
mbam-log-2014-07-13 (14-26-23).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | P2P
Objects scanned: 550797
Time elapsed: 20 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

Waiting on ESET Smart Security to finish it's scan..it'll be about 20 minutes

Link to post
Share on other sites

Scan Log
Version of virus signature database: 10089 (20140713)
Date: 13/07/2014  Time: 14:48:02
Scanned disks, folders and files: C:\Boot sector;C:\;F:\Boot sector;F:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\$RECYCLE.BIN\S-1-5-21-3075667534-3083555577-3039242665-1000\$IU50R5G.zip » ZIP »  - archive damaged
C:\Program Files\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe » NSIS » esDir - archive damaged - the file could not be extracted.
C:\Program Files (x86)\WinRAR\Default.SFX » WINRARSFX - archive damaged
C:\Program Files (x86)\WinRAR\Zip.SFX » WINRARSFX - archive damaged
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\ProgramData\Spybot - Search & Destroy\Recovery\AnchorHss.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\ProgramData\Spybot - Search & Destroy\Recovery\AnchorHss.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\System Volume Information\Syscache.hve - error opening [4]
C:\System Volume Information\Syscache.hve.LOG1 - error opening [4]
C:\System Volume Information\Syscache.hve.LOG2 - error opening [4]
C:\System Volume Information\{07649d81-0631-11e4-b157-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{157ef09c-06fb-11e4-bdae-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{3be55635-0a7e-11e4-9ccd-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{a6536a86-06fb-11e4-9f6f-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{a868f97c-06fa-11e4-b7f9-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{ce91fa66-06fc-11e4-a2ab-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e0be6967-06f9-11e4-8a12-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{e0be69be-06f9-11e4-8a12-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\System Volume Information\{f6cac834-06fb-11e4-9a8a-94de806b6505}{3808876b-c176-4e48-b7ae-04046e6cc752} - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock - error opening [4]
C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin - error opening [4]
C:\Users\All Users\Spybot - Search & Destroy\Recovery\AnchorHss.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\Users\All Users\Spybot - Search & Destroy\Recovery\AnchorHss.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\Users\Home PC\ntuser.dat - error opening [4]
C:\Users\Home PC\ntuser.dat.LOG1 - error opening [4]
C:\Users\Home PC\ntuser.dat.LOG2 - error opening [4]
C:\Users\Home PC\AppData\Local\FirestormOS_x64\data.db2.x.1 - error opening [4]
C:\Users\Home PC\AppData\Local\FirestormOS_x64\index.db2.x.1 - error opening [4]
C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Current Session - error opening [4]
C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - error opening [4]
C:\Users\Home PC\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Home PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Home PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Home PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HTPPWO4\ytb_8.5.3.16_2.5.9_msgr_setup[1] » NSIS » ilesDir - archive damaged - the file could not be extracted.
C:\Users\Home PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9HTPPWO4\ytb_8.5.3.16_2.5.9_msgr_setup[1] » NSIS » ytb_setup.exe » NSIS » ilesDir - archive damaged - the file could not be extracted.
C:\Users\Home PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B2W72B6M\2fb8a0d8-f81c-4970-a8a1-e3f065caf4c2[4].swf » CWS » file.swf - unpack error
C:\Users\Home PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJFICILJ\2fb8a0d8-f81c-4970-a8a1-e3f065caf4c2[4].swf » CWS » file.swf - unpack error
C:\Users\Home PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJFICILJ\MSNHPTO_NeedForSpeed_Rich[1].swf » CWS » file.swf - unpack error
C:\Users\Home PC\AppData\Local\Microsoft\Windows\WebCache\V01.log - error opening [4]
C:\Users\Home PC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - error opening [4]
C:\Users\Home PC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - error opening [4]
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bgbutton.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bgbuttonfinished.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bgcloseprogram.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bgdownloadbarempty.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bgdownloadbarerror.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bgdownloadbarfull.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bgheadererror.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/bglistbullet.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/buttoncenter.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/buttoncenterhighlight.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/buttonleft.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/buttonlefthighlight.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/buttonright.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/buttonrighthighlight.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/iconblank.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/iconcomplete.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/iconcompleteerror.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/iconerror.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/iconHeader.png - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/jsparrowdown.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/jsparrowup.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » images/logoadobe.gif - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _css/default.css - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _css/openx.css - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-cs.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-da.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-de.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-en.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-es.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-fi.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-fr.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-hr.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-hu.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-it.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-ja.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-ko.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-nl.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-no.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-pl.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-pt.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-ro.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-ru.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-sk.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-sl.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-sv.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-tr.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-ua.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-zh-cn.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/language-zh-tw.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/main-merge.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/omniture_s_code.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » _js/pdc_s_code_sc.js - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » app.config.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » bundles.json - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » download.solidconfig - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » downloader.bundle - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » gccheck.exe - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » gdrcheck.exe - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » gtbcheck.exe - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » index.html - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-cs.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-da.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-de.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-es.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-fi.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-fr.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-hr.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-hu.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-it.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-ja.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-ko.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-nl.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-no.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-pl.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-pt.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-ro.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-ru.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-sk.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-sl.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-sv.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-tr.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-ua.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-zh-cn.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language-zh-tw.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » language.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » launcher.bundle - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » logo.ico - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » openx.html - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe » ZIP » window.config.xml - error - password-protected file
C:\Users\Home PC\AppData\Local\Temp\~sp2983.tmp » NSIS » BrowserExtensionsSetup.exe » NSIS » Coupons.dll - is OK
C:\Users\Home PC\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\999a235ed5d9d3645505abff3ec25446_fce8395c8fd8a85f_6229ccd76215aea1_0_0.bin - error opening [4]
C:\Users\Home PC\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\999a235ed5d9d3645505abff3ec25446_fce8395c8fd8a85f_6229ccd76215aea1_0_0.toc - error opening [4]
C:\Users\Home PC\AppData\Roaming\foobar2000\running - error opening [4]
C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\parent.lock - error opening [4]
C:\Windows\Installer\1fc02a.msi » MSI » required.cab » CAB - error reading archive
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\a36d80812ab142553708949d649edd61812fdac9.HomeGroupClassifier\8a25cfece9878a98d1318164180bfdf2\grouping\db.mdb - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\a36d80812ab142553708949d649edd61812fdac9.HomeGroupClassifier\8a25cfece9878a98d1318164180bfdf2\grouping\edb.log - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\a36d80812ab142553708949d649edd61812fdac9.HomeGroupClassifier\8a25cfece9878a98d1318164180bfdf2\grouping\tmp.edb - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
F:\LOOK IN\2\winrar-x64-420.exe » RAR » Default.SFX » WINRARSFX - archive damaged
F:\LOOK IN\2\winrar-x64-420.exe » RAR » Zip.SFX » WINRARSFX - archive damaged
F:\Trials Evolution Gold Edition\Data1.cab » CAB » _D2DE87B493E8FF12A1AFC1E4FDA2F442 - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders)
F:\Trials Evolution Gold Edition\Data1.cab » CAB » _28498CEBD46DFA37DF50988FC7668D1C - next archive volume not found
F:\Trials Evolution Gold Edition\Data11.cab » CAB » _84D631149FC7D019F1A97CF990AA01AD - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders)
F:\Trials Evolution Gold Edition\Data11.cab » CAB » _28498CEBD46DFA37DF50988FC7668D1C - archive damaged - the file could not be extracted.
Number of scanned objects: 709599
Number of threats found: 0
Time of completion: 15:08:50  Total scanning time: 1248 sec (00:20:48)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

Link to post
Share on other sites

Hi,

let's have a look at fresh FRST logs...

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Sorry about the late reply...

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by Home PC (administrator) on HOMEPC-PC on 13-07-2014 19:40:58
Running from C:\Users\Home PC\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Windows\system\HsMgr64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12935168 2012-11-20] (C-Media Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-06-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-06-13] (NVIDIA Corporation)
Startup: C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf ()
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDBE06934F074CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=U219DHP&pc=U219
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {3927458A-A1B8-4265-ABE6-E446F1CC65D9} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A010GB0&p={SearchTerms}
SearchScopes: HKCU - {3927458A-A1B8-4265-ABE6-E446F1CC65D9} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A010GB0&p={SearchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL No File
Filter-x32: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL No File
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default
FF SearchEngineOrder.1: Secure Search
FF Homepage: about:home
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&type=A110GB0&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - F:\Trials Evolution Gold Edition (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-02-19]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-31]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: https://uk.search.yahoo.com/?type=282369&fr=spigot-yhp-ch
CHR StartupUrls: "https://www.google.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-14]
CHR Extension: (Google Drive) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-14]
CHR Extension: (YouTube) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-14]
CHR Extension: (Google Search) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-14]
CHR Extension: (SiteAdvisor) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-05-31]
CHR Extension: (Google Wallet) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Grooveshark Downloader) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2014-01-10]
CHR Extension: (Gmail) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-14]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Home PC\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-07-14]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-06-27]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-06-25] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-04] ()
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe" [X]
S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]

==================== Drivers (Whitelisted) ====================

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-30] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 etocdrv; C:\Windows\system32\etocdrv.sys [14928 2013-04-16] (Giga-Byte Technology CO., LTD.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 19:40 - 2014-07-13 19:41 - 00017401 _____ () C:\Users\Home PC\Desktop\FRST.txt
2014-07-13 19:40 - 2014-07-13 19:40 - 00000000 ____D () C:\Users\Home PC\Desktop\FRST-OlderVersion
2014-07-13 15:51 - 2014-07-13 15:51 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-11 22:37 - 2014-07-13 12:41 - 00000000 ____D () C:\Users\Home PC\Desktop\Desktop 3
2014-07-11 21:42 - 2014-07-11 21:43 - 00000000 ____D () C:\Users\Home PC\Desktop\New folder
2014-07-11 21:24 - 2014-07-13 19:40 - 02086912 _____ (Farbar) C:\Users\Home PC\Desktop\FRST64.exe
2014-07-09 01:04 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 01:04 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 01:04 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 01:04 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 01:04 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 01:04 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-30 15:56 - 2014-06-30 16:05 - 00000000 ____D () C:\Users\Home PC\AppData\Roaming\NVIDIA
2014-06-30 15:44 - 2014-06-30 15:44 - 00001351 _____ () C:\Users\Home PC\GeForce Experience.lnk
2014-06-30 15:43 - 2014-06-30 15:43 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-30 15:43 - 2014-06-13 03:48 - 00075040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-06-30 15:43 - 2014-06-13 03:48 - 00062920 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-06-30 15:43 - 2014-06-13 01:19 - 00609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-30 15:43 - 2014-05-30 00:00 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-30 15:43 - 2014-05-30 00:00 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-06-30 15:43 - 2014-05-29 23:59 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-30 15:43 - 2014-05-29 23:59 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-06-30 15:42 - 2014-06-13 03:59 - 01890264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434043.dll
2014-06-30 15:42 - 2014-06-13 03:59 - 01542088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434043.dll
2014-06-30 15:42 - 2014-06-13 03:59 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-06-30 15:42 - 2014-06-13 03:48 - 13911928 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 13824408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 11272544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 11211224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 04248520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 03989464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 00946120 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 00909256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 00902616 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 00869336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 00391456 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-06-30 15:42 - 2014-06-13 03:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 31512352 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 24198616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 18625768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 17553032 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 14497528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 12860888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-30 15:42 - 2014-06-13 03:47 - 00502048 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-06-30 15:42 - 2014-06-13 03:47 - 00417568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 22994392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 02814120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-30 15:42 - 2014-06-13 03:46 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-30 15:42 - 2014-06-13 03:45 - 03196304 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-06-30 15:42 - 2014-03-31 17:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-30 15:42 - 2014-03-31 17:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-06-30 15:42 - 2014-03-31 17:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-30 15:29 - 2014-06-30 15:29 - 00000000 _____ () C:\Users\Home PC\Downloads\NVIDIA - PhysX (Download).txt
2014-06-30 15:15 - 2014-06-30 15:16 - 285967176 _____ (NVIDIA Corporation) C:\Users\Home PC\Downloads\340.43-desktop-win8-win7-winvista-64bit-international-beta.exe
2014-06-30 15:10 - 2014-06-30 15:12 - 276935784 _____ (NVIDIA Corporation) C:\Users\Home PC\Downloads\334.89-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-06-24 21:44 - 2014-06-24 21:44 - 01342659 _____ () C:\Users\Home PC\Downloads\adwcleaner_3.213.exe
2014-06-17 13:51 - 2014-06-17 13:51 - 00000000 ____D () C:\Users\Home PC\AppData\Local\Adobe
2014-06-17 13:50 - 2014-06-17 13:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-17 13:50 - 2014-06-17 13:50 - 00002019 _____ () C:\Users\Home PC\Adobe Reader XI.lnk
2014-06-17 13:50 - 2014-06-17 13:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-17 12:49 - 2014-06-17 12:49 - 00000000 _____ () C:\ProgramData\Robot
2014-06-17 12:31 - 2014-06-17 12:31 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-17 12:24 - 2014-06-17 12:24 - 00000000 ____D () C:\ProgramData\Nikon
2014-06-17 12:23 - 2014-06-17 12:49 - 00000000 ____D () C:\Users\Home PC\AppData\Local\Nikon
2014-06-17 12:23 - 2014-06-17 12:23 - 00000000 _____ () C:\Windows\ViewNX2.INI
2014-06-17 12:22 - 2014-06-17 12:49 - 00000000 ____H () C:\ProgramData\PKP_DLev.DAT
2014-06-17 12:22 - 2014-06-17 12:49 - 00000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-06-17 12:22 - 2014-06-17 12:49 - 00000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-06-17 12:22 - 2014-06-17 12:49 - 00000000 ____D () C:\Program Files\Common Files\Nikon
2014-06-17 12:22 - 2014-06-17 12:49 - 00000000 _____ () C:\Users\Home PC\AppData\Roaming\Smooth Strings
2014-06-17 12:22 - 2014-06-17 12:22 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\Users\Home PC\AppData\Local\Downloaded Installations
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\ProgramData\Ultima_T15
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\ProgramData\EnterNHelp
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\Program Files\Nikon
2014-06-17 12:21 - 2014-06-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon

==================== One Month Modified Files and Folders =======

2014-07-13 19:41 - 2014-07-13 19:40 - 00017401 _____ () C:\Users\Home PC\Desktop\FRST.txt
2014-07-13 19:40 - 2014-07-13 19:40 - 00000000 ____D () C:\Users\Home PC\Desktop\FRST-OlderVersion
2014-07-13 19:40 - 2014-07-11 21:24 - 02086912 _____ (Farbar) C:\Users\Home PC\Desktop\FRST64.exe
2014-07-13 19:40 - 2014-02-19 07:17 - 00000000 ____D () C:\FRST
2014-07-13 19:36 - 2014-05-11 17:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 19:35 - 2014-02-19 06:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-13 19:35 - 2014-02-18 21:41 - 00003028 _____ () C:\Windows\System32\Tasks\EVGAPrecision
2014-07-13 19:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 19:35 - 2009-07-14 05:51 - 00381218 _____ () C:\Windows\setupact.log
2014-07-13 19:34 - 2013-06-29 15:00 - 01329217 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 17:39 - 2009-07-14 05:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 17:39 - 2009-07-14 05:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-13 17:11 - 2013-07-04 04:17 - 00000000 ____D () C:\Program Files (x86)\EVGA Precision X
2014-07-13 17:11 - 2013-06-30 22:58 - 00000000 ____D () C:\Users\Home PC\AppData\Roaming\foobar2000
2014-07-13 17:11 - 2013-06-29 20:53 - 00000000 ____D () C:\Windows\Minidump
2014-07-13 17:11 - 2013-06-29 16:30 - 00000000 ____D () C:\ProgramData\InstallShield
2014-07-13 17:11 - 2013-06-29 15:00 - 00000000 ____D () C:\Users\Home PC
2014-07-13 17:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 17:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-07-13 16:10 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\ShellNew
2014-07-13 15:51 - 2014-07-13 15:51 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-13 15:35 - 2014-05-12 12:40 - 00000000 ____D () C:\Users\Home PC\AppData\Local\FirestormOS_x64
2014-07-13 13:04 - 2013-08-11 23:24 - 00000000 ____D () C:\Users\Home PC\PICS
2014-07-13 12:45 - 2014-05-25 14:07 - 00000000 ____D () C:\Users\Home PC\AppData\Roaming\Skype
2014-07-13 12:41 - 2014-07-11 22:37 - 00000000 ____D () C:\Users\Home PC\Desktop\Desktop 3
2014-07-13 06:33 - 2014-05-12 12:39 - 00000000 ____D () C:\Program Files\Firestorm
2014-07-13 06:00 - 2013-06-30 22:57 - 00000000 ____D () C:\Users\Home PC\AppData\Roaming\vlc
2014-07-11 22:41 - 2014-01-19 14:43 - 00000000 ____D () C:\Users\Home PC\Desktop\DESKTOP 2
2014-07-11 21:43 - 2014-07-11 21:42 - 00000000 ____D () C:\Users\Home PC\Desktop\New folder
2014-07-11 20:15 - 2014-05-14 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 20:15 - 2014-04-14 13:30 - 00000000 ____D () C:\Users\Home PC\AppData\Local\NVIDIA
2014-07-11 20:15 - 2014-02-18 21:11 - 00000000 ____D () C:\Windows\pss
2014-07-11 20:15 - 2013-06-30 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-11 20:15 - 2013-06-30 22:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-11 20:15 - 2013-06-29 16:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-11 20:15 - 2009-07-14 08:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 20:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-11 20:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-11 19:36 - 2014-05-11 17:41 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 19:36 - 2014-05-11 17:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 19:36 - 2014-05-11 17:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-11 18:12 - 2014-01-14 21:38 - 00000000 ____D () C:\AdwCleaner
2014-07-11 17:56 - 2014-02-17 06:12 - 00000000 ____D () C:\Users\Home PC\AppData\Local\CrashDumps
2014-07-09 01:05 - 2009-07-14 05:45 - 00833792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-07 21:58 - 2013-07-24 12:59 - 00000000 ____D () C:\Users\Home PC\Documents\VirtualDJ
2014-06-30 16:05 - 2014-06-30 15:56 - 00000000 ____D () C:\Users\Home PC\AppData\Roaming\NVIDIA
2014-06-30 15:54 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-30 15:45 - 2014-02-19 06:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-30 15:45 - 2014-02-18 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-30 15:45 - 2013-09-06 03:22 - 00342016 ___SH () C:\Users\Home PC\Thumbs.db
2014-06-30 15:44 - 2014-06-30 15:44 - 00001351 _____ () C:\Users\Home PC\GeForce Experience.lnk
2014-06-30 15:43 - 2014-06-30 15:43 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-30 15:43 - 2014-02-19 06:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-30 15:43 - 2014-02-19 06:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-30 15:43 - 2014-02-18 23:09 - 00000000 ____D () C:\Users\Home PC\AppData\Local\NVIDIA Corporation
2014-06-30 15:41 - 2014-02-19 06:09 - 00000000 ____D () C:\NVIDIA
2014-06-30 15:29 - 2014-06-30 15:29 - 00000000 _____ () C:\Users\Home PC\Downloads\NVIDIA - PhysX (Download).txt
2014-06-30 15:16 - 2014-06-30 15:15 - 285967176 _____ (NVIDIA Corporation) C:\Users\Home PC\Downloads\340.43-desktop-win8-win7-winvista-64bit-international-beta.exe
2014-06-30 15:12 - 2014-06-30 15:10 - 276935784 _____ (NVIDIA Corporation) C:\Users\Home PC\Downloads\334.89-desktop-win8-win7-winvista-64bit-international-whql.exe
2014-06-27 19:54 - 2014-05-31 23:05 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-27 19:54 - 2013-06-29 15:45 - 00266858 _____ () C:\Windows\PFRO.log
2014-06-24 21:44 - 2014-06-24 21:44 - 01342659 _____ () C:\Users\Home PC\Downloads\adwcleaner_3.213.exe
2014-06-24 14:09 - 2014-03-13 06:42 - 00000000 ____D () C:\Users\Home PC\AppData\Roaming\Firestorm_x64
2014-06-24 13:32 - 2014-02-02 14:05 - 02953096 _____ (ESET) C:\Windows\SysWOW64\%InstallDir%speclean.exe
2014-06-22 14:34 - 2014-01-27 18:39 - 00000193 _____ () C:\Windows\WORDPAD.INI
2014-06-18 13:05 - 2014-06-03 15:50 - 00003830 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1394598523
2014-06-18 13:05 - 2014-03-12 05:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-18 03:18 - 2014-07-09 01:04 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 02:51 - 2014-07-09 01:04 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 02:10 - 2014-07-09 01:04 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 14:02 - 2013-06-29 15:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-17 13:51 - 2014-06-17 13:51 - 00000000 ____D () C:\Users\Home PC\AppData\Local\Adobe
2014-06-17 13:50 - 2014-06-17 13:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-17 13:50 - 2014-06-17 13:50 - 00002019 _____ () C:\Users\Home PC\Adobe Reader XI.lnk
2014-06-17 13:50 - 2014-06-17 13:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-17 12:49 - 2014-06-17 12:49 - 00000000 _____ () C:\ProgramData\Robot
2014-06-17 12:49 - 2014-06-17 12:23 - 00000000 ____D () C:\Users\Home PC\AppData\Local\Nikon
2014-06-17 12:49 - 2014-06-17 12:22 - 00000000 ____H () C:\ProgramData\PKP_DLev.DAT
2014-06-17 12:49 - 2014-06-17 12:22 - 00000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-06-17 12:49 - 2014-06-17 12:22 - 00000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-06-17 12:49 - 2014-06-17 12:22 - 00000000 ____D () C:\Program Files\Common Files\Nikon
2014-06-17 12:49 - 2014-06-17 12:22 - 00000000 _____ () C:\Users\Home PC\AppData\Roaming\Smooth Strings
2014-06-17 12:31 - 2014-06-17 12:31 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-17 12:24 - 2014-06-17 12:24 - 00000000 ____D () C:\ProgramData\Nikon
2014-06-17 12:23 - 2014-06-17 12:23 - 00000000 _____ () C:\Windows\ViewNX2.INI
2014-06-17 12:22 - 2014-06-17 12:22 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\Users\Home PC\AppData\Local\Downloaded Installations
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\ProgramData\Ultima_T15
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\ProgramData\EnterNHelp
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
2014-06-17 12:22 - 2014-06-17 12:22 - 00000000 ____D () C:\Program Files\Nikon
2014-06-17 12:22 - 2013-06-29 15:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-17 12:21 - 2014-06-17 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2014-06-15 22:37 - 2014-02-23 21:14 - 00000000 ____D () C:\Users\Home PC\Downloads\LAN NETWORK
2014-06-13 03:59 - 2014-06-30 15:42 - 01890264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434043.dll
2014-06-13 03:59 - 2014-06-30 15:42 - 01542088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434043.dll
2014-06-13 03:59 - 2014-06-30 15:42 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-06-13 03:48 - 2014-06-30 15:43 - 00075040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-06-13 03:48 - 2014-06-30 15:43 - 00062920 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 13911928 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 13824408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 11272544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 11211224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 04248520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 03989464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 00946120 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 00909256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 00902616 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 00869336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 00391456 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-06-13 03:48 - 2014-06-30 15:42 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 31512352 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 24198616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 18625768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 17553032 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 14497528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 12860888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-13 03:47 - 2014-06-30 15:42 - 00502048 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-06-13 03:47 - 2014-06-30 15:42 - 00417568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 22994392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 02814120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-13 03:46 - 2014-06-30 15:42 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-13 03:45 - 2014-06-30 15:42 - 03196304 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-06-13 03:11 - 2014-02-19 06:10 - 06783960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-06-13 03:11 - 2014-02-19 06:10 - 03523360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-06-13 03:11 - 2014-02-19 06:10 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-06-13 03:11 - 2014-02-19 06:10 - 00933208 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-06-13 03:11 - 2014-02-19 06:10 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-06-13 03:11 - 2014-02-18 19:37 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-06-13 01:19 - 2014-06-30 15:43 - 00609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

Some content of TEMP:
====================
C:\Users\Home PC\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Home PC\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe
C:\Users\Home PC\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Home PC\AppData\Local\Temp\nvStInst.exe
C:\Users\Home PC\AppData\Local\Temp\Quarantine.exe
C:\Users\Home PC\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Home PC\AppData\Local\Temp\vlc-2.1.4-win64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 01:17

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2014
Ran by Home PC at 2014-07-13 19:41:15
Running from C:\Users\Home PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

@BIOS B13.0402.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 1.00.0000 - GIGABYTE)
@BIOS B13.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
«Urban Trial Freestyle» (HKLM-x32\...\{CC803737-DD58-460A-956D-DBAF1A1360BF}_is1) (Version: 1.0 - © R.G. Revenants)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
App Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.00.0000 - Gigabyte)
App Center B13.0408.1 (x32 Version: 1.00.0000 - Gigabyte) Hidden
ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Borderlands 2 (HKLM-x32\...\{5A71DABE-6A2B-47EA-A1F6-D66E7B08033C}_is1) (Version:  - )
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.65.1074 - AB Team, d.o.o.)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
EasyTune B13.0525.1 (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0000 - GIGABYTE)
EasyTune B13.0525.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
Firestorm SecondLife and OpenSim viewer (Version: 4.6.40833 - Phoenix Viewer Project) Hidden
Firestorm x64 (HKLM-x32\...\{ea9dcc13-fd5f-4878-aca0-9905f32bd724}) (Version: 4.6.40833 - Phoenix Firestorm Project Inc)
foobar2000 v1.2.8 (HKLM-x32\...\foobar2000) (Version: 1.2.8 - Peter Pawlowski)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Geeks3D.com FurMark 1.9.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® Network Connections 18.8.136.0 (Version: 18.8.136.0 - Intel) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.110 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
NVIDIA 3D Vision Controller Driver 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.43 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.43 - NVIDIA Corporation)
NVIDIA Control Panel 340.43 (Version: 340.43 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
Total War ROME II (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.1 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.1 - Ubisoft) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

08-07-2014 01:14:20 Scheduled Checkpoint
08-07-2014 23:47:20 new
08-07-2014 23:48:48 Windows Update
08-07-2014 23:51:14 Restore Operation
08-07-2014 23:56:24 Windows Update
08-07-2014 23:58:17 Restore Operation
09-07-2014 00:04:20 Windows Update
09-07-2014 00:07:12 Restore Operation
13-07-2014 13:01:17 NEW01
13-07-2014 15:10:18 Restore Operation
13-07-2014 15:54:22 NEW02
13-07-2014 15:58:21 Restore Operation

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-21 21:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {171075D6-4341-4BE7-99AE-2B6E7C439FA4} - \Microsoft\Office\OfficeTelemetryAgentFallBack No Task File <==== ATTENTION
Task: {2060AB9F-8B18-4189-A56C-42A8A6D369AF} - \Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC No Task File <==== ATTENTION
Task: {321C7F32-1B53-41C6-8D77-87175DF1BEC6} - System32\Tasks\{BC0B55BE-35C3-4D24-B2F5-6567289B287C} => Chrome.exe http://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603
Task: {396B8711-E2FE-43EF-AE7B-13E6568AF433} - \GoogleUpdateTaskMachineCore1cec8dd80f75b26 No Task File <==== ATTENTION
Task: {5DC47491-06F7-4ABC-94AE-3BE0A79D57FE} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-05-23] ()
Task: {6382E16F-55CD-4B23-9ECB-D96E21C8FAB2} - System32\Tasks\{3B7AA0CE-02CD-4616-98E9-6AE0A7EFF104} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {9CF98260-6765-4D90-B9FA-807B54BF26B5} - \Microsoft\Office\Office 15 Subscription Heartbeat No Task File <==== ATTENTION
Task: {A4E083B9-E74A-45B9-AA1A-01FC9DB26144} - System32\Tasks\{6DA77A91-B241-4BAB-8899-B2C7415BB32B} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {A68C3CFC-E8E1-496F-9CCC-BFF722DC641F} - System32\Tasks\{F14B39BB-8DB1-4B94-9CC4-68BAC51884B2} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {A69443CC-3D00-4749-9E9B-3669C968AA71} - System32\Tasks\Opera scheduled Autoupdate 1394598523 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {BF503DDC-2C68-47CF-A12E-8F08ACBF3A90} - System32\Tasks\{1F0185AB-DC95-4957-8F19-3F64C9A051B7} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {C1DC99C9-527C-4BBD-BD96-7C9FD5B340D3} - System32\Tasks\{84DC47B7-E647-4428-971F-BB08D6F4C478} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {C71CD69E-8A14-465B-8117-3CFBC6F00A6F} - \GoogleUpdateTaskMachineUA1ceeadafc57ac99 No Task File <==== ATTENTION
Task: {C8BC61F2-4401-43EB-83FD-FC2706582018} - System32\Tasks\{F0FDDFCB-D2E3-4F24-9754-6681C4D1E3A3} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {C97AA5E8-02EE-4A89-A747-3467FFD5D50B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {CBAEEFFD-1DB0-4783-BA5B-F2F3C2AB4426} - System32\Tasks\{AB5E754E-22BF-45CE-86AC-6D2F63DDE0A3} => Chrome.exe http://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603
Task: {CF1AD925-D639-46A0-BD62-51292F064657} - System32\Tasks\{309C21B9-7470-46AA-8870-E84D82757F89} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {DC1F59A6-9C0E-48CD-B7D6-A63918709666} - \Microsoft\Office\OfficeTelemetryAgentLogOn No Task File <==== ATTENTION
Task: {E4D655AA-7416-4347-A606-AA8D3DADD2A9} - System32\Tasks\{2B85B304-E4E7-4C4E-9DA9-1084207260FB} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {ECFDA69E-9C87-471B-9C42-DA8FD5A8CA6E} - System32\Tasks\{73EA96F4-A64E-4DD2-A33B-CA14A8D76C29} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {F959599F-F49E-4C36-B5ED-007ADE2374F9} - System32\Tasks\{81185AF3-2A8D-4E1E-9049-3B8FB57BBC22} => Chrome.exe http://ui.skype.com/ui/0/6.16.60.105/en/abandoninstall?page=tsBing
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf275de3358540.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf275de360b491.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-19 06:10 - 2014-06-13 03:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-04 03:40 - 2013-07-04 03:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-29 16:32 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2013-06-29 16:32 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-06-29 16:32 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll
2014-06-11 18:07 - 2014-06-11 18:07 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2014 07:41:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/13/2014 05:38:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/13/2014 04:37:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/13/2014 04:04:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/13/2014 00:16:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/13/2014 05:37:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/13/2014 04:49:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/13/2014 00:43:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/12/2014 09:50:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/12/2014 01:22:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.


System errors:
=============
Error: (07/13/2014 07:37:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (07/13/2014 07:37:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (07/13/2014 05:34:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (07/13/2014 05:34:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (07/13/2014 05:26:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (07/13/2014 05:26:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (07/13/2014 05:11:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (07/13/2014 05:11:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (07/13/2014 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (07/13/2014 05:05:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.


Microsoft Office Sessions:
=========================
Error: (07/13/2014 07:41:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/13/2014 05:38:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/13/2014 04:37:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/13/2014 04:04:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/13/2014 00:16:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/13/2014 05:37:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/13/2014 04:49:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/13/2014 00:43:58 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/12/2014 09:50:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000

Error: (07/12/2014 01:22:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000001346000013460000980B0000


CodeIntegrity Errors:
===================================
  Date: 2014-02-21 20:56:50.170
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-21 20:56:50.134
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 03:12:55.866
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 03:12:55.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 03:12:55.363
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 03:12:55.330
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 03:12:49.953
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-19 03:12:49.921
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 8079.79 MB
Available physical RAM: 6369.75 MB
Total Pagefile: 16157.75 MB
Available Pagefile: 14251.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:110.64 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:411.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: 4075D2F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

That's it! abklatsch.gif

Your logs look clean to me at the moment. icon_thumb.gif

We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif

Thank you!

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

The following software is outdated.

Google Chrome 31

Internet Explorer 10

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.