billyfiveoh Posted October 18, 2014 ID:892012 Share Posted October 18, 2014 here are the scans that you requested...... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01Ran by bill (administrator) on GAMINGSTATION on 18-10-2014 15:59:06Running from C:\Users\bill\DownloadsLoaded Profile: bill (Available profiles: bill)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5134\Battle.net.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)HKLM\...\Run: [synAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-16] (Synaptics)HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-16] ()HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-16] (Synaptics Incorporated)HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)HKLM\...\Run: [saiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-07] (AVAST Software)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-3768960476-2125354436-3045583577-1002\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)HKU\S-1-5-21-3768960476-2125354436-3045583577-1002\...\Run: [skyDrive] => C:\Users\bill\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)HKU\S-1-5-21-3768960476-2125354436-3045583577-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1938112 2014-09-23] (Valve Corporation)AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not FoundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - iexplore.exeBHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112Tcpip\..\Interfaces\{C7873A54-165D-45B2-BE6D-8CAB1E001FF1}: [NameServer] 81.218.119.15,199.203.35.75 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-28] Chrome: =======CHR HomePage: Default -> hxxp://yahoo.com/CHR StartupUrls: Default -> "hxxp://yahoo.com/"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\bill\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-19]CHR Extension: (Google Drive) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-19]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (YouTube) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-19]CHR Extension: (Google Search) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-19]CHR Extension: (avast! Online Security) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22]CHR Extension: (Google Wallet) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]CHR Extension: (Gmail) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-19]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com)R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-07] (AVAST Software)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)R2 HPSLPSVC; C:\Users\bill\AppData\Local\Temp\7zS57F2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-07] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-07] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-07] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-07] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-07] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-07] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-07] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-07] ()R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)R3 SaiH053C; C:\Windows\system32\DRIVERS\SaiH053C.sys [171144 2007-05-01] (Saitek)R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-16] (Synaptics Incorporated)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-18 15:59 - 2014-10-18 15:59 - 00022626 _____ () C:\Users\bill\Downloads\FRST.txt2014-10-18 15:59 - 2014-10-18 15:59 - 00000000 ____D () C:\FRST2014-10-18 15:57 - 2014-10-18 15:57 - 02112000 _____ (Farbar) C:\Users\bill\Downloads\FRST64.exe2014-10-18 15:57 - 2014-10-18 15:57 - 00001154 _____ () C:\Users\bill\Desktop\FRST64 - Shortcut.lnk2014-10-17 18:24 - 2014-10-17 18:24 - 00001197 _____ () C:\Users\bill\Desktop\RogueKiller - Shortcut.lnk2014-10-17 18:14 - 2014-10-17 18:14 - 15725144 _____ () C:\Users\bill\Downloads\RogueKiller.exe2014-10-17 18:14 - 2014-10-17 18:14 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2014-10-17 18:14 - 2014-10-17 18:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-17 18:12 - 2014-10-17 18:12 - 00001192 _____ () C:\Users\bill\Desktop\tdsskiller - Shortcut.lnk2014-10-17 18:11 - 2014-10-17 18:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\bill\Downloads\tdsskiller.exe2014-10-17 18:05 - 2014-10-17 18:05 - 00003003 _____ () C:\Users\bill\Desktop\HiJackThis.lnk2014-10-17 18:05 - 2014-10-17 18:05 - 00000000 ____D () C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-10-17 18:05 - 2014-10-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Trend Micro2014-10-15 18:54 - 2014-10-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET2014-10-15 14:44 - 2014-09-27 18:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-10-15 14:44 - 2014-09-07 23:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-10-15 14:44 - 2014-09-07 21:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-10-15 14:44 - 2014-09-07 21:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-10-15 14:44 - 2014-09-07 20:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2014-10-15 14:44 - 2014-09-07 20:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2014-10-15 14:44 - 2014-09-07 20:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-10-15 14:44 - 2014-09-07 20:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-10-15 14:44 - 2014-09-07 20:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-10-15 14:44 - 2014-09-07 20:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-10-15 14:44 - 2014-09-07 20:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-10-15 14:44 - 2014-09-07 19:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2014-10-15 14:44 - 2014-09-07 19:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2014-10-15 14:44 - 2014-09-07 19:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-10-15 14:44 - 2014-09-07 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-10-15 14:44 - 2014-09-03 20:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll2014-10-15 14:44 - 2014-09-03 19:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2014-10-15 14:44 - 2014-09-03 19:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2014-10-15 14:43 - 2014-10-09 18:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-10-15 14:43 - 2014-10-08 18:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2014-10-15 14:43 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-10-15 14:43 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-10-15 14:43 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-10-15 14:43 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-10-15 14:43 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-10-15 14:43 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-10-15 14:43 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-10-15 14:43 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-10-15 14:43 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-10-15 14:43 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-10-15 14:43 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-10-15 14:43 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-10-15 14:43 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-10-15 14:43 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-10-15 14:43 - 2014-09-18 21:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-10-15 14:43 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-10-15 14:43 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-10-15 14:43 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-10-15 14:43 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-10-15 14:43 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-10-15 14:43 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-10-15 14:43 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-10-15 14:43 - 2014-09-18 20:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-10-15 14:43 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-10-15 14:43 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-10-15 14:43 - 2014-09-18 20:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-10-15 14:43 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-10-15 14:43 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-10-15 14:43 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-10-15 14:43 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-10-15 14:43 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-10-15 14:43 - 2014-09-13 02:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll2014-10-15 14:43 - 2014-09-13 01:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll2014-10-15 14:43 - 2014-09-03 20:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll2014-10-15 14:43 - 2014-09-03 20:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll2014-10-15 14:41 - 2014-09-13 02:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll2014-10-15 14:41 - 2014-09-13 01:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll2014-10-14 16:11 - 2014-10-14 16:11 - 01976320 _____ () C:\Users\bill\Downloads\adwcleaner_4.000.exe2014-10-07 12:49 - 2014-10-07 12:49 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe2014-10-07 12:42 - 2014-10-07 12:42 - 00001871 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-10-07 12:42 - 2014-10-07 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-10-07 12:42 - 2014-10-07 12:42 - 00000000 ____D () C:\Program Files\HitmanPro2014-10-07 12:41 - 2014-10-07 12:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-10-03 13:19 - 2014-10-03 13:19 - 00000000 ____D () C:\Users\bill\Documents\My Games2014-10-03 13:14 - 2014-10-03 13:14 - 00000000 ____D () C:\Users\bill\Documents\Paradox Interactive2014-10-01 17:07 - 2014-10-01 17:07 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-10-01 17:07 - 2014-10-01 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-10-01 15:11 - 2014-10-18 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-10-01 15:10 - 2014-10-13 16:55 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-01 15:10 - 2014-10-13 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-01 15:10 - 2014-10-13 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-01 15:10 - 2014-10-01 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-01 15:10 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-10-01 15:10 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-10-01 15:10 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-09-30 16:38 - 2014-09-30 16:38 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard2014-09-29 11:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-09-29 11:16 - 2014-10-14 16:19 - 00000000 ____D () C:\AdwCleaner2014-09-28 12:39 - 2014-09-28 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-09-28 12:39 - 2014-09-28 12:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-09-28 12:39 - 2014-09-28 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-09-28 12:38 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll2014-09-28 12:38 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-09-28 12:38 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-09-28 12:38 - 2014-08-16 00:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-09-28 12:38 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll2014-09-28 12:38 - 2014-08-16 00:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2014-09-28 12:38 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2014-09-28 12:38 - 2014-08-15 23:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-09-28 12:38 - 2014-08-15 23:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2014-09-28 12:38 - 2014-08-15 23:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-09-28 12:38 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll2014-09-28 12:38 - 2014-08-15 23:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2014-09-28 12:38 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2014-09-28 12:38 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll2014-09-28 12:38 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll2014-09-28 12:38 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll2014-09-28 12:38 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll2014-09-28 12:38 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll2014-09-28 12:38 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll2014-09-28 12:38 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll2014-09-28 12:38 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll2014-09-28 12:38 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll2014-09-28 12:38 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-28 12:38 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-09-28 12:38 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-09-28 12:38 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll2014-09-28 12:38 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-28 12:38 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-09-28 12:38 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-09-28 12:38 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll2014-09-28 12:38 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-09-28 12:38 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-09-28 12:38 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll2014-09-28 12:38 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-09-28 12:38 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-09-28 12:38 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-09-28 12:38 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-09-28 12:38 - 2014-07-31 19:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-09-28 03:48 - 2014-09-28 03:48 - 00000000 ____D () C:\Users\bill\AppData\Local\CrashRpt2014-09-19 17:16 - 2014-09-19 17:16 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies2014-09-19 17:15 - 2014-09-13 16:13 - 00613696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe2014-09-19 17:13 - 2014-09-17 00:51 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys2014-09-19 17:13 - 2014-09-17 00:51 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll2014-09-19 17:13 - 2014-09-13 19:48 - 31887680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll2014-09-19 17:13 - 2014-09-13 19:48 - 24552592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll2014-09-19 17:13 - 2014-09-13 19:48 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll2014-09-19 17:13 - 2014-09-13 19:48 - 18106152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll2014-09-19 17:13 - 2014-09-13 19:48 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll2014-09-19 17:13 - 2014-09-13 19:48 - 14026304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll2014-09-19 17:13 - 2014-09-13 19:48 - 13939272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll2014-09-19 17:13 - 2014-09-13 19:48 - 13157696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys2014-09-19 17:13 - 2014-09-13 19:48 - 11392576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll2014-09-19 17:13 - 2014-09-13 19:48 - 11330776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll2014-09-19 17:13 - 2014-09-13 19:48 - 04287296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll2014-09-19 17:13 - 2014-09-13 19:48 - 04008592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll2014-09-19 17:13 - 2014-09-13 19:48 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434411.dll2014-09-19 17:13 - 2014-09-13 19:48 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434411.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00957584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00925896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00919240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00894096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00501064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00417096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00393024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll2014-09-19 17:13 - 2014-09-13 19:48 - 00348304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll2014-09-19 17:08 - 2014-09-04 15:14 - 00038048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys2014-09-19 17:08 - 2014-09-04 15:14 - 00032416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-18 15:55 - 2014-08-25 16:52 - 00000000 ____D () C:\Users\bill\AppData\Local\Battle.net2014-10-18 15:39 - 2013-10-01 17:49 - 00000000 ____D () C:\Users\bill\AppData\Roaming\Skype2014-10-18 15:13 - 2013-09-05 17:38 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-10-18 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-10-18 14:43 - 2013-12-24 21:40 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D8D15F59-3AE7-4A97-AFC6-F924FB726A67}2014-10-18 12:32 - 2013-09-05 17:04 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3768960476-2125354436-3045583577-10022014-10-18 09:13 - 2013-09-05 17:40 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-18 09:13 - 2013-09-05 17:38 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-10-18 08:39 - 2013-10-01 20:33 - 00004990 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GAMINGSTATION-bill Gamingstation2014-10-18 08:29 - 2014-01-31 01:36 - 00000000 ___DO () C:\Users\bill\SkyDrive2014-10-18 08:28 - 2014-01-03 16:06 - 00000000 ____D () C:\Program Files (x86)\Steam2014-10-18 08:28 - 2013-09-06 16:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-10-18 08:28 - 2013-09-05 16:57 - 00000401 _____ () C:\Users\bill\AppData\Roaming\sp_data.sys2014-10-18 08:27 - 2013-10-31 17:36 - 00000000 ____D () C:\Users\bill2014-10-18 00:00 - 2013-10-31 17:30 - 01534756 _____ () C:\WINDOWS\WindowsUpdate.log2014-10-17 23:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-10-17 18:05 - 2013-09-05 16:56 - 00000000 ____D () C:\Users\bill\AppData\Local\VirtualStore2014-10-17 16:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2014-10-17 10:27 - 2013-10-31 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA2014-10-17 10:27 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-10-17 10:27 - 2013-08-22 10:44 - 00482552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-10-17 04:21 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-10-17 04:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer2014-10-17 04:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager2014-10-17 04:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera2014-10-15 20:13 - 2014-08-25 16:51 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-10-15 18:57 - 2013-09-06 14:33 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-10-15 18:57 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-10-15 18:54 - 2014-07-09 14:11 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-10-15 18:54 - 2013-09-06 14:33 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-10-14 16:20 - 2013-09-29 23:55 - 00132132 _____ () C:\WINDOWS\PFRO.log2014-10-10 19:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\System2014-10-08 15:44 - 2013-08-22 10:46 - 00303494 _____ () C:\WINDOWS\setupact.log2014-10-07 16:19 - 2014-02-03 17:17 - 00000000 ____D () C:\Users\bill\AppData\Roaming\HpUpdate2014-10-04 05:55 - 2014-02-03 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP2014-10-04 05:55 - 2014-02-03 17:15 - 00000000 ____D () C:\Program Files (x86)\HP2014-10-04 05:55 - 2014-02-03 17:14 - 00001838 _____ () C:\ProgramData\hpzinstall.log2014-10-04 05:44 - 2014-01-03 16:26 - 00000000 ____D () C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-10-04 02:42 - 2014-06-02 10:24 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll2014-10-04 02:42 - 2013-11-05 00:09 - 02197680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll2014-10-04 02:41 - 2014-06-02 10:24 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll2014-10-04 02:41 - 2013-11-05 00:09 - 02800296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll2014-10-03 13:11 - 2012-11-23 11:08 - 00027849 _____ () C:\WINDOWS\DirectX.log2014-10-01 17:07 - 2014-03-24 22:07 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk2014-10-01 17:07 - 2013-10-01 17:49 - 00000000 ____D () C:\ProgramData\Skype2014-09-29 18:45 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-09-29 18:45 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-09-29 11:05 - 2014-07-22 17:10 - 00000000 ____D () C:\Users\bill\AppData\Local\Razer2014-09-29 11:05 - 2014-07-22 17:10 - 00000000 ____D () C:\ProgramData\Razer2014-09-29 11:05 - 2014-07-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Razer2014-09-29 00:25 - 2013-12-25 21:07 - 00000215 _____ () C:\Users\bill\AppData\Roaming\WB.CFG2014-09-28 12:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-09-28 12:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-09-28 12:20 - 2013-12-28 19:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-09-28 03:57 - 2014-07-29 10:17 - 00000000 ____D () C:\ProgramData\Package Cache2014-09-26 12:49 - 2013-10-01 12:06 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-09-20 08:56 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-09-19 17:16 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal2014-09-19 17:16 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2014-09-19 17:16 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-19 17:16 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-19 17:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup2014-09-19 17:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod2014-09-19 17:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup2014-09-19 17:16 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe2014-09-19 17:15 - 2013-10-31 17:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-09-19 17:09 - 2013-10-31 17:29 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-09-18 00:37 - 2014-01-09 20:25 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk2014-09-18 00:37 - 2012-11-23 11:07 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk Files to move or delete:====================C:\ProgramData\SetStretch.VBS Some content of TEMP:====================C:\Users\bill\AppData\Local\Temp\56512uninstall.exeC:\Users\bill\AppData\Local\Temp\6_Offer_14.exeC:\Users\bill\AppData\Local\Temp\7-zip.exeC:\Users\bill\AppData\Local\Temp\airAFEC.exeC:\Users\bill\AppData\Local\Temp\COMAP.EXEC:\Users\bill\AppData\Local\Temp\Compete_setup.exeC:\Users\bill\AppData\Local\Temp\dllnt_dump.dllC:\Users\bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuxv7p.dllC:\Users\bill\AppData\Local\Temp\HPInstaller.exeC:\Users\bill\AppData\Local\Temp\nvSCPAPI.dllC:\Users\bill\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\bill\AppData\Local\Temp\nvStereoApiI64.dllC:\Users\bill\AppData\Local\Temp\nvStInst.exeC:\Users\bill\AppData\Local\Temp\Quarantine.exeC:\Users\bill\AppData\Local\Temp\SAS6_Update.exeC:\Users\bill\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01Ran by bill at 2014-10-18 15:59:59Running from C:\Users\bill\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) HiddenASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.020 - ASUS)ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.0 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) HiddenAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.95.29 - Broadcom Corporation)BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenCounter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenD6100_D7100_D7300_Help (x32 Version: 82.0.233.000 - Hewlett-Packard) HiddenD7100 (x32 Version: 140.0.421.000 - Hewlett-Packard) HiddenDay of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenHalf-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenHyperLobby client (HKLM-x32\...\{6592866A-D35A-44BE-AE8F-2AABE6C1D765}) (Version: 4.3.4 - Jiri Fojtasek)IL-2 Sturmovik: 1946 (HKLM-x32\...\Steam App 15320) (Version: - 1C: Maddox Games)IL-2 Sturmovik: Cliffs of Dover (HKLM-x32\...\Steam App 63950) (Version: - 1C: Maddox Games)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenLogitech Gaming Software (Version: 8.45.88 - Logitech Inc.) HiddenLogitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) HiddenMobile App Sync (HKLM-x32\...\Mobile App Sync) (Version: - Mobile App Sync)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)NVIDIA GeForce Experience Service (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)NVIDIA ShadowPlay 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhotosmart and Deskjet Drivers 14.0 Rel. A (HKLM\...\{F58E1340-3FD5-40B8-A07C-4893CFC29749}) (Version: 14.0 - HP)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)SF_CDA_ProductContext (x32 Version: 140.0.421.000 - Hewlett-Packard) HiddenSF_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenSHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) HiddenSkype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.342.000 - Hewlett-Packard) HiddenSteam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenVentrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) HiddenWIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3768960476-2125354436-3045583577-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\bill\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 03-10-2014 17:09:50 Installed DirectX07-10-2014 16:47:28 Checkpoint by HitmanPro08-10-2014 19:44:59 Installed DirectX10-10-2014 23:49:14 Checkpoint by HitmanPro14-10-2014 20:49:55 Checkpoint by HitmanPro17-10-2014 22:03:22 Installed HiJackThis ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {17655011-8A95-4924-A427-087935565DAE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)Task: {1C4CED3B-8EE1-44F5-9283-699B9C9A7F5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {406AA316-3519-4692-BF65-24CAB3CE904D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-16] (Synaptics Incorporated)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {537AFF82-5716-4305-BE86-D75DB301B800} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-07] (AVAST Software)Task: {61903F14-2D87-4C5D-A2DF-B6FD3D9622B8} - \Installer_iwebar No Task File <==== ATTENTIONTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77996F85-D663-4108-BAF4-040F1B06289E} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {7901FF7C-A124-4D4D-9275-68EC80B80961} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GAMINGSTATION-bill Gamingstation => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-26] (Microsoft Corporation)Task: {7FF3B065-BA05-40E0-AD65-97C6214635B2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {8290ED17-E221-467B-B2FD-0A2F9E12CC43} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {89ECE77D-8138-46AC-B1E6-BE8B51D85E6D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3768960476-2125354436-3045583577-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exeTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9AF2A150-74FE-4D84-A8EA-0EB1AC704F4F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {9C3E9FD3-5333-411F-9180-E656F7C2BB7E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A3579955-1827-4C19-A6C7-D8DE381A13BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)Task: {AAC0DF2D-5EC6-44A3-AE60-AB4227C353FC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)Task: {AB76A4FC-0136-4F95-B4FC-EA2CA798CA67} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)Task: {B684C244-BABB-40B3-95C9-3D071864D8D0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {C676A034-8E72-42AE-8B6B-8360A1D5FB58} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E007953F-3C71-4A33-9042-407117168893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {FA8CAAAC-A9C5-4E31-BCDF-F47CEFD12D46} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-14 17:27 - 2012-12-14 17:27 - 00049520 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll2014-05-27 12:50 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-10-31 17:30 - 2014-09-13 17:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-09-26 12:48 - 2014-09-26 12:48 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-08-24 20:26 - 2012-08-24 20:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll2013-01-20 22:59 - 2012-09-16 23:13 - 01367864 _____ () C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe2014-07-02 17:54 - 2014-07-02 17:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll2014-07-02 17:59 - 2014-07-02 17:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll2014-07-02 17:54 - 2014-07-02 17:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll2014-07-02 17:59 - 2014-07-02 17:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll2013-03-25 16:27 - 2011-09-19 13:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe2014-08-07 07:40 - 2014-08-07 07:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-10-16 15:32 - 2014-10-16 15:32 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101601\algo.dll2014-10-17 10:28 - 2014-10-17 10:28 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101700\algo.dll2014-10-18 15:06 - 2014-10-18 15:06 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14101801\algo.dll2013-03-25 16:14 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2012-09-11 17:01 - 2012-09-11 17:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll2014-08-30 03:29 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2013-11-06 14:48 - 2014-09-03 15:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-05-23 08:55 - 2014-09-23 00:32 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2013-12-11 12:40 - 2014-09-23 00:32 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2014-08-07 07:40 - 2014-08-07 07:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2013-11-06 14:48 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2014-09-26 12:48 - 2014-09-26 12:48 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll2014-10-07 20:17 - 2014-10-07 20:17 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libcef.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libGLESv2.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\platforms\qwindows.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libEGL.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qgif.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qico.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qjpeg.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qmng.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qtiff.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick.2\qtquick2plugin.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick\Layouts\qquicklayoutsplugin.dll2014-10-07 20:17 - 2014-10-07 20:17 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQml\Models.2\modelsplugin.dll2014-10-15 12:15 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll2014-10-15 12:15 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll2014-10-15 12:15 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll2014-10-15 12:14 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\bill\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\bill\SkyDrive (2).old:ms-propertiesAlternateDataStreams: C:\Users\bill\SkyDrive.old:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3768960476-2125354436-3045583577-500 - Administrator - Disabled)bill (S-1-5-21-3768960476-2125354436-3045583577-1002 - Administrator - Enabled) => C:\Users\billGuest (S-1-5-21-3768960476-2125354436-3045583577-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3768960476-2125354436-3045583577-1007 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Programmable Root EnumeratorDescription: Programming SupportClass Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}Manufacturer: Mad CatzService: SaiNtBusProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver ==================== Event log errors: ========================= Application errors:==================Error: (10/14/2014 04:49:54 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {8099d015-7aff-4559-88a2-35f723de0ed8} Error: (10/13/2014 11:43:51 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Skype.exe, version: 6.20.0.104, time stamp: 0x53fd9215Faulting module name: Skype.exe, version: 6.20.0.104, time stamp: 0x53fd9215Exception code: 0xc000041dFault offset: 0x017a85a1Faulting process id: 0x113cFaulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Faulting package full name: Skype.exe4Faulting package-relative application ID: Skype.exe5 Error: (10/10/2014 07:49:13 PM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7d990669-8089-42ed-a983-c46658dec267} Error: (09/30/2014 11:28:07 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {2CFE88FF-284F-4C21-8FA2-CBE909CE8073} Error: (09/26/2014 00:49:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: GAMINGSTATION)Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down. Error: (09/25/2014 11:35:35 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider database Error: (09/24/2014 08:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Skype.exe, version: 6.18.59.106, time stamp: 0x53d146e8Faulting module name: ieframe.dll, version: 11.0.9600.17278, time stamp: 0x53eeaae9Exception code: 0xc0000005Fault offset: 0x00064778Faulting process id: 0x1d90Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Faulting package full name: Skype.exe4Faulting package-relative application ID: Skype.exe5 Error: (09/20/2014 08:43:52 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Skype.exe, version: 6.18.59.106, time stamp: 0x53d146e8Faulting module name: ieframe.dll, version: 11.0.9600.17278, time stamp: 0x53eeaae9Exception code: 0xc0000005Fault offset: 0x00064778Faulting process id: 0x120Faulting application start time: 0xSkype.exe0Faulting application path: Skype.exe1Faulting module path: Skype.exe2Report Id: Skype.exe3Faulting package full name: Skype.exe4Faulting package-relative application ID: Skype.exe5 Error: (09/19/2014 05:09:00 PM) (Source: NvStreamSvc) (EventID: 1) (User: )Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0] Error: (09/16/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6cFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x32152e98Faulting process id: 0x12a4Faulting application start time: 0xGoogleUpdate.exe0Faulting application path: GoogleUpdate.exe1Faulting module path: GoogleUpdate.exe2Report Id: GoogleUpdate.exe3Faulting package full name: GoogleUpdate.exe4Faulting package-relative application ID: GoogleUpdate.exe5 System errors:=============Error: (10/17/2014 06:14:32 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\Windows\System32\drivers\TrueSight.sys Error: (10/01/2014 04:53:57 PM) (Source: DCOM) (EventID: 10010) (User: GAMINGSTATION)Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (10/01/2014 04:53:57 PM) (Source: DCOM) (EventID: 10010) (User: GAMINGSTATION)Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (10/01/2014 04:53:57 PM) (Source: DCOM) (EventID: 10010) (User: GAMINGSTATION)Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (10/01/2014 04:53:57 PM) (Source: DCOM) (EventID: 10010) (User: GAMINGSTATION)Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} Error: (09/29/2014 11:05:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The RzKLService service terminated unexpectedly. It has done this 1 time(s). Error: (09/28/2014 00:44:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Update Greener Web service failed to start due to the following error: %%2 Error: (09/28/2014 00:20:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASLDRService service. Error: (09/28/2014 00:19:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Update Greener Web service failed to start due to the following error: %%2 Error: (09/28/2014 03:42:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Update Greener Web service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (10/14/2014 04:49:54 PM) (Source: VSS) (EventID: 8194) (User: )Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {8099d015-7aff-4559-88a2-35f723de0ed8} Error: (10/13/2014 11:43:51 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Skype.exe6.20.0.10453fd9215Skype.exe6.20.0.10453fd9215c000041d017a85a1113c01cfe57581a883a7C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exeba714a6c-52ef-11e4-bf1f-6c71d95402a8 Error: (10/10/2014 07:49:13 PM) (Source: VSS) (EventID: 8194) (User: )Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7d990669-8089-42ed-a983-c46658dec267} Error: (09/30/2014 11:28:07 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {2CFE88FF-284F-4C21-8FA2-CBE909CE8073} Error: (09/26/2014 00:49:29 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: GAMINGSTATION)Description: 4C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEMicrosoft Office Document Cache Sync Client Interface024177396243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000 Error: (09/25/2014 11:35:35 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: -2147024883 Error: (09/24/2014 08:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Skype.exe6.18.59.10653d146e8ieframe.dll11.0.9600.1727853eeaae9c0000005000647781d9001cfd845b974d518C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\SYSTEM32\ieframe.dll798a0eac-4449-11e4-bf16-6c71d95402a8 Error: (09/20/2014 08:43:52 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Skype.exe6.18.59.10653d146e8ieframe.dll11.0.9600.1727853eeaae9c00000050006477812001cfd4d07b8bb6cbC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\SYSTEM32\ieframe.dllc62bf0d3-40c3-11e4-bf15-6c71d95402a8 Error: (09/19/2014 05:09:00 PM) (Source: NvStreamSvc) (EventID: 1) (User: )Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0] Error: (09/16/2014 00:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: GoogleUpdate.exe1.3.21.1034f3c6d6cunknown0.0.0.000000000c000000532152e9812a401cfd1cf4783b17aC:\Program Files (x86)\Google\Update\GoogleUpdate.exeunknown86047126-3dc2-11e4-bf13-6c71d95402a8 ==================== Memory info =========================== Processor: Intel® Core i7-3630QM CPU @ 2.40GHzPercentage of memory in use: 16%Total physical RAM: 16337.2 MBAvailable physical RAM: 13561.66 MBTotal Pagefile: 18769.2 MBAvailable Pagefile: 15373.32 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:909.99 GB) (Free:782.4 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 73746098) Partition: GPT Partition Type. Link to post Share on other sites More sharing options...
LiquidTension Posted October 19, 2014 ID:892186 Share Posted October 19, 2014 Hello billyfiveoh, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed. ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible.Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.Please backup important documents before proceeding with my instructions.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.Ensure you are following this topic. Click at the top of the page. ====================================================== What issues are you experiencing? STEP 1 Malwarebytes Anti-Malware (MBAM)Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. STEP 2 AdwCleanerPlease download AdwCleaner and save the file to your Desktop..Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 3 Junkware Removal Tool (JRT)Please download Junkware Removal Tool and save the file to your Desktop.Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted. Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. STEP 4 Farbar Recovery Scan Tool (FRST) ScanRight-Click FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. ======================================================STEP 5 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.MBAM logAdwCleaner[s0].txtJRT.txtFRST.txtAddition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 22, 2014 Root Admin ID:894028 Share Posted October 22, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 23, 2014 Root Admin ID:894753 Share Posted October 23, 2014 Topic reopened per user request Link to post Share on other sites More sharing options...
LiquidTension Posted October 23, 2014 ID:894846 Share Posted October 23, 2014 Hello billyfiveoh, Please carry out the instructions in my first post, and post the logs generated. Link to post Share on other sites More sharing options...
billyfiveoh Posted October 23, 2014 Author ID:895018 Share Posted October 23, 2014 # AdwCleaner v4.001 - Report created 23/10/2014 at 13:11:28# DB v2014-10-21.1# Updated 20/10/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : bill - GAMINGSTATION# Running from : C:\Users\bill\Downloads\adwcleaner_4.001 (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorageFile Deleted : C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v38.0.2125.104 ************************* AdwCleaner[R0].txt - [1262 octets] - [22/10/2014 11:06:57]AdwCleaner[R1].txt - [5950 octets] - [23/10/2014 13:08:58]AdwCleaner[s0].txt - [1324 octets] - [22/10/2014 11:08:29]AdwCleaner[s1].txt - [5868 octets] - [23/10/2014 13:11:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [5928 octets] ########## Link to post Share on other sites More sharing options...
billyfiveoh Posted October 23, 2014 Author ID:895081 Share Posted October 23, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/23/2014Scan Time: 1:52:46 PMLogfile: Administrator: Yes Version: 2.00.3.1025Malware Database: v2014.10.23.06Rootkit Database: v2014.10.22.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: bill Scan Type: Threat ScanResult: CompletedObjects Scanned: 323417Time Elapsed: 23 min, 22 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) # AdwCleaner v4.001 - Report created 23/10/2014 at 13:11:28# DB v2014-10-21.1# Updated 20/10/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : bill - GAMINGSTATION# Running from : C:\Users\bill\Downloads\adwcleaner_4.001 (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorageFile Deleted : C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v38.0.2125.104 ************************* AdwCleaner[R0].txt - [1262 octets] - [22/10/2014 11:06:57]AdwCleaner[R1].txt - [5950 octets] - [23/10/2014 13:08:58]AdwCleaner[s0].txt - [1324 octets] - [22/10/2014 11:08:29]AdwCleaner[s1].txt - [5868 octets] - [23/10/2014 13:11:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [5928 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.21.2014:1)OS: Windows 8.1 x64Ran by bill on Thu 10/23/2014 at 13:47:07.55~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01Ran by bill (administrator) on GAMINGSTATION on 23-10-2014 14:23:13Running from C:\Users\bill\DownloadsLoaded Profile: bill (Available profiles: bill)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe() C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)HKLM\...\Run: [synAsusGestureAPIMgr] => C:\Program Files\Synaptics\SynTP\SynAsusGestureAPIMgr.exe [736568 2012-09-16] (Synaptics)HKLM\...\Run: [AsusNewUI] => C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe [1367864 2012-09-16] ()HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-09-16] (Synaptics Incorporated)HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)HKLM\...\Run: [saiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-07] (AVAST Software)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-3768960476-2125354436-3045583577-1002\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-07] (SUPERAntiSpyware)HKU\S-1-5-21-3768960476-2125354436-3045583577-1002\...\Run: [skyDrive] => C:\Users\bill\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)HKU\S-1-5-21-3768960476-2125354436-3045583577-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not FoundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - iexplore.exeBHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112Tcpip\..\Interfaces\{C7873A54-165D-45B2-BE6D-8CAB1E001FF1}: [NameServer] 81.218.119.15,199.203.35.75 FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-28] Chrome: =======CHR HomePage: Default -> hxxp://yahoo.com/CHR StartupUrls: Default -> "hxxp://yahoo.com/"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\bill\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-19]CHR Extension: (Google Drive) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-19]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]CHR Extension: (YouTube) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-19]CHR Extension: (Google Search) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-19]CHR Extension: (Avast Online Security) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22]CHR Extension: (Google Wallet) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]CHR Extension: (Gmail) - C:\Users\bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-19]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com)R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-07] (AVAST Software)S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)R2 HPSLPSVC; C:\Users\bill\AppData\Local\Temp\7zS57F2\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-07] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-07] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-07] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-07] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-07] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-07] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-07] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-07] ()R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)R3 SaiH053C; C:\Windows\system32\DRIVERS\SaiH053C.sys [171144 2007-05-01] (Saitek)R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-16] (Synaptics Incorporated)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-17] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-23 14:23 - 2014-10-23 14:23 - 00022102 _____ () C:\Users\bill\Downloads\FRST.txt2014-10-23 13:51 - 2014-10-23 13:51 - 00000621 _____ () C:\Users\bill\Desktop\JRT.txt2014-10-23 13:45 - 2014-10-21 14:25 - 01706144 _____ (Thisisu) C:\Users\bill\Desktop\JRT_NEW.exe2014-10-23 13:08 - 2014-10-23 13:08 - 01962496 _____ () C:\Users\bill\Downloads\adwcleaner_4.001 (1).exe2014-10-22 19:13 - 2014-10-16 08:27 - 00614544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe2014-10-22 19:12 - 2014-10-22 19:12 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp2014-10-22 19:11 - 2014-10-16 12:54 - 31890064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll2014-10-22 19:11 - 2014-10-16 12:54 - 24555840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll2014-10-22 19:11 - 2014-10-16 12:54 - 20922696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll2014-10-22 19:11 - 2014-10-16 12:54 - 18499648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll2014-10-22 19:11 - 2014-10-16 12:54 - 17260864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll2014-10-22 19:11 - 2014-10-16 12:54 - 14029400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll2014-10-22 19:11 - 2014-10-16 12:54 - 13942368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll2014-10-22 19:11 - 2014-10-16 12:54 - 13190288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys2014-10-22 19:11 - 2014-10-16 12:54 - 11395672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll2014-10-22 19:11 - 2014-10-16 12:54 - 11333848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll2014-10-22 19:11 - 2014-10-16 12:54 - 04289856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll2014-10-22 19:11 - 2014-10-16 12:54 - 04009672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll2014-10-22 19:11 - 2014-10-16 12:54 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434448.dll2014-10-22 19:11 - 2014-10-16 12:54 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434448.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00962376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00931984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00921928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00895176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00500880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00418112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00392008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll2014-10-22 19:11 - 2014-10-16 12:54 - 00348488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll2014-10-22 11:06 - 2014-10-23 13:11 - 00000000 ____D () C:\AdwCleaner2014-10-22 11:06 - 2014-10-22 11:06 - 01962496 _____ () C:\Users\bill\Downloads\adwcleaner_4.001.exe2014-10-20 16:06 - 2014-10-20 16:06 - 00000000 ____D () C:\WINDOWS\ERUNT2014-10-20 14:52 - 2014-10-20 14:52 - 01705698 _____ (Thisisu) C:\Users\bill\Downloads\JRT.exe2014-10-20 14:52 - 2014-10-20 14:52 - 00001119 _____ () C:\Users\bill\Desktop\JRT - Shortcut.lnk2014-10-18 15:59 - 2014-10-23 14:23 - 00000000 ____D () C:\FRST2014-10-18 15:57 - 2014-10-18 15:57 - 02112000 _____ (Farbar) C:\Users\bill\Downloads\FRST64.exe2014-10-18 15:57 - 2014-10-18 15:57 - 00001154 _____ () C:\Users\bill\Desktop\FRST64 - Shortcut.lnk2014-10-17 18:24 - 2014-10-17 18:24 - 00001197 _____ () C:\Users\bill\Desktop\RogueKiller - Shortcut.lnk2014-10-17 18:14 - 2014-10-17 18:14 - 15725144 _____ () C:\Users\bill\Downloads\RogueKiller.exe2014-10-17 18:14 - 2014-10-17 18:14 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2014-10-17 18:14 - 2014-10-17 18:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-17 18:12 - 2014-10-17 18:12 - 00001192 _____ () C:\Users\bill\Desktop\tdsskiller - Shortcut.lnk2014-10-17 18:11 - 2014-10-17 18:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\bill\Downloads\tdsskiller.exe2014-10-17 18:05 - 2014-10-17 18:05 - 00003003 _____ () C:\Users\bill\Desktop\HiJackThis.lnk2014-10-17 18:05 - 2014-10-17 18:05 - 00000000 ____D () C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis2014-10-17 18:05 - 2014-10-17 18:05 - 00000000 ____D () C:\Program Files (x86)\Trend Micro2014-10-15 18:54 - 2014-10-15 18:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET2014-10-15 14:44 - 2014-09-27 18:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-10-15 14:44 - 2014-09-07 23:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-10-15 14:44 - 2014-09-07 21:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-10-15 14:44 - 2014-09-07 21:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-10-15 14:44 - 2014-09-07 20:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2014-10-15 14:44 - 2014-09-07 20:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2014-10-15 14:44 - 2014-09-07 20:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-10-15 14:44 - 2014-09-07 20:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-10-15 14:44 - 2014-09-07 20:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-10-15 14:44 - 2014-09-07 20:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-10-15 14:44 - 2014-09-07 20:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-10-15 14:44 - 2014-09-07 19:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2014-10-15 14:44 - 2014-09-07 19:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2014-10-15 14:44 - 2014-09-07 19:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-10-15 14:44 - 2014-09-07 19:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-10-15 14:44 - 2014-09-03 20:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll2014-10-15 14:44 - 2014-09-03 19:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2014-10-15 14:44 - 2014-09-03 19:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2014-10-15 14:43 - 2014-10-09 18:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-10-15 14:43 - 2014-10-08 18:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2014-10-15 14:43 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-10-15 14:43 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-10-15 14:43 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-10-15 14:43 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-10-15 14:43 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-10-15 14:43 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-10-15 14:43 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-10-15 14:43 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-10-15 14:43 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-10-15 14:43 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-10-15 14:43 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-10-15 14:43 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-10-15 14:43 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-10-15 14:43 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-10-15 14:43 - 2014-09-18 21:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-10-15 14:43 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-10-15 14:43 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-10-15 14:43 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-10-15 14:43 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-10-15 14:43 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-10-15 14:43 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-10-15 14:43 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-10-15 14:43 - 2014-09-18 20:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-10-15 14:43 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-10-15 14:43 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-10-15 14:43 - 2014-09-18 20:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-10-15 14:43 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-10-15 14:43 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-10-15 14:43 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-10-15 14:43 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-10-15 14:43 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-10-15 14:43 - 2014-09-13 02:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll2014-10-15 14:43 - 2014-09-13 01:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll2014-10-15 14:43 - 2014-09-03 20:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll2014-10-15 14:43 - 2014-09-03 20:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll2014-10-15 14:41 - 2014-09-13 02:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll2014-10-15 14:41 - 2014-09-13 01:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll2014-10-07 12:49 - 2014-10-07 12:49 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe2014-10-07 12:42 - 2014-10-07 12:42 - 00001871 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-10-07 12:42 - 2014-10-07 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-10-07 12:42 - 2014-10-07 12:42 - 00000000 ____D () C:\Program Files\HitmanPro2014-10-07 12:41 - 2014-10-07 12:49 - 00000000 ____D () C:\ProgramData\HitmanPro2014-10-03 13:19 - 2014-10-03 13:19 - 00000000 ____D () C:\Users\bill\Documents\My Games2014-10-03 13:14 - 2014-10-03 13:14 - 00000000 ____D () C:\Users\bill\Documents\Paradox Interactive2014-10-01 17:07 - 2014-10-01 17:07 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-10-01 17:07 - 2014-10-01 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-10-01 15:11 - 2014-10-23 13:13 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-10-01 15:10 - 2014-10-13 16:55 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-01 15:10 - 2014-10-13 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-01 15:10 - 2014-10-13 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-01 15:10 - 2014-10-01 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-01 15:10 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-10-01 15:10 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-10-01 15:10 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-09-30 16:38 - 2014-09-30 16:38 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard2014-09-29 11:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-09-28 12:39 - 2014-09-28 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-09-28 12:39 - 2014-09-28 12:39 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-09-28 12:39 - 2014-09-28 12:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-09-28 12:38 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll2014-09-28 12:38 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-09-28 12:38 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-09-28 12:38 - 2014-08-16 00:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-09-28 12:38 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll2014-09-28 12:38 - 2014-08-16 00:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2014-09-28 12:38 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2014-09-28 12:38 - 2014-08-15 23:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-09-28 12:38 - 2014-08-15 23:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2014-09-28 12:38 - 2014-08-15 23:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-09-28 12:38 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll2014-09-28 12:38 - 2014-08-15 23:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2014-09-28 12:38 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2014-09-28 12:38 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll2014-09-28 12:38 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll2014-09-28 12:38 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll2014-09-28 12:38 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll2014-09-28 12:38 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll2014-09-28 12:38 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll2014-09-28 12:38 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll2014-09-28 12:38 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll2014-09-28 12:38 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll2014-09-28 12:38 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-28 12:38 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-09-28 12:38 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-09-28 12:38 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll2014-09-28 12:38 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-28 12:38 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-09-28 12:38 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-09-28 12:38 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll2014-09-28 12:38 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-09-28 12:38 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-09-28 12:38 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll2014-09-28 12:38 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-09-28 12:38 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-09-28 12:38 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-09-28 12:38 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-09-28 12:38 - 2014-07-31 19:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-09-28 03:48 - 2014-09-28 03:48 - 00000000 ____D () C:\Users\bill\AppData\Local\CrashRpt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-23 14:17 - 2013-10-01 20:33 - 00004990 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GAMINGSTATION-bill Gamingstation2014-10-23 14:13 - 2013-09-05 17:38 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-10-23 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-10-23 13:56 - 2013-10-31 17:30 - 01852085 _____ () C:\WINDOWS\WindowsUpdate.log2014-10-23 13:56 - 2013-09-05 17:04 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3768960476-2125354436-3045583577-10022014-10-23 13:39 - 2014-01-31 01:36 - 00000000 ___DO () C:\Users\bill\SkyDrive2014-10-23 13:15 - 2013-09-05 17:40 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-23 13:14 - 2014-01-03 16:06 - 00000000 ____D () C:\Program Files (x86)\Steam2014-10-23 13:13 - 2013-09-06 16:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-10-23 13:13 - 2013-09-05 17:38 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-10-23 13:13 - 2013-09-05 16:57 - 00000401 _____ () C:\Users\bill\AppData\Roaming\sp_data.sys2014-10-23 13:12 - 2013-10-31 17:36 - 00000000 ____D () C:\Users\bill2014-10-23 13:12 - 2013-10-31 17:30 - 00000000 ____D () C:\ProgramData\NVIDIA2014-10-23 13:12 - 2013-09-29 23:55 - 00133074 _____ () C:\WINDOWS\PFRO.log2014-10-23 13:12 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-10-23 13:11 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-10-23 13:07 - 2013-10-01 17:49 - 00000000 ____D () C:\Users\bill\AppData\Roaming\Skype2014-10-23 13:04 - 2014-08-25 16:52 - 00000000 ____D () C:\Users\bill\AppData\Local\Battle.net2014-10-23 11:55 - 2013-12-24 21:40 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D8D15F59-3AE7-4A97-AFC6-F924FB726A67}2014-10-23 02:16 - 2014-05-11 21:12 - 00000000 ____D () C:\Users\bill\AppData\Roaming\Mumble2014-10-22 19:13 - 2013-10-31 17:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-10-22 19:13 - 2013-08-22 10:46 - 00303533 _____ () C:\WINDOWS\setupact.log2014-10-21 12:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-10-17 18:05 - 2013-09-05 16:56 - 00000000 ____D () C:\Users\bill\AppData\Local\VirtualStore2014-10-17 16:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2014-10-17 10:27 - 2013-08-22 10:44 - 00482552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-10-17 04:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer2014-10-17 04:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager2014-10-17 04:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera2014-10-16 12:54 - 2013-10-31 17:30 - 00072904 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll2014-10-16 12:54 - 2013-10-31 17:30 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll2014-10-16 12:54 - 2013-09-05 02:37 - 20968040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll2014-10-16 12:54 - 2013-09-05 02:36 - 19966856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll2014-10-16 12:54 - 2013-09-05 02:36 - 16886168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll2014-10-16 12:54 - 2013-09-05 02:36 - 00027024 _____ () C:\WINDOWS\system32\nvinfo.pb2014-10-16 12:54 - 2013-09-05 02:35 - 03237528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll2014-10-16 12:54 - 2013-09-05 02:35 - 02849224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll2014-10-16 10:11 - 2013-10-31 17:30 - 06883136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll2014-10-16 10:11 - 2013-10-31 17:30 - 03533632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll2014-10-16 10:11 - 2013-10-31 17:30 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll2014-10-16 10:11 - 2013-10-31 17:30 - 00933064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe2014-10-16 10:11 - 2013-10-31 17:30 - 00384200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll2014-10-16 10:11 - 2013-10-31 17:30 - 00061640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll2014-10-15 20:13 - 2014-08-25 16:51 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-10-15 18:57 - 2013-09-06 14:33 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-10-15 18:57 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-10-15 18:54 - 2014-07-09 14:11 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-10-15 18:54 - 2013-09-06 14:33 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-10-14 20:48 - 2014-05-26 14:06 - 04047877 _____ () C:\WINDOWS\system32\nvcoproc.bin2014-10-10 19:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\System2014-10-07 16:19 - 2014-02-03 17:17 - 00000000 ____D () C:\Users\bill\AppData\Roaming\HpUpdate2014-10-04 05:55 - 2014-02-03 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP2014-10-04 05:55 - 2014-02-03 17:15 - 00000000 ____D () C:\Program Files (x86)\HP2014-10-04 05:55 - 2014-02-03 17:14 - 00001838 _____ () C:\ProgramData\hpzinstall.log2014-10-04 05:44 - 2014-01-03 16:26 - 00000000 ____D () C:\Users\bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-10-04 02:42 - 2014-06-02 10:24 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll2014-10-04 02:42 - 2013-11-05 00:09 - 02197680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll2014-10-04 02:41 - 2014-06-02 10:24 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll2014-10-04 02:41 - 2013-11-05 00:09 - 02800296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll2014-10-03 13:11 - 2012-11-23 11:08 - 00027849 _____ () C:\WINDOWS\DirectX.log2014-10-01 17:07 - 2014-03-24 22:07 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk2014-10-01 17:07 - 2013-10-01 17:49 - 00000000 ____D () C:\ProgramData\Skype2014-09-29 18:45 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-09-29 18:45 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-09-29 11:05 - 2014-07-22 17:10 - 00000000 ____D () C:\Users\bill\AppData\Local\Razer2014-09-29 11:05 - 2014-07-22 17:10 - 00000000 ____D () C:\ProgramData\Razer2014-09-29 11:05 - 2014-07-22 17:10 - 00000000 ____D () C:\Program Files (x86)\Razer2014-09-29 00:25 - 2013-12-25 21:07 - 00000215 _____ () C:\Users\bill\AppData\Roaming\WB.CFG2014-09-28 12:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-09-28 12:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-09-28 12:20 - 2013-12-28 19:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-09-28 03:57 - 2014-07-29 10:17 - 00000000 ____D () C:\ProgramData\Package Cache2014-09-26 12:49 - 2013-10-01 12:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15 Files to move or delete:====================C:\ProgramData\SetStretch.VBS Some content of TEMP:====================C:\Users\bill\AppData\Local\Temp\56512uninstall.exeC:\Users\bill\AppData\Local\Temp\6_Offer_14.exeC:\Users\bill\AppData\Local\Temp\7-zip.exeC:\Users\bill\AppData\Local\Temp\airAFEC.exeC:\Users\bill\AppData\Local\Temp\COMAP.EXEC:\Users\bill\AppData\Local\Temp\Compete_setup.exeC:\Users\bill\AppData\Local\Temp\dllnt_dump.dllC:\Users\bill\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuxv7p.dllC:\Users\bill\AppData\Local\Temp\HPInstaller.exeC:\Users\bill\AppData\Local\Temp\nvSCPAPI.dllC:\Users\bill\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\bill\AppData\Local\Temp\nvStereoApiI64.dllC:\Users\bill\AppData\Local\Temp\nvStInst.exeC:\Users\bill\AppData\Local\Temp\Quarantine.exeC:\Users\bill\AppData\Local\Temp\SAS6_Update.exeC:\Users\bill\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-23 13:38 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01Ran by bill at 2014-10-23 14:23:38Running from C:\Users\bill\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) HiddenASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.020 - ASUS)ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.0 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) HiddenAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.95.29 - Broadcom Corporation)BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenCounter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenD6100_D7100_D7300_Help (x32 Version: 82.0.233.000 - Hewlett-Packard) HiddenD7100 (x32 Version: 140.0.421.000 - Hewlett-Packard) HiddenDay of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenHalf-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve)Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenHyperLobby client (HKLM-x32\...\{6592866A-D35A-44BE-AE8F-2AABE6C1D765}) (Version: 4.3.4 - Jiri Fojtasek)IL-2 Sturmovik: 1946 (HKLM-x32\...\Steam App 15320) (Version: - 1C: Maddox Games)IL-2 Sturmovik: Cliffs of Dover (HKLM-x32\...\Steam App 63950) (Version: - 1C: Maddox Games)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenLogitech Gaming Software (Version: 8.45.88 - Logitech Inc.) HiddenLogitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) HiddenMobile App Sync (HKLM-x32\...\Mobile App Sync) (Version: - Mobile App Sync)Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)NVIDIA 3D Vision Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)NVIDIA Control Panel 344.48 (Version: 344.48 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)NVIDIA GeForce Experience Service (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.162.1284 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)NVIDIA ShadowPlay 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenPhotosmart and Deskjet Drivers 14.0 Rel. A (HKLM\...\{F58E1340-3FD5-40B8-A07C-4893CFC29749}) (Version: 14.0 - HP)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)SF_CDA_ProductContext (x32 Version: 140.0.421.000 - Hewlett-Packard) HiddenSF_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenSHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) HiddenSkype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.342.000 - Hewlett-Packard) HiddenSteam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenVentrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) HiddenWIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenWinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3768960476-2125354436-3045583577-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\bill\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 07-10-2014 16:47:28 Checkpoint by HitmanPro08-10-2014 19:44:59 Installed DirectX10-10-2014 23:49:14 Checkpoint by HitmanPro14-10-2014 20:49:55 Checkpoint by HitmanPro17-10-2014 22:03:22 Installed HiJackThis ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {17655011-8A95-4924-A427-087935565DAE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)Task: {1C4CED3B-8EE1-44F5-9283-699B9C9A7F5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {406AA316-3519-4692-BF65-24CAB3CE904D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-16] (Synaptics Incorporated)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {537AFF82-5716-4305-BE86-D75DB301B800} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-07] (AVAST Software)Task: {61903F14-2D87-4C5D-A2DF-B6FD3D9622B8} - \Installer_iwebar No Task File <==== ATTENTIONTask: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {7525F6F1-59CF-4554-918A-EC75714C9FD6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)Task: {77996F85-D663-4108-BAF4-040F1B06289E} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {7901FF7C-A124-4D4D-9275-68EC80B80961} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GAMINGSTATION-bill Gamingstation => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-26] (Microsoft Corporation)Task: {7FF3B065-BA05-40E0-AD65-97C6214635B2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {89ECE77D-8138-46AC-B1E6-BE8B51D85E6D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3768960476-2125354436-3045583577-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exeTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {9AF2A150-74FE-4D84-A8EA-0EB1AC704F4F} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {9C3E9FD3-5333-411F-9180-E656F7C2BB7E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A3579955-1827-4C19-A6C7-D8DE381A13BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)Task: {AAC0DF2D-5EC6-44A3-AE60-AB4227C353FC} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)Task: {AB76A4FC-0136-4F95-B4FC-EA2CA798CA67} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)Task: {B684C244-BABB-40B3-95C9-3D071864D8D0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {C676A034-8E72-42AE-8B6B-8360A1D5FB58} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E007953F-3C71-4A33-9042-407117168893} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {FA8CAAAC-A9C5-4E31-BCDF-F47CEFD12D46} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-31 17:30 - 2014-10-16 10:11 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2012-12-14 17:27 - 2012-12-14 17:27 - 00049520 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll2014-05-27 12:50 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2012-08-24 20:26 - 2012-08-24 20:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll2013-01-20 22:59 - 2012-09-16 23:13 - 01367864 _____ () C:\Program Files\Synaptics\SynTP\AsusNewUI35.exe2014-07-02 17:54 - 2014-07-02 17:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll2014-07-02 17:59 - 2014-07-02 17:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll2014-07-02 17:54 - 2014-07-02 17:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll2014-07-02 17:59 - 2014-07-02 17:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll2013-03-25 16:27 - 2011-09-19 13:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe2014-09-26 12:48 - 2014-09-26 12:48 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-08-07 07:40 - 2014-08-07 07:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-10-23 04:09 - 2014-10-23 04:09 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102301\algo.dll2012-09-11 17:01 - 2012-09-11 17:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll2014-08-07 07:40 - 2014-08-07 07:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-08-30 03:29 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2013-11-06 14:48 - 2014-10-01 19:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-05-23 08:55 - 2014-10-21 15:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2014-08-30 03:29 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2013-12-11 12:40 - 2014-10-21 15:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-11-06 14:48 - 2014-09-04 19:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2013-03-25 16:14 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-09-26 12:48 - 2014-09-26 12:48 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll2014-09-26 12:46 - 2014-09-26 12:46 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll2014-10-15 12:15 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll2014-10-15 12:15 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll2014-10-15 12:15 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll2014-10-15 12:14 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\bill\SkyDrive:ms-propertiesAlternateDataStreams: C:\Users\bill\SkyDrive (2).old:ms-propertiesAlternateDataStreams: C:\Users\bill\SkyDrive.old:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3768960476-2125354436-3045583577-500 - Administrator - Disabled)bill (S-1-5-21-3768960476-2125354436-3045583577-1002 - Administrator - Enabled) => C:\Users\billGuest (S-1-5-21-3768960476-2125354436-3045583577-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3768960476-2125354436-3045583577-1007 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Programmable Root EnumeratorDescription: Programming SupportClass Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}Manufacturer: Mad CatzService: SaiNtBusProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver ==================== Event log errors: ========================= Application errors:================== System errors:============= Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Core i7-3630QM CPU @ 2.40GHzPercentage of memory in use: 13%Total physical RAM: 16337.2 MBAvailable physical RAM: 14197.05 MBTotal Pagefile: 18769.2 MBAvailable Pagefile: 16156.41 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:909.99 GB) (Free:781.12 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 73746098) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
LiquidTension Posted October 23, 2014 ID:895116 Share Posted October 23, 2014 Hello, Did you install this programme? Mobile App Sync Do you recognise these IP addresses: 81.218.119.15 | 199.203.35.75 <- Click each link to read information. Farbar Recovery Scan Tool (FRST) Script(!) Navigate to C:\Users\bill\Downloads. Right-click FRST64.exe and click Cut. Navigate to your Desktop, right-click and click Paste.Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document.startHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileCHR HomePage: Default -> hxxp://yahoo.com/CHR StartupUrls: Default -> "hxxp://yahoo.com/"C:\ProgramData\SetStretch.VBSTask: {61903F14-2D87-4C5D-A2DF-B6FD3D9622B8} - \Installer_iwebar No Task File <==== ATTENTIONTcpip\..\Interfaces\{C7873A54-165D-45B2-BE6D-8CAB1E001FF1}: [NameServer] 81.218.119.15,199.203.35.75Folder: C:\Users\bill\AppData\Local\CrashRptCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. Please provide an update on your computer. Are there any outstanding issues? Link to post Share on other sites More sharing options...
billyfiveoh Posted October 23, 2014 Author ID:895266 Share Posted October 23, 2014 No I did not install Mobile App Sync and I"m not familiar with those IP addresses you referenced.....I"m having trouble saving the fixlist.txt into the FRST64.exe...is says it's located in C:\Users\bill\Desktop....but when I go there it doesn't show up Link to post Share on other sites More sharing options...
LiquidTension Posted October 24, 2014 ID:895408 Share Posted October 24, 2014 Hello, Delete FRST64.exe and Fixlist.txt. ------------- Redownload FRST64.exe and save the file to your Desktop.Recreate Fixlist.txt and save the file to your Desktop. Run FRST64.exe and click Fix. Link to post Share on other sites More sharing options...
billyfiveoh Posted October 24, 2014 Author ID:895624 Share Posted October 24, 2014 Followed your recent instructions......ran the fix tool and during the process the program was not responding, actually had to use the task manager to end the process, but here is a fix log that was posted Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-10-2014Ran by bill at 2014-10-24 12:13:48 Run:2Running from C:\Users\bill\DesktopLoaded Profile: bill (Available profiles: bill)Boot Mode: Normal============================================== Content of fixlist:*****************startHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileCHR HomePage: Default -> hxxp://yahoo.com/CHR StartupUrls: Default -> "hxxp://yahoo.com/"C:\ProgramData\SetStretch.VBSTask: {61903F14-2D87-4C5D-A2DF-B6FD3D9622B8} - \Installer_iwebar No Task File <==== ATTENTIONTcpip\..\Interfaces\{C7873A54-165D-45B2-BE6D-8CAB1E001FF1}: [NameServer] 81.218.119.15,199.203.35.75Folder: C:\Users\bill\AppData\Local\CrashRptCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found."HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key not found."HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found."HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key not found."HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found."HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key not found."HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found."HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key not found."HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found."HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key not found."HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found."HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key not found."HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value not found."HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.Chrome HomePage deleted successfully.Chrome StartupUrls deleted successfully."C:\ProgramData\SetStretch.VBS" => File/Directory not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61903F14-2D87-4C5D-A2DF-B6FD3D9622B8}" => Key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar" => Key not found.HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C7873A54-165D-45B2-BE6D-8CAB1E001FF1}\\NameServer => Value not found. ========================= Folder: C:\Users\bill\AppData\Local\CrashRpt ======================== 2014-09-28 03:48 - 2014-09-28 03:48 - 0000000 ____D () C:\Users\bill\AppData\Local\CrashRpt\UnsentCrashReports2014-09-28 03:48 - 2014-09-28 03:48 - 0000000 ____D () C:\Users\bill\AppData\Local\CrashRpt\UnsentCrashReports\YTDi 1.0.0.1_1.0.0.1 ====== End of Folder: ====== ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Resetting , failed.Access is denied. There's no user specified settings to be reset. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= Resetting , failed.Access is denied. There's no user specified settings to be reset. ========= End of CMD: ========= Link to post Share on other sites More sharing options...
LiquidTension Posted October 24, 2014 ID:895626 Share Posted October 24, 2014 OK, no problem. Please provide an update on your computer. Are there any outstanding issues? Link to post Share on other sites More sharing options...
billyfiveoh Posted October 24, 2014 Author ID:895737 Share Posted October 24, 2014 Browsing seems to be smoother and I"m not getting these additional web pages open up whenever I click on a link on the current page I"m browsing.....tyvm.....if I notice any other issues I will be sure to let you know.......Thanks again Link to post Share on other sites More sharing options...
LiquidTension Posted October 24, 2014 ID:895739 Share Posted October 24, 2014 Very good. We're not done just yet. Lets check for malware remnants. STEP 1 Uninstall SoftwarePress the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.Search for the following programmes, right-click and click Uninstall.Note: Ensure you decline offers of additional software if applicable.Mobile App Sync Follow the prompts.Reboot if necessary. STEP 2 ESET Online ScanNote: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.Please download ESET Online Scan and save the file to your Desktop.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.Agree to the Terms of Use once more and click Start. Allow components to download.Place a checkmark next to Enable detection of potentially unwanted applications.Click Hide advanced settings. Place a checkmark next to:Scan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technologyEnsure Remove found threats is unchecked.Click Start.Wait for the scan to finish. Please be patient as this can take some time.Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something such as "MyEsetScan".Push the Back button.Place a checkmark next to and click .Re-enable your anti-virus software.Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.Did the programme uninstall OK?ESET Online Scan log Link to post Share on other sites More sharing options...
LiquidTension Posted October 27, 2014 ID:897045 Share Posted October 27, 2014 Hello, Do you still require assistance? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 29, 2014 Root Admin ID:898153 Share Posted October 29, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts