Windows must now restart because the Plug and Play/DCOM Server/Power service terminated unexpectedly

milkiboy · December 13, 2014

Hello Malwarebytes, this is my first post so I will get straight to it. Whenever I try to open any sound setting besides the mixer these errors pop up and restart my computer Windows must now restart because the Plug and Play/DCOM Server/Power service terminated unexpectedly. If anyone can help that would be awesome!

LiquidTension · December 14, 2014

Hello milkiboy, welcome to Malwarebytes' Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png

General P2P/Piracy Notice:

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
If you are unable to copy/paste your logs directly into your post, please attach the file.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
Ensure you are following this topic. Click at the top of the page.

======================================================

STEP 1
Malwarebytes Anti-Malware (MBAM)

Open Malwarebytes Anti-Malware and click Update Now.
Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
Click Copy to Clipboard and paste the log in your next reply.

STEP 2
Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

STEP 3
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

Please download TDSSKiller and save the file to your Desktop.
Right-Click TDSSKiller.exe and select Run as administrator to run the programme.
Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
Click Start Scan. Do not use the computer during the scan.
If objects are found, change the action to skip.
Click Continue and close the window.
A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

MBAM scan log
FRST.txt
Addition.txt
TDSSKiller log (attached!)

milkiboy · December 14, 2014

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 12/13/2014

Scan Time: 11:11:32 PM

Logfile:

Administrator: Yes

Version: 2.00.4.1028

Malware Database: v2014.12.14.01

Rootkit Database: v2014.12.08.03

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Paul

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 387339

Time Elapsed: 27 min, 40 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

milkiboy · December 14, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014

Ran by Paul (administrator) on KINEOISACANOE on 13-12-2014 23:44:01

Running from C:\Users\Paul\Desktop

Loaded Profile: Paul (Available profiles: Paul)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

() C:\Program Files\Synergy\synergyd.exe

(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

() C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe

(Spotify Ltd) C:\Users\Paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Flux Software LLC) C:\Users\Paul\AppData\Local\FluxSoftware\Flux\flux.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

(IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe

() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.230\deploy\LoLLauncher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.14\deploy\LoLPatcher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.121\deploy\LolClient.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe

(Microsoft Corporation) C:\Windows\System32\audiodg.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-05-06] ()

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)

HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)

HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [451072 2013-12-05] (IVT Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\Run: [spotify] => C:\Users\Paul\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-10] (Spotify Ltd)

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\Run: [spotify Web Helper] => C:\Users\Paul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\Run: [f.lux] => C:\Users\Paul\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-08] (Electronic Arts)

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {19494a7a-bd3b-11e3-9075-002522fa9bee} - F:\Autorun.exe

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {58113587-4d92-11e4-a889-002522fa9bee} - D:\TL_Bootstrap.exe

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {6e5f7798-347d-11e4-a618-002522fa9bee} - D:\TL_Bootstrap.exe

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {b5f0c6be-38bc-11e4-9dd2-002522fa9bee} - D:\TL_Bootstrap.exe

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-24] (Microsoft Corporation)

Lsa: [Notification Packages] scecli IVTCredentialProvider

ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [s-1-5-21-2795768293-3232440484-3009076036-1009] => Internet Explorer proxy is enabled.

ProxyServer: [s-1-5-21-2795768293-3232440484-3009076036-1009] => 192.168.2.1:800

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:

========

FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\sg9fzlak.default

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-15]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-08-19]

Chrome:

=======

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29]

CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-29]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]

CHR Extension: (Turn Off the Lights) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-09-03]

CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-29]

CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-29]

CHR Extension: (AdBlock) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-02]

CHR Extension: (Ghostery) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-09-02]

CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]

CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3221120 2013-12-06] (IVT Corporation)

R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [158456 2013-12-05] (IVT Corporation)

R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-08] (Electronic Arts)

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 Synergy; C:\Program Files\Synergy\synergyd.exe [298496 2014-08-21] () [File not signed]

R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)

R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)

R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)

R3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)

R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43104 2013-10-10] (IVT Corporation.)

R3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.)

S3 CCUSBMIDI; C:\Windows\System32\Drivers\ccusbmid.sys [26624 2014-08-10] (CASIO COMPUTER CO., LTD.)

R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)

R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25568 2013-04-26] (IVT Corporation.)

R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-13] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)

S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.)

S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 23:44 - 2014-12-13 23:44 - 00021406 _____ () C:\Users\Paul\Desktop\FRST.txt

2014-12-13 23:20 - 2014-12-13 23:20 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Paul\Desktop\tdsskiller.exe

2014-12-13 23:12 - 2014-12-13 23:44 - 00000000 ____D () C:\FRST

2014-12-13 23:12 - 2014-12-13 23:12 - 02119168 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe

2014-12-13 19:37 - 2014-12-13 19:37 - 00000766 _____ () C:\Windows\SysWOW64\SHORTCUT.INI

2014-12-13 19:36 - 2014-12-13 21:30 - 00000105 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI

2014-12-13 19:36 - 2014-12-13 21:23 - 00005050 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI

2014-12-13 19:36 - 2014-12-13 19:37 - 00000149 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI

2014-12-13 19:36 - 2014-12-13 19:36 - 00000000 ____D () C:\Users\Paul\Documents\Bluetooth

2014-12-13 19:36 - 2014-12-13 19:36 - 00000000 ____D () C:\Users\Paul\AppData\Local\bluesoleil

2014-12-13 19:35 - 2014-12-13 19:35 - 00000104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Places.lnk

2014-12-13 19:35 - 2014-12-13 19:35 - 00000000 _____ () C:\Windows\SysWOW64\BSPRINT.INI

2014-12-13 19:33 - 2014-12-13 19:33 - 00002099 _____ () C:\Users\Public\Desktop\BlueSoleil Space.lnk

2014-12-13 19:32 - 2014-12-13 19:35 - 00000032 _____ () C:\Windows\0

2014-12-13 19:32 - 2014-12-13 19:32 - 00000000 ____D () C:\Program Files (x86)\IVT Corporation

2014-12-13 19:32 - 2014-12-13 19:32 - 00000000 _____ () C:\Windows\system32\0

2014-12-13 19:15 - 2014-12-13 19:28 - 114599972 _____ () C:\Users\Paul\Downloads\20140124bluetooth.zip

2014-12-11 21:51 - 2014-12-11 21:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-11 19:39 - 2014-12-11 19:39 - 00000230 _____ () C:\Users\Paul\Desktop\Sid Meier's Civilization V (Windows 8 - Touch Enabled).url

2014-12-11 11:11 - 2014-12-11 22:22 - 00000000 ____D () C:\Users\Paul\AppData\Local\Warframe

2014-12-10 03:02 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 03:02 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 03:02 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 03:02 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 03:02 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 03:02 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 03:02 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 03:02 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 03:02 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 03:02 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 00:21 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 00:21 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 00:21 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 00:21 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 00:21 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 00:21 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 00:21 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 00:21 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 00:21 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 00:21 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 00:21 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 00:21 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 00:21 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 00:21 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 00:21 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 00:21 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 00:21 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 00:21 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 00:21 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 00:21 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 00:21 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 00:21 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 00:21 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 00:21 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 00:21 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 00:21 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 00:21 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 00:21 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 00:21 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 00:21 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 00:21 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 00:21 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 00:21 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 00:21 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-10 00:21 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 00:21 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 00:21 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 00:21 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 00:21 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 00:21 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 00:21 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 00:21 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 00:21 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 00:21 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 00:21 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 00:21 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 00:21 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 00:21 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 00:21 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 00:21 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 00:21 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 00:21 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 00:21 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 00:21 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 00:21 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 00:21 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-09 23:50 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-09 23:50 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-09 23:50 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-09 23:45 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-09 23:45 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-09 23:45 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-09 23:45 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-09 23:45 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-09 23:45 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-09 23:45 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-09 23:45 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-09 23:45 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-09 23:45 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-09 23:45 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-09 23:45 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-09 23:45 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-09 23:45 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 20:59 - 2014-12-09 20:59 - 00000000 ____D () C:\Users\Paul\Documents\Respawn

2014-12-09 20:53 - 2014-12-09 20:53 - 00001250 _____ () C:\Users\Public\Desktop\Titanfall.lnk

2014-12-09 20:53 - 2014-12-09 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall

2014-12-08 22:21 - 2014-12-09 20:34 - 00000000 ____D () C:\Users\Paul\AppData\Local\Origin

2014-12-08 22:14 - 2014-12-13 13:55 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-08 22:14 - 2014-12-09 20:59 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-08 22:14 - 2014-12-08 22:14 - 00001051 _____ () C:\Users\Public\Desktop\Origin.lnk

2014-12-08 22:14 - 2014-12-08 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-08 12:40 - 2014-12-09 20:47 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-12-08 12:38 - 2014-12-08 19:31 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Origin

2014-12-08 12:16 - 2014-12-13 13:21 - 00000000 ____D () C:\ProgramData\Origin

2014-12-08 12:14 - 2014-12-08 12:15 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\Paul\Downloads\OriginThinSetup.exe

2014-12-04 11:52 - 2014-12-04 11:52 - 00638888 _____ (Oracle Corporation) C:\Users\Paul\Downloads\chromeinstall-8u25.exe

2014-12-03 22:33 - 2014-12-03 22:33 - 00000132 _____ () C:\Users\Paul\AppData\Roaming\Adobe PNG Format CS6 Prefs

2014-12-03 11:40 - 2014-12-03 11:42 - 00000000 ____D () C:\Users\Paul\AppData\Local\Apps\Windows 7 USB DVD Download Tool

2014-12-03 11:40 - 2014-12-03 11:40 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

2014-12-03 11:39 - 2014-12-03 11:39 - 02721168 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe

2014-12-03 11:14 - 2014-12-03 11:19 - 172855296 _____ () C:\Users\Paul\Downloads\windows-7-64-bit-repair-disc.iso

2014-11-20 16:19 - 2014-11-20 16:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Chart Controls

2014-11-20 16:16 - 2014-11-20 16:16 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT

2014-11-20 16:16 - 2014-11-20 16:16 - 00000003 _____ () C:\Windows\system32\HRUPPROG.EXIT

2014-11-19 20:26 - 2014-11-19 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MazeFiller

2014-11-19 20:26 - 2014-11-19 20:26 - 00000000 ____D () C:\Program Files (x86)\MazeFiller

2014-11-19 14:23 - 2014-11-19 14:24 - 01169609 _____ (George Spahn ) C:\Users\Paul\Downloads\setup.exe

2014-11-19 08:17 - 2014-11-19 08:17 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Logishrd

2014-11-18 21:49 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-18 21:49 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-18 21:49 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-18 21:49 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-18 17:04 - 2014-12-13 23:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-18 17:02 - 2014-12-09 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-18 17:02 - 2014-12-09 21:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-18 17:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-18 17:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-18 17:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-18 17:02 - 2014-11-18 17:02 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-18 17:01 - 2014-11-18 17:02 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Paul\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-18 16:59 - 2014-11-18 17:01 - 14678104 _____ () C:\Users\Paul\Downloads\RogueKiller.exe

2014-11-18 16:51 - 2014-11-18 16:51 - 00000018 _____ () C:\Users\Paul\Documents\error.txt

2014-11-17 22:31 - 2014-11-17 22:31 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup

2014-11-17 22:31 - 2014-11-17 22:31 - 00003162 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update

2014-11-17 22:27 - 2014-11-17 22:28 - 12270280 _____ (IObit ) C:\Users\Paul\Downloads\smart-defrag-setup.exe

2014-11-16 17:35 - 2014-11-16 17:35 - 00597304 _____ () C:\Users\Paul\Downloads\flux-setup.exe

2014-11-16 17:35 - 2014-11-16 17:35 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux

2014-11-16 17:35 - 2014-11-16 17:35 - 00000000 ____D () C:\Users\Paul\AppData\Local\FluxSoftware

2014-11-16 13:59 - 2014-11-16 13:59 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-11-16 13:59 - 2014-11-16 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-11-16 10:46 - 2014-11-16 10:46 - 00001004 _____ () C:\Users\Paul\Downloads\planetside2-live.sha.soe

2014-11-16 10:02 - 2014-11-16 10:02 - 00000000 ____D () C:\Users\Paul\AppData\Local\SCE

2014-11-15 15:52 - 2014-11-15 15:52 - 00000000 ____D () C:\Users\Paul\Documents\Games for Windows - LIVE Demos

2014-11-15 14:59 - 2014-11-15 14:59 - 00000000 ____D () C:\Users\Paul\AppData\Local\NBGI

2014-11-15 14:57 - 2014-11-15 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace

2014-11-15 14:57 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2014-11-15 14:57 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2014-11-15 14:57 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2014-11-15 14:57 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2014-11-15 14:57 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2014-11-15 14:57 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2014-11-15 14:57 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2014-11-15 14:57 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2014-11-15 14:57 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2014-11-15 14:57 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2014-11-15 14:57 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2014-11-15 14:57 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2014-11-15 14:57 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2014-11-15 14:57 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2014-11-15 14:57 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2014-11-15 14:57 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2014-11-15 14:57 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2014-11-15 14:57 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2014-11-15 14:56 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2014-11-15 14:56 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2014-11-15 14:56 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2014-11-15 14:56 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2014-11-15 14:56 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2014-11-15 14:56 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2014-11-15 14:56 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2014-11-15 14:56 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2014-11-15 14:56 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2014-11-15 14:56 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2014-11-15 14:56 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2014-11-15 14:56 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2014-11-15 14:56 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2014-11-15 14:56 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-11-15 14:56 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2014-11-15 14:56 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-11-15 14:56 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2014-11-15 14:56 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-11-15 14:56 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2014-11-15 14:56 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2014-11-15 14:56 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2014-11-15 14:56 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2014-11-15 14:56 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2014-11-15 14:56 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2014-11-15 14:56 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2014-11-15 14:56 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2014-11-15 13:04 - 2014-11-15 13:04 - 00000000 ____D () C:\Users\Paul\Documents\Square Enix

2014-11-15 13:04 - 2014-11-15 13:04 - 00000000 ____D () C:\Users\Paul\AppData\Local\CrashRpt

2014-11-15 12:37 - 2014-11-15 12:37 - 00000000 ____D () C:\Users\Paul\Documents\nbgi

2014-11-15 12:03 - 2014-11-15 12:04 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\MKKE

2014-11-14 23:13 - 2014-11-14 23:13 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\LolClient

2014-11-14 21:25 - 2014-11-20 08:10 - 00000000 ____D () C:\Riot Games

2014-11-14 21:25 - 2014-11-14 21:25 - 00001613 _____ () C:\Users\Public\Desktop\League of Legends.lnk

2014-11-14 21:25 - 2014-11-14 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2014-11-14 21:25 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2014-11-14 21:25 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2014-11-14 21:25 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-11-14 21:25 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2014-11-14 21:25 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2014-11-14 21:24 - 2014-11-14 21:26 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Riot Games

2014-11-14 21:20 - 2014-12-13 20:48 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-14 21:20 - 2014-11-14 21:24 - 27864920 _____ (Riot Games) C:\Users\Paul\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe

2014-11-14 21:20 - 2014-11-14 21:20 - 01142392 _____ () C:\Users\Paul\Downloads\SteamSetup.exe

2014-11-14 21:20 - 2014-11-14 21:20 - 00001035 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-11-14 21:20 - 2014-11-14 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-11-14 17:54 - 2014-11-14 17:54 - 00000870 _____ () C:\Users\Paul\Documents\hosts.txt

2014-11-14 16:01 - 2014-11-19 11:22 - 00000024 _____ () C:\Users\Paul\random.dat

2014-11-14 16:01 - 2014-11-19 11:22 - 00000023 _____ () C:\Users\Paul\jagexappletviewer.preferences

2014-11-14 16:01 - 2014-11-19 11:14 - 00000043 _____ () C:\Users\Paul\jagex_cl_runescape_LIVE.dat

2014-11-14 16:01 - 2014-11-14 16:01 - 00000000 ____D () C:\.jagex_cache_32

2014-11-14 16:00 - 2014-11-14 16:01 - 00000000 ____D () C:\Users\Paul\jagexcache

2014-11-14 16:00 - 2014-11-14 16:00 - 00002080 _____ () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk

2014-11-14 16:00 - 2014-11-14 16:00 - 00002050 _____ () C:\Users\Paul\Desktop\RuneScape.lnk

2014-11-14 16:00 - 2014-11-14 16:00 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape

2014-11-14 15:58 - 2014-11-14 15:59 - 23810048 _____ () C:\Users\Paul\Downloads\RuneScape.msi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 23:22 - 2014-04-05 22:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-13 21:30 - 2014-04-03 01:11 - 01083499 _____ () C:\Windows\WindowsUpdate.log

2014-12-13 21:30 - 2009-07-13 23:51 - 00024223 _____ () C:\Windows\setupact.log

2014-12-13 21:28 - 2014-09-02 10:24 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Spotify

2014-12-13 21:23 - 2013-12-04 18:14 - 00001332 _____ () C:\Windows\SysWOW64\bscs.ini

2014-12-13 19:17 - 2009-07-14 00:13 - 00874306 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-13 19:14 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-12-13 13:55 - 2014-08-29 11:27 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\TortoiseHg

2014-12-13 13:54 - 2014-04-05 22:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-13 13:54 - 2014-04-05 21:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-13 13:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-13 13:52 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-13 13:52 - 2009-07-13 23:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-13 13:21 - 2014-09-02 10:25 - 00000000 ____D () C:\Users\Paul\AppData\Local\Spotify

2014-12-13 12:07 - 2014-10-01 09:57 - 00000000 ____D () C:\Users\Paul\Desktop\Random

2014-12-13 04:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-12-12 23:47 - 2014-11-02 16:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-11 20:13 - 2014-04-05 22:30 - 00434159 _____ () C:\Windows\DirectX.log

2014-12-10 20:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 19:10 - 2014-04-13 12:41 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-10 19:09 - 2014-10-12 18:22 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-10 19:04 - 2014-10-12 18:22 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-12-09 20:53 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-09 09:39 - 2014-04-06 08:38 - 00169182 _____ () C:\Windows\PFRO.log

2014-12-04 14:13 - 2014-08-31 17:57 - 00000000 ____D () C:\Users\Paul\AppData\Local\Ubisoft

2014-12-04 11:59 - 2014-09-12 20:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-12-04 11:58 - 2014-09-12 20:07 - 00000000 ____D () C:\ProgramData\Oracle

2014-12-04 11:57 - 2014-09-12 20:05 - 00000000 ____D () C:\Program Files (x86)\Java

2014-12-03 22:19 - 2014-08-30 22:09 - 00000000 ____D () C:\Users\Paul\AppData\Local\Adobe

2014-12-03 15:49 - 2014-10-10 10:18 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\.minecraft

2014-11-21 11:27 - 2014-08-30 22:36 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype

2014-11-20 16:21 - 2014-06-12 09:34 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios

2014-11-20 16:18 - 2014-08-30 20:59 - 00000000 ____D () C:\Users\Paul\Documents\My Games

2014-11-19 20:27 - 2014-08-29 11:26 - 00000000 ____D () C:\Users\Paul\AppData\Local\VirtualStore

2014-11-19 08:17 - 2014-08-29 11:27 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Logitech

2014-11-17 22:31 - 2014-09-19 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3

2014-11-17 15:46 - 2014-09-13 09:39 - 00000000 ____D () C:\Users\Paul\AppData\Local\Game Dev Tycoon

2014-11-16 13:59 - 2014-04-08 12:16 - 00000000 ____D () C:\ProgramData\Skype

2014-11-15 14:57 - 2014-04-05 22:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2014-11-15 13:03 - 2014-05-16 09:10 - 00000000 ____D () C:\ProgramData\Package Cache

2014-11-15 09:05 - 2013-12-14 18:56 - 00000000 ____D () C:\Games

2014-11-14 16:01 - 2014-08-29 11:26 - 00000000 ____D () C:\Users\Paul

2014-11-13 08:17 - 2014-04-05 22:40 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-13 08:17 - 2014-04-05 22:40 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:

====================

C:\Users\Paul\jagex_cl_runescape_LIVE.dat

C:\Users\Paul\random.dat

Some content of TEMP:

====================

C:\Users\Paul\AppData\Local\Temp\AcDeltree.exe

C:\Users\Paul\AppData\Local\Temp\bbdcabecacbd.exe

C:\Users\Paul\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Paul\AppData\Local\Temp\vpsetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-05 00:27

==================== End Of Log ============================

milkiboy · December 14, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014

Ran by Paul at 2014-12-13 23:44:57

Running from C:\Users\Paul\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)

ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

BlueSoleil 9.2.470.0 (HKLM\...\{96E591FB-CE42-4FC1-909C-67B63D20F801}) (Version: 9.2.470.0 - IVT Corporation)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version: - Sledgehammer Games)

Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version: - Sledgehammer Games)

Castle Crashers (HKLM-x32\...\Castle Crashers_is1) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)

Cities XL 2012 (HKLM-x32\...\Cities XL 2012) (Version: 1.0.0 - Focus Home Interactive)

Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)

Deadlight (HKLM-x32\...\Steam App 211400) (Version: - Tequila Works, S.L.)

Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)

Easy Auto Clicker (HKLM-x32\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com)

Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

f.lux (HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\Flux) (Version: - )

FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)

Galactic Civilizations® II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version: - Stardock Entertainment)

Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

LEGO® Star Wars™: The Complete Saga (HKLM-x32\...\InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}) (Version: 1.00.0000 - LucasArts)

LEGO® Star Wars™: The Complete Saga (x32 Version: 1.00.0000 - LucasArts) Hidden

Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)

Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)

Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Max Payne 3 (HKLM-x32\...\Max Payne 3_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)

MazeFiller version 1.0 (HKLM-x32\...\{19EDE6B1-6A5E-44FE-98EF-E4A667FACD6B}_is1) (Version: 1.0 - George Spahn)

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)

Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)

Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)

Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)

Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)

Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)

Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}) (Version: 10.50.1447.4 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)

Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)

Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)

Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)

Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Mini Ninjas (HKLM-x32\...\Steam App 35000) (Version: - IO Interactive)

Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)

Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)

NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

O.R.B. (HKLM-x32\...\Steam App 281390) (Version: - Strategy First)

Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)

PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

PlanetSide 2 (2) (HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\SOE-PlanetSide 2 (2)) (Version: - Sony Online Entertainment)

PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)

Platform (x32 Version: 1.38 - VIA Technologies, Inc.) Hidden

Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)

Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)

Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2436.0 - Hi-Rez Studios)

Spotify (HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Synergy (64-bit) (HKLM\...\{C3BFE48C-F381-4D22-BB45-8205DE7A06F1}) (Version: 1.5.1 - The Synergy Project)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version: - NeocoreGames)

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)

Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)

TortoiseHg 3.0.0 (x64) (HKLM\...\{A372E1B0-A3A8-47E9-B1C2-59C057328CED}) (Version: 3.0.0 - Steve Borho and others)

Tropico 5 v1.04 (Special Steam Edition)(3 DLC) (HKLM-x32\...\Tropico 5 v1.04 (Special Steam Edition)(3 DLC)1.04) (Version: 1.04 - Friends in War)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

USB Video/Audio Device Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: - )

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.38 - VIA Technologies, Inc.)

VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.72 - NCH Software)

VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)

Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

VNC Server 5.2.0 (HKLM\...\{4AAE0833-3348-469C-AB09-95B421356900}) (Version: 5.2.0 - RealVNC Ltd)

VNC Viewer 5.2.0 (HKLM\...\{6441D26A-E24D-4711-BFE8-4C2E954D6DCE}) (Version: 5.2.0 - RealVNC Ltd)

Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)

Waves (HKLM-x32\...\Steam App 107600) (Version: - Squid In A Box Ltd)

Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

Windows Driver Package - CASIO (CCUSBMIDI) MEDIA (02/24/2012 1.00.00.0004) (HKLM\...\74347E8ACBB0CD4B3A12C89F2E2FAA6CEFBE40CA) (Version: 02/24/2012 1.00.00.0004 - CASIO)

WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

11-12-2014 16:11:59 Installed DirectX

12-12-2014 01:12:31 Installed DirectX

13-12-2014 08:00:13 Windows Update

14-12-2014 00:32:19 Installed BlueSoleil 9.2.470.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {32B3EC69-EEA3-471B-813F-787DDE07717C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)

Task: {3460D2D0-0EC9-45C2-8573-3BFFFA621134} - System32\Tasks\{B59BDFDF-1B80-4E8C-ABF1-D6B308B1A58F} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=6.14.0.104&LastError=12007

Task: {3506BDEF-0170-4208-B29E-694BA395B33F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {719B5C80-61A1-4A8F-8EF4-CEC873B2F65A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)

Task: {7899D39A-9BDF-452B-ABB0-8429E17AC8A0} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)

Task: {B47F9AD0-D841-4565-9F48-5D8F88636D93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)

Task: {B7FF46EA-B6A5-4B2C-939F-064E24E8D908} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {CA5777D4-2120-497E-97A8-E3825AD0F3A4} - System32\Tasks\Pageant => C:\Program Files\TortoiseHg\Pageant.exe [2012-09-13] (Simon Tatham)

Task: {EFF4703C-B058-463C-9437-F582F7207E31} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-05 21:26 - 2014-02-08 12:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-12-04 18:19 - 2013-12-04 18:19 - 00022016 _____ () C:\Windows\System32\BsTrace.dll

2013-12-04 18:19 - 2013-12-04 18:19 - 00022016 _____ () C:\Windows\system32\BsTrace.dll

2013-12-05 16:07 - 2013-12-05 16:07 - 00010240 _____ () C:\Windows\system32\BsHelpCSps.dll

2013-12-05 16:13 - 2013-12-05 16:13 - 00074488 _____ () C:\Windows\system32\BlueSoleilCSps.dll

2014-08-21 17:20 - 2014-08-21 17:20 - 00298496 _____ () C:\Program Files\Synergy\synergyd.exe

2014-05-06 20:37 - 2014-05-06 20:37 - 00100616 _____ () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe

2012-10-27 08:28 - 2012-10-27 08:28 - 00128512 _____ () C:\Program Files\TortoiseHg\win32api.pyd

2012-10-27 08:27 - 2012-10-27 08:27 - 00137728 _____ () C:\Program Files\TortoiseHg\pywintypes27.dll

2012-10-27 08:28 - 2012-10-27 08:28 - 00223232 _____ () C:\Program Files\TortoiseHg\win32gui.pyd

2012-10-27 08:27 - 2012-10-27 08:27 - 00027648 _____ () C:\Program Files\TortoiseHg\win32pipe.pyd

2012-10-27 08:27 - 2012-10-27 08:27 - 00023040 _____ () C:\Program Files\TortoiseHg\win32event.pyd

2012-10-27 08:27 - 2012-10-27 08:27 - 00149504 _____ () C:\Program Files\TortoiseHg\win32file.pyd

2012-10-27 08:28 - 2012-10-27 08:28 - 00136192 _____ () C:\Program Files\TortoiseHg\win32security.pyd

2013-11-10 19:24 - 2013-11-10 19:24 - 00111616 _____ () C:\Program Files\TortoiseHg\_ctypes.pyd

2014-05-06 20:35 - 2014-05-06 20:35 - 00010752 _____ () C:\Program Files\TortoiseHg\mercurial.osutil.pyd

2012-10-27 08:27 - 2012-10-27 08:27 - 00044032 _____ () C:\Program Files\TortoiseHg\win32process.pyd

2012-10-27 08:29 - 2012-10-27 08:29 - 00503808 _____ () C:\Program Files\TortoiseHg\pythoncom27.dll

2012-10-27 08:31 - 2012-10-27 08:31 - 00438784 _____ () C:\Program Files\TortoiseHg\win32com.shell.shell.pyd

2014-11-14 23:04 - 2013-05-07 09:26 - 01302080 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

2014-11-14 23:04 - 2014-12-10 09:08 - 02465272 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.230\deploy\LoLLauncher.exe

2014-12-10 09:08 - 2014-12-10 09:08 - 04216312 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.14\deploy\LoLPatcher.exe

2014-11-14 22:22 - 2013-09-22 03:29 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.121\deploy\LolClient.exe

2013-12-05 16:12 - 2013-12-05 16:12 - 00513784 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-09-19 16:33 - 2014-06-04 15:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll

2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll

2014-12-08 22:20 - 2014-12-08 22:20 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

2014-11-14 21:28 - 2014-11-11 13:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-11-14 21:28 - 2014-11-11 13:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-11-14 21:28 - 2014-11-11 13:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-11-14 21:28 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-11-14 21:28 - 2014-11-18 15:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll

2014-11-14 21:28 - 2014-11-11 13:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-11-14 21:28 - 2014-11-11 13:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2014-11-14 21:28 - 2014-11-18 15:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-11-14 21:28 - 2014-11-11 13:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-11-14 21:28 - 2014-11-11 13:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

2013-12-05 16:10 - 2013-12-05 16:10 - 00797432 _____ () C:\Windows\SysWOW64\BlueSoleilCSps.dll

2013-12-05 16:10 - 2013-12-05 16:10 - 00031480 _____ () C:\Windows\SysWOW64\BsHelpCSps.dll

2013-12-05 16:12 - 2013-12-05 16:12 - 00360184 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\setup.dll

2010-05-13 16:30 - 2010-05-13 16:30 - 00028730 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Driver\USB\btcusb.dll

2013-12-04 18:20 - 2013-12-04 18:20 - 00154624 _____ () C:\Windows\system32\BsProfilefunc.dll

2013-12-05 16:10 - 2013-12-05 16:10 - 00031480 _____ () C:\Windows\SysWow64\BsHelpCSps.dll

2013-12-05 16:10 - 2013-12-05 16:10 - 00797432 _____ () C:\Windows\SysWow64\BlueSoleilCSps.dll

2014-12-10 09:08 - 2014-12-10 09:08 - 01628152 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.14\deploy\RiotLauncher.dll

2014-11-14 22:22 - 2013-09-22 03:27 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.121\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll

2014-11-14 22:22 - 2013-09-22 03:27 - 16032616 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.121\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

2014-12-11 21:26 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-11 21:26 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-11 21:26 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-11 21:26 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-10-19 12:41 - 2014-12-05 20:50 - 00146760 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll

2014-10-19 12:41 - 2014-09-25 09:53 - 06572360 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdm.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Download Master => C:\Program Files (x86)\Download Master\dmaster.exe -autorun

MSCONFIG\startupreg: Pushbullet => "C:\Program Files (x86)\Pushbullet\pushbullet_app.exe"

MSCONFIG\startupreg: Spotify => "C:\Users\Andy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2795768293-3232440484-3009076036-500 - Administrator - Disabled)

Guest (S-1-5-21-2795768293-3232440484-3009076036-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2795768293-3232440484-3009076036-1008 - Limited - Enabled)

Paul (S-1-5-21-2795768293-3232440484-3009076036-1009 - Administrator - Enabled) => C:\Users\Paul

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter

Description: VirtualBox Host-Only Ethernet Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Oracle Corporation

Service: VBoxNetAdp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (12/13/2014 01:54:26 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (12/13/2014 01:51:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24

Exception code: 0xc0000374

Fault offset: 0x00000000000c4102

Faulting process id: 0x2dc

Faulting application start time: 0xsvchost.exe_PlugPlay0

Faulting application path: svchost.exe_PlugPlay1

Faulting module path: svchost.exe_PlugPlay2

Report Id: svchost.exe_PlugPlay3

Error: (12/13/2014 01:18:18 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (12/13/2014 01:10:48 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (12/13/2014 10:08:21 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (12/13/2014 03:20:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1305.

Error: (12/12/2014 11:59:34 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (12/12/2014 11:49:16 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

Error: (12/12/2014 11:04:27 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

Error: (12/12/2014 10:04:27 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

System errors:

=============

Error: (12/13/2014 01:51:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error:

%%1190

Error: (12/13/2014 01:51:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:

%%1190

Error: (12/13/2014 01:51:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (12/13/2014 01:51:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (12/13/2014 01:51:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (12/13/2014 03:24:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Search service hung on starting.

Error: (12/13/2014 00:06:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Windows Defender service terminated with the following error:

%%-2147023113

Error: (12/12/2014 11:50:44 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Windows Search service terminated with service-specific error %%-2147467243.

Error: (12/12/2014 11:50:43 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (12/12/2014 11:48:20 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 11:46:51 PM on ‎12/‎12/‎2014 was unexpected.

Microsoft Office Sessions:

=========================

Error: (12/13/2014 01:54:26 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

Error: (12/13/2014 01:51:32 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe_PlugPlay6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18247521eaf24c000037400000000000c41022dc01d0170120374845C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll0db15d08-82f9-11e4-b062-002522fa9bee

Error: (12/13/2014 01:18:18 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

Error: (12/13/2014 01:10:48 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

Error: (12/13/2014 10:08:21 AM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

Error: (12/13/2014 03:20:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: -1305

Error: (12/12/2014 11:59:34 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

Error: (12/12/2014 11:49:16 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: 0x800700050x00000000

Error: (12/12/2014 11:04:27 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: 0x80070005

Error: (12/12/2014 10:04:27 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: 0x80070005

==================== Memory info ===========================

Processor: AMD Phenom II X4 965 Processor

Percentage of memory in use: 41%

Total physical RAM: 8191.24 MB

Available physical RAM: 4806.34 MB

Total Pagefile: 16380.66 MB

Available Pagefile: 12293.83 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS+Games+Programs) (Fixed) (Total:698.64 GB) (Free:127.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A6486ADA)

Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

milkiboy · December 14, 2014

TDSSKiller.3.0.0.42_13.12.2014_23.46.29_log.txt

milkiboy · December 14, 2014

Thank you for helping me Adam, You can call me Paul if you like.

LiquidTension · December 14, 2014

Hi Paul,

I can see the issue here, and it isn't related to malware.
To address the specific issue described in your opening post, I will direct you to Techs better equipped in dealing with non-malware issues.

However, in the meantime, lets double-check there's no malware present.

STEP 1
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

startHKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {19494a7a-bd3b-11e3-9075-002522fa9bee} - F:\Autorun.exeHKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {58113587-4d92-11e4-a889-002522fa9bee} - D:\TL_Bootstrap.exeHKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {6e5f7798-347d-11e4-a618-002522fa9bee} - D:\TL_Bootstrap.exeHKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {b5f0c6be-38bc-11e4-9dd2-002522fa9bee} - D:\TL_Bootstrap.exeProxyEnable: [S-1-5-21-2795768293-3232440484-3009076036-1009] => Internet Explorer proxy is enabled.ProxyServer: [S-1-5-21-2795768293-3232440484-3009076036-1009] => 192.168.2.1:800S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]C:\Users\Paul\AppData\Local\Temp\AcDeltree.exeC:\Users\Paul\AppData\Local\Temp\bbdcabecacbd.exeC:\Users\Paul\AppData\Local\Temp\FNP_ACT_InstallerCA.dllC:\Users\Paul\AppData\Local\Temp\vpsetup.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

STEP 3
RogueKiller

Please download RogueKiller (x64) and save the file to your Desktop.
Close any running programmes.
Right-Click RogueKiller.exe and select Run as administrator to run the programme.
Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
A browser window may open. Close the browser window.
Click . Upon completion, click .
Close the programme. Do not fix anything!
A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.

STEP 4
ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Hide advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to and click Finish.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

======================================================

STEP 5
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Fixlog.txt
AdwCleaner[s0].txt
RKreport.txt
ESET Online Scan log

milkiboy · December 14, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014

Ran by Paul at 2014-12-14 15:06:39 Run:1

Running from C:\Users\Paul\Desktop

Loaded Profile: Paul (Available profiles: Paul)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {19494a7a-bd3b-11e3-9075-002522fa9bee} - F:\Autorun.exe

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {58113587-4d92-11e4-a889-002522fa9bee} - D:\TL_Bootstrap.exe

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {6e5f7798-347d-11e4-a618-002522fa9bee} - D:\TL_Bootstrap.exe

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\...\MountPoints2: {b5f0c6be-38bc-11e4-9dd2-002522fa9bee} - D:\TL_Bootstrap.exe

ProxyEnable: [s-1-5-21-2795768293-3232440484-3009076036-1009] => Internet Explorer proxy is enabled.

ProxyServer: [s-1-5-21-2795768293-3232440484-3009076036-1009] => 192.168.2.1:800

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Users\Paul\AppData\Local\Temp\AcDeltree.exe

C:\Users\Paul\AppData\Local\Temp\bbdcabecacbd.exe

C:\Users\Paul\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

C:\Users\Paul\AppData\Local\Temp\vpsetup.exe

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

EmptyTemp:

end

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

"HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19494a7a-bd3b-11e3-9075-002522fa9bee}" => Key deleted successfully.

"HKCR\CLSID\{19494a7a-bd3b-11e3-9075-002522fa9bee}" => Key not found.

"HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58113587-4d92-11e4-a889-002522fa9bee}" => Key deleted successfully.

"HKCR\CLSID\{58113587-4d92-11e4-a889-002522fa9bee}" => Key not found.

"HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e5f7798-347d-11e4-a618-002522fa9bee}" => Key deleted successfully.

"HKCR\CLSID\{6e5f7798-347d-11e4-a618-002522fa9bee}" => Key not found.

"HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5f0c6be-38bc-11e4-9dd2-002522fa9bee}" => Key deleted successfully.

"HKCR\CLSID\{b5f0c6be-38bc-11e4-9dd2-002522fa9bee}" => Key not found.

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\S-1-5-21-2795768293-3232440484-3009076036-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

Synth3dVsc => Service deleted successfully.

tsusbhub => Service deleted successfully.

VGPU => Service deleted successfully.

C:\Users\Paul\AppData\Local\Temp\AcDeltree.exe => Moved successfully.

C:\Users\Paul\AppData\Local\Temp\bbdcabecacbd.exe => Moved successfully.

C:\Users\Paul\AppData\Local\Temp\FNP_ACT_InstallerCA.dll => Moved successfully.

C:\Users\Paul\AppData\Local\Temp\vpsetup.exe => Moved successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Global, OK!

Reseting Interface, OK!

Reseting Unicast Address, OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Interface, OK!

Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 1.5 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

milkiboy · December 14, 2014

# AdwCleaner v4.105 - Report created 14/12/2014 at 15:28:54

# Updated 08/12/2014 by Xplode

# Database : 2014-12-13.4 [Live]

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Paul - KINEOISACANOE

# Running from : C:\Users\Paul\Desktop\Malware Stuff\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\Program Files (x86)\NCH Software

[x] Not Deleted : C:\Users\Paul\AppData\Local\CrashRpt

Folder Deleted : C:\Users\Paul\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [1030 octets] - [14/12/2014 15:20:02]

AdwCleaner[s0].txt - [962 octets] - [14/12/2014 15:28:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1021 octets] ##########

milkiboy · December 14, 2014

RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Paul [Administrator]

Mode : Scan -- Date : 12/14/2014 15:45:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57D82D45-42F7-44C6-846F-02E817BFC093} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6A70877D-6BBC-41EA-8E94-07965E934305} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{57D82D45-42F7-44C6-846F-02E817BFC093} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6A70877D-6BBC-41EA-8E94-07965E934305} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{57D82D45-42F7-44C6-846F-02E817BFC093} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6A70877D-6BBC-41EA-8E94-07965E934305} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7575GSX ATA Device +++++

--- User ---

[MBR] a24da620932f9d598d19d6b5b09b0e45

[bSP] 1b6f300177ec62a91ed6b403fcd9ef0e : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 715402 MB

User = LL1 ... OK

User = LL2 ... OK

milkiboy · December 15, 2014

C:\$Recycle.Bin\S-1-5-21-2795768293-3232440484-3009076036-1000\$R3B08SW.iso Win32/HackTool.Crack.CR potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v2.02.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.72.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\FRST\Quarantine\C\Users\Paul\AppData\Local\Temp\bbdcabecacbd.exe.xBAD Win32/OutBrowse.BA potentially unwanted application

C:\FRST\Quarantine\C\Users\Paul\AppData\Local\Temp\vpsetup.exe.xBAD a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\Games\GRID 2\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application

C:\Games\Saints Row IV\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application

C:\Users\Paul\Desktop\Random\Games\Skyrim\The Elder Scrolls V Skyrim\rzr-skrm.iso VBS/TrojanDownloader.Agent.NHH trojan

C:\Users\Paul\Downloads\smart-defrag-setup.exe a variant of Win32/OpenCandy.A potentially unsafe application

C:\Windows.old\$Recycle.Bin\S-1-5-21-417099389-988824908-1587673020-1000\$R2VP5FU.zip Win32/HackTool.WinActivator.I potentially unsafe application

LiquidTension · December 15, 2014

Please run the following programmes.

STEP 1
CKScanner

Please download CKScanner and save the file to your Desktop.
Right-Click CKScanner.exe and select Run as administrator to run the programme.
Click Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Please run this programme only once.
A log (CKFiles.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

STEP 2
MGADiag

Please download MGADiag and save the file to your Desktop.
Double-click the MGADiag icon on your Desktop.
Click .
Click .
Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
Click Edit followed by Paste in Notepad.
Copy the contents of the log and paste in your next reply.

======================================================

STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

CKFiles.txt
MGADiag log

milkiboy · December 15, 2014

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad

c:\program files\ableton\live 9 suite\resources\core library\ableton folder info\previews\devices\instruments\tension\effects\crackling strings abstract.adv.ogg

c:\program files\ableton\live 9 suite\resources\core library\ableton folder info\previews\devices\instruments\tension\effects\crackling strings abstract.adv.ogg.asd

c:\program files\ableton\live 9 suite\resources\core library\devices\audio effects\vinyl distortion\crack.adv

c:\program files\ableton\live 9 suite\resources\core library\devices\instruments\tension\effects\crackling strings abstract.adv

c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler1.dll

c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler2.dll

c:\program files\adobe\adobe premiere pro cs6\plug-ins\en_us\vstplugins\decrackler6.dll

c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler1.dll

c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler2.dll

c:\program files\adobe\adobe premiere pro cs6\plug-ins\zh_cn\vstplugins\decrackler6.dll

c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\taglibraries\html\keygen.vtm

c:\program files (x86)\castle crashers\data\sounds\sound_frost_crackle.xma

c:\windows\system32\slmgr.vbs.removewat

c:\windows\syswow64\slmgr.vbs.removewat

scanner sequence 3.JD.11.CEAPB0

----- EOF -----

milkiboy · December 15, 2014

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Code: 0

Cached Online Validation Code: 0xc004c4a2

Windows Product Key: *****-*****-YG69F-9M66D-PMJBM

Windows Product Key Hash: /kehptF9HHVxM5d8dUnqgcfndXw=

Windows Product ID: 00426-OEM-8992662-00497

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 6.1.7601.2.00010100.1.0.001

ID: {C1F1C654-E318-499F-B314-834034B2D823}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: N/A, hr = 0x80070002

Signed By: N/A, hr = 0x80070002

Product Name: Windows 7 Ultimate

Architecture: 0x00000009

Build lab: 7601.win7sp1_gdr.140303-2144

TTS Error:

Validation Diagnostic:

Resolution Status: N/A

Vista WgaER Data-->

ThreatID(s): N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 109 N/A

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100

File Mismatch: C:\Windows\system32\user32.dll[6.1.7600.16385], Hr = 0x800b0100

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{C1F1C654-E318-499F-B314-834034B2D823}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-PMJBM</PKey><PID>00426-OEM-8992662-00497</PID><PIDType>2</PIDType><SID>S-1-5-21-2795768293-3232440484-3009076036</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.20</Version><SMBIOSVersion major="2" minor="6"/><Date>20120328000000.000000+000</Date></BIOS><HWID>2A263807018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->

Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->

HrOffline: 0x00000000

HrOnline: 0xC004C4A2

HealthStatus: 0x0000000000000000

Event Time Stamp: 5:29:2014 08:48

ActiveX: Registered, Version: 7.1.7600.16395

Admin Service: Not Registered - 0x80070005

HealthStatus Bitmask Output:

HWID Data-->

HWID Hash Current: OAAAAAEABAABAAIAAQACAAAAAgABAAEAln0mUU40VPIsr5SyEDNIC64p9m/eiCISDq/gacoRji4=

OEM Activation 1.0 Data-->

N/A

OEM Activation 2.0 Data-->

BIOS valid for OA 2.0: yes

Windows marker version: 0x20001

OEMID and OEMTableID Consistent: yes

BIOS Information:

ACPI Table Name OEMID Value OEMTableID Value

APIC 032812 APIC1049

FACP A_M_I OEMFACP

SRAT AMD FAM_F_10

HPET 032812 OEMHPET

MCFG 032812 OEMMCFG

OEMB 032812 OEMB1049

AAFT 032812 OEMAAFT

SSDT A M I POWERNOW

SLIC HPQOEM SLIC-MPC

AdvancedSetup · December 16, 2014

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy

Windows must now restart because the Plug and Play/DCOM Server/Power service terminated unexpectedly

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information