Sturmgewehr Posted February 8, 2015 ID:937465 Share Posted February 8, 2015 Hi. I'm Sturm. I just joined and have been using Malwarebytes for years now. I have been having this issue with a cmd.exe window appearing a few minutes after booting. The window actually appears twice on startup, around 15 seconds after the first one, and does not contain any text. It is simply a blank window, and the text on top just says "Cmd.exe". I have no idea what this is, and it only appeared four weeks ago. With the help of a friend, I discovered it had something to do with my IP being renewed and released upon startup, and even doing it hours after that. I cannot find the root source of it, however, and I fear it may be some form of Malware, although I haven't heard of anyone else having an issue like this. I scanned with Malwarebytes, and nothing significant came up. All that was found was some old files and keys from Adware I long since gotten rid of. I initially thought it was my adapter that was causing this, so I swapped it out and put in a new one. To my dismay, nothing changed. Interestingly, the cmd window appears only once (instead of "flashing" twice) without an internet connection. Today, I installed Process Explorer to hopefully discover some more information about the mysterious cmd windows. I found several suspicious things. I thought that Mobsync was the cause of it, but this turned out false. I then suspected LMS.exe and UNS.exe, because upon the cmd appearing, they seemed to also appear, with Google Update triggering before them. I disabled all three, and nothing changed. The only file left that is of interest so far is Conhost.exe or maybe WmiPrvSE.exe (the latter because I did see it temporarily highlighted green several times when the popups appear). I have three copies of Conhost.exe by default according to Process Explorer. When I open Cmd.exe manually, they expand to include another copy. When the popups happen, they expand the same way, but I am unsure if it is the "same" copy I saw when I opened Cmd manually. What does this mean? Am I infected? I don't see anything malicious as of yet, but it is very frustrating and I want to get to the bottom of it, before it turns into something else. It has the ability to force me out of a game when the popups happen. I'm not sure if this is a normal property of Cmd.exe or unique to my issue. I am sure, however, that Conhost.exe does have something in common with the popups. I just don't know what. Link to post Share on other sites More sharing options...
Valinorum Posted February 8, 2015 ID:937560 Share Posted February 8, 2015 Attach the logs here from the instructions from here.Regards,Valinorum Link to post Share on other sites More sharing options...
Sturmgewehr Posted February 8, 2015 Author ID:937637 Share Posted February 8, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015Ran by Cameron (administrator) on CAMERONPC on 08-02-2015 11:53:03Running from C:\Users\Cameron\DownloadsLoaded Profiles: Cameron (Available profiles: Cameron)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ASUS) C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.)HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\MountPoints2: {1323f1d3-a917-11e2-b9f0-c86000cb982d} - H:\HPLauncher.exeHKU\S-1-5-18\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKU\S-1-5-21-2400999468-2226729932-3990034108-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope value is missing.SearchScopes: HKU\S-1-5-21-2400999468-2226729932-3990034108-1000 -> DefaultScope {5C2331C4-8D18-43A1-8F68-00EF2B12B4BD} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}SearchScopes: HKU\S-1-5-21-2400999468-2226729932-3990034108-1000 -> {5C2331C4-8D18-43A1-8F68-00EF2B12B4BD} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No FileFF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2400999468-2226729932-3990034108-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () Chrome: =======CHR Profile: C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\DefaultCHR Profile: C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2CHR Extension: (Google Slides) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]CHR Extension: (Google Docs) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]CHR Extension: (Google Drive) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]CHR Extension: (YouTube) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]CHR Extension: (Adblock Plus) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-06]CHR Extension: (Google Search) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]CHR Extension: (Google Sheets) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]CHR Extension: (Google Wallet) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]CHR Extension: (Gmail) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-15] (ASUSTeK Computer Inc.)S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-03] ()R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))S3 WinRing0_1_2_0; F:\Realtemp\WinRing0x64.sys [14544 2014-10-08] (OpenLibSys.org)S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) [File not signed]S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]S3 CorsairCAHS1; system32\drivers\CAHS164.sys [X]S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]S3 cpuz137; \??\C:\Users\Cameron\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]S3 RTL8192Ce; system32\DRIVERS\rtl8192Ce.sys [X]S3 RTWlanE; system32\DRIVERS\rtwlane.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 11:53 - 2015-02-08 11:53 - 00015101 _____ () C:\Users\Cameron\Downloads\FRST.txt2015-02-08 11:52 - 2015-02-08 11:53 - 00000000 ____D () C:\FRST2015-02-08 11:52 - 2015-02-08 11:52 - 02132992 _____ (Farbar) C:\Users\Cameron\Downloads\FRST64.exe2015-02-07 23:40 - 2015-02-07 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-07 23:40 - 2015-02-07 23:40 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-07 23:40 - 2015-02-07 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-07 23:40 - 2015-02-07 23:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-07 23:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-02-07 23:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-02-07 23:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-02-07 23:39 - 2015-02-07 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cameron\Downloads\mbam-setup-2.0.4.1028.exe2015-02-07 18:30 - 2015-02-07 18:30 - 00000000 ____D () C:\Program Files (x86)\Process Explorer2015-02-07 18:16 - 2015-02-07 18:16 - 01188194 _____ () C:\Users\Cameron\Downloads\ProcessExplorer.zip2015-02-06 23:07 - 2015-02-06 23:59 - 00000239 _____ () C:\Users\Cameron\Desktop\Linksys Smart Wi-Fi.txt2015-02-06 15:21 - 2015-02-06 15:21 - 00003544 _____ () C:\Windows\System32\Tasks\PCEAC68WLANMGR2015-02-06 15:20 - 2015-02-06 15:20 - 00000908 _____ () C:\Users\Public\Desktop\ASUS PCE-AC68 WLAN Control Center.lnk2015-02-06 15:20 - 2015-02-06 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility2015-02-06 15:20 - 2014-02-06 11:02 - 04400128 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll2015-02-06 15:20 - 2014-02-06 11:02 - 03667968 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll2015-02-06 15:07 - 2015-02-06 15:08 - 72243055 _____ () C:\Users\Cameron\Downloads\UT_PCE_AC68_2088.zip2015-02-06 15:04 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-02-06 15:03 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2015-02-06 15:03 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2015-02-06 15:03 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2015-02-06 15:03 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll2015-02-05 20:53 - 2015-02-05 20:53 - 00001269 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk2015-02-05 20:53 - 2015-02-05 20:53 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\Xirrus2015-02-05 20:53 - 2015-02-05 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus2015-02-05 20:53 - 2015-02-05 20:53 - 00000000 ____D () C:\Program Files (x86)\Xirrus2015-02-05 20:52 - 2015-02-05 20:53 - 22224144 _____ (Xirrus) C:\Users\Cameron\Downloads\WiFiInspector-Setup-1.2.1.4.exe2015-02-05 18:14 - 2015-02-05 18:14 - 00000221 _____ () C:\Users\Cameron\Desktop\Sniper Elite V2.url2015-02-05 17:09 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys2015-02-05 17:09 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe2015-02-05 17:09 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2015-02-05 17:09 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll2015-02-05 17:09 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll2015-02-05 17:09 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2015-02-05 17:09 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll2015-02-05 17:09 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll2015-02-05 17:09 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll2015-02-05 17:09 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll2015-02-05 17:09 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe2015-02-05 17:09 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2015-02-05 17:09 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2015-02-05 17:09 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll2015-02-05 17:09 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2015-02-05 17:09 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2015-02-05 17:09 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys2015-02-05 17:09 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys2015-02-05 17:09 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll2015-02-05 17:09 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll2015-02-05 15:38 - 2014-02-06 13:49 - 08071888 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS2015-02-05 15:38 - 2014-02-06 13:49 - 00096560 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll2015-02-05 15:38 - 2010-09-07 14:27 - 00038912 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\PcaSp60.sys2015-02-05 15:37 - 2010-09-07 14:27 - 00038912 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\PcaSp60.sys2015-02-02 00:46 - 2015-02-02 00:44 - 00051266 _____ () C:\Users\Cameron\Documents\1.save2015-02-02 00:46 - 2015-02-01 22:01 - 00002200 _____ () C:\Users\Cameron\Documents\2.save2015-02-02 00:46 - 2015-02-01 22:01 - 00000000 _____ () C:\Users\Cameron\Documents\2.save.upload2015-02-01 13:45 - 2015-02-01 13:45 - 00000000 ____D () C:\Windows\Sun2015-01-30 18:28 - 2015-02-02 00:45 - 00000000 ____D () C:\Users\Cameron\Documents\ACU Saves2015-01-27 23:42 - 2015-01-27 23:42 - 19560830 _____ () C:\Users\Cameron\Downloads\FW_EA3500_1.1.40.162464_prod.zip2015-01-27 23:34 - 2015-01-28 00:05 - 00000000 ____D () C:\ProgramData\Linksys2015-01-27 23:34 - 2015-01-27 23:34 - 20775200 _____ (Belkin International, Inc.) C:\Users\Cameron\Downloads\EA3500.2.0.14294.0-Setup.exe2015-01-25 14:28 - 2015-01-25 14:28 - 02533933 _____ () C:\Users\Cameron\Downloads\DR_PCE_N15_1008.zip2015-01-25 14:26 - 2015-01-25 14:28 - 61520750 _____ () C:\Users\Cameron\Downloads\UT_PCE_N15_1012.zip2015-01-25 00:47 - 2015-01-25 00:52 - 00000000 ____D () C:\Program Files (x86)\TeamViewer2015-01-25 00:47 - 2015-01-25 00:47 - 00001050 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk2015-01-25 00:47 - 2015-01-25 00:47 - 00001038 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk2015-01-24 21:39 - 2015-01-24 21:39 - 00000000 ____D () C:\Users\Cameron\AppData\Local\Mikogo2015-01-24 20:14 - 2015-01-24 20:14 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\NVIDIA2015-01-24 13:09 - 2015-01-24 13:09 - 00001354 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk2015-01-24 13:09 - 2015-01-16 01:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2015-01-24 13:09 - 2015-01-16 01:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2015-01-24 13:09 - 2015-01-16 01:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2015-01-24 13:09 - 2015-01-16 01:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2015-01-24 13:09 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys2015-01-24 13:09 - 2014-11-22 05:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll2015-01-24 13:09 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll2015-01-22 21:09 - 2015-01-10 03:07 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2015-01-22 21:09 - 2015-01-10 03:07 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2015-01-22 21:09 - 2015-01-09 18:30 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2015-01-22 21:09 - 2015-01-09 18:30 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2015-01-22 21:09 - 2015-01-09 18:29 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll2015-01-22 21:09 - 2015-01-09 18:29 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2015-01-22 21:09 - 2015-01-09 18:29 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2015-01-22 21:09 - 2015-01-09 18:29 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2015-01-22 21:09 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2015-01-22 21:09 - 2015-01-09 14:47 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin2015-01-22 21:08 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll2015-01-22 21:08 - 2015-01-12 23:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2015-01-22 21:08 - 2015-01-12 23:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2015-01-22 21:08 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-01-22 21:08 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2015-01-22 21:08 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2015-01-22 21:08 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2015-01-22 21:08 - 2015-01-10 03:07 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2015-01-22 21:08 - 2015-01-10 03:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-01-22 21:08 - 2015-01-10 03:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2015-01-22 21:08 - 2015-01-10 03:07 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2015-01-22 21:08 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-01-22 21:08 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-01-22 21:08 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-01-22 21:08 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-01-22 21:08 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-01-22 21:08 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-01-22 21:08 - 2015-01-10 03:07 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2015-01-22 21:08 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-01-22 21:08 - 2015-01-10 03:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2015-01-22 21:08 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll2015-01-22 21:08 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-01-22 21:08 - 2015-01-10 03:07 - 00027441 _____ () C:\Windows\system32\nvinfo.pb2015-01-21 13:31 - 2015-02-08 01:16 - 00000000 ____D () C:\Users\Cameron\Documents\Assassin's Creed Unity2015-01-20 12:30 - 2015-01-20 12:36 - 00000088 _____ () C:\Users\Cameron\Documents\ACU Key.txt2015-01-20 08:39 - 2015-01-20 08:39 - 00000222 _____ () C:\Users\Cameron\Desktop\Assassins Creed Unity.url2015-01-13 17:46 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-13 17:46 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-13 17:46 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-13 17:46 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-13 17:46 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-13 17:46 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-13 17:46 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-13 17:25 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-13 17:24 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-13 17:24 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-13 17:24 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-13 17:22 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-12 18:24 - 2015-01-12 18:46 - 00007673 _____ () C:\Users\Cameron\Documents\TombRaider.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 11:53 - 2013-04-18 15:54 - 01269710 _____ () C:\Windows\WindowsUpdate.log2015-02-08 11:49 - 2014-12-29 21:44 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-08 11:43 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-08 11:43 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-08 11:43 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-08 11:36 - 2014-09-24 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA2015-02-08 11:36 - 2013-04-18 20:52 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-08 11:36 - 2010-11-20 22:47 - 00236978 _____ () C:\Windows\PFRO.log2015-02-08 11:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-08 11:36 - 2009-07-13 23:51 - 00267275 _____ () C:\Windows\setupact.log2015-02-08 01:17 - 2013-04-18 21:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-07 23:14 - 2014-06-23 12:19 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\BitTorrent2015-02-07 21:49 - 2014-12-29 21:44 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-07 15:07 - 2013-04-21 17:08 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr2015-02-07 15:07 - 2013-04-21 17:06 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe2015-02-07 14:18 - 2013-04-21 17:06 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex02015-02-06 23:59 - 2014-09-06 14:39 - 00001072 _____ () C:\Users\Cameron\Desktop\Linksys Smart Wi-Fi.lnk2015-02-06 23:59 - 2014-09-06 14:39 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Linksys Smart Wi-Fi.lnk2015-02-06 22:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2015-02-06 15:20 - 2014-09-06 14:21 - 00000000 ____D () C:\Program Files (x86)\ASUS2015-02-06 15:20 - 2013-04-18 16:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-02-05 17:58 - 2014-02-10 16:03 - 00000396 __RSH () C:\ProgramData\ntuser.pol2015-02-05 17:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-02-05 17:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2015-02-05 16:17 - 2013-04-18 21:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-05 16:17 - 2013-04-18 21:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-05 16:17 - 2013-04-18 21:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-05 14:55 - 2009-07-13 21:34 - 00000411 _____ () C:\Windows\win.ini2015-02-03 00:10 - 2013-05-25 10:09 - 00000222 _____ () C:\Users\Cameron\Desktop\Chivalry Medieval Warfare.url2015-02-02 15:37 - 2013-12-06 12:56 - 00000000 ____D () C:\Users\Cameron\Documents\3DMark2015-02-02 15:34 - 2013-12-06 12:57 - 00000022 _____ () C:\Windows\GPU-Z.INI2015-02-01 21:18 - 2014-06-30 11:44 - 00000222 _____ () C:\Users\Cameron\Desktop\Arma 3.url2015-02-01 13:44 - 2014-10-17 09:01 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2015-02-01 13:44 - 2014-10-17 09:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2015-02-01 13:44 - 2014-10-17 09:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2015-02-01 13:44 - 2014-10-17 09:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-02-01 13:44 - 2014-10-17 09:01 - 00000000 ____D () C:\Program Files (x86)\Java2015-02-01 13:44 - 2014-09-14 21:30 - 00000000 ____D () C:\ProgramData\Oracle2015-01-29 20:35 - 2009-07-14 00:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-01-28 15:31 - 2014-09-29 20:42 - 01065984 _____ () C:\Users\Cameron\AppData\Local\file__0.localstorage2015-01-28 14:53 - 2013-07-19 16:15 - 00000221 _____ () C:\Users\Cameron\Desktop\Metro Last Light.url2015-01-25 13:09 - 2014-09-13 14:19 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics2015-01-25 01:02 - 2013-04-18 16:33 - 00058016 _____ () C:\Users\Cameron\AppData\Local\GDIPFONTCACHEV1.DAT2015-01-25 01:02 - 2009-07-13 23:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT2015-01-24 23:33 - 2014-12-29 21:44 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-01-24 13:09 - 2014-12-14 19:37 - 00000000 ____D () C:\Users\Cameron\AppData\Local\NVIDIA2015-01-24 13:09 - 2014-12-14 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2015-01-24 13:09 - 2013-10-29 18:05 - 00000000 ____D () C:\Users\Cameron\AppData\Local\NVIDIA Corporation2015-01-24 13:09 - 2013-07-17 12:25 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation2015-01-24 13:09 - 2013-04-18 16:42 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2015-01-24 13:09 - 2013-04-18 16:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2015-01-22 21:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help2015-01-21 22:01 - 2013-05-31 19:02 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-19 21:33 - 2013-08-14 11:39 - 00000000 ____D () C:\Windows\system32\MRT2015-01-19 21:31 - 2013-04-19 22:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-11 22:14 - 2013-09-13 14:42 - 00000222 _____ () C:\Users\Cameron\Desktop\Tomb Raider.url ==================== Files in the root of some directories ======= 2014-09-29 20:42 - 2015-01-28 15:31 - 1065984 _____ () C:\Users\Cameron\AppData\Local\file__0.localstorage2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Cameron\AppData\Local\setup.txt2014-05-31 19:17 - 2014-05-31 19:17 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP:====================C:\Users\Cameron\AppData\Local\Temp\drm_dialogs.dllC:\Users\Cameron\AppData\Local\Temp\drm_dyndata_7370014.dllC:\Users\Cameron\AppData\Local\Temp\drm_dyndata_7380014.dllC:\Users\Cameron\AppData\Local\Temp\drm_dyndata_7410004.dllC:\Users\Cameron\AppData\Local\Temp\fp_pl_pfs_installer.exeC:\Users\Cameron\AppData\Local\Temp\ICReinstall_Adobe_Flash_Setup.exeC:\Users\Cameron\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Cameron\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.10.exeC:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.46.0.exeC:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exeC:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.51.0.exeC:\Users\Cameron\AppData\Local\Temp\nv3DVStreaming.dllC:\Users\Cameron\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Cameron\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Cameron\AppData\Local\Temp\nvStereoApiI.dllC:\Users\Cameron\AppData\Local\Temp\nvStInst.exeC:\Users\Cameron\AppData\Local\Temp\optprosetup.exeC:\Users\Cameron\AppData\Local\Temp\sfamcc00001.dllC:\Users\Cameron\AppData\Local\Temp\sfextra.dllC:\Users\Cameron\AppData\Local\Temp\SHSetup.exeC:\Users\Cameron\AppData\Local\Temp\sonarinst.exeC:\Users\Cameron\AppData\Local\Temp\ubi5B5A.tmp.exeC:\Users\Cameron\AppData\Local\Temp\Uninstaller-3548.exeC:\Users\Cameron\AppData\Local\Temp\vcredist_x64.exeC:\Users\Cameron\AppData\Local\Temp\_is5215.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 00:59 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Sturmgewehr Posted February 8, 2015 Author ID:937638 Share Posted February 8, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015Ran by Cameron at 2015-02-08 11:53:21Running from C:\Users\Cameron\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM-x32\...\Steam App 223850) (Version: - Futuremark)3DMark 11 Demo (HKLM-x32\...\Steam App 221870) (Version: - Futuremark)7-Zip 9.32 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0932-000001000000}) (Version: 9.32.00.0 - Igor Pavlov)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - )Arma 2 (HKLM-x32\...\Steam App 33900) (Version: - Bohemia Interactive)Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version: - Ubisoft)Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version: - Ubisoft Montreal)Assassin's Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal)ASUS PCE-AC68 WLAN Card Utilities/Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.0.8.8 - ASUS)Autumn Aurora 2 for S.T.A.L.K.E.R - Shadow of Chernobyl (HKLM-x32\...\Autumn Aurora 2_is1) (Version: - )BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)Brytenwalda version 1.40 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.40 - Brytenwalda Dev.)Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)Corsair Headset Software (HKLM-x32\...\{F075D08D-A56D-4AA8-9A6A-45C79B78F45F}) (Version: 2.0.26 - Corsair)CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )Creation Kit (HKLM-x32\...\Steam App 202480) (Version: - bgs.bethsoft.com)Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)CrystalDiskMark 3.0.3b (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4619 - CyberLink Corp.)CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.)Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)Death to Spies (HKLM-x32\...\Steam App 9800) (Version: - Haggard Games)Death to Spies: Moment of Truth (HKLM-x32\...\Steam App 34410) (Version: - Haggard Games)Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Softworks)Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version: - Ubisoft Montreal)Far Cry 4 - Editor (HKLM-x32\...\Steam App 322310) (Version: - )Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version: - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft)Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version: - Scott Cawthon)Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version: - Scott Cawthon)Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)GECK - New Vegas Edition (HKLM-x32\...\Steam App 22480) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGrand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - Square Enix)Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version: - Eidos)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.0919.01 - )Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Tale Worlds)Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds)MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version: - )Python 2.7 pywin32-216 (HKLM-x32\...\pywin32-py2.7) (Version: - )Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version: - Tripwire)RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - GSC Game World)S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version: - GSC Game World)Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) HiddenSniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)State of Decay (HKLM-x32\...\Steam App 241540) (Version: - )Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - )TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Game Studios®)The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Softworks)The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)wxPython 2.8.12.0 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.0-ansi - Total Control Software)Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 06-02-2015 15:03:47 Windows Update06-02-2015 15:06:36 Windows Update06-02-2015 15:10:18 Removed ASUS PCE-AC68 WLAN Card Utilities/Driver06-02-2015 15:20:44 Installed ASUS PCE-AC68 WLAN Card Utilities/Driver07-02-2015 17:10:19 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-04-22 23:22 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {15646CAA-ADEA-4860-A051-ECAF974A959C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)Task: {223CC440-60C5-4962-BF48-F6DEDAAFE9FB} - System32\Tasks\{F8B107F9-10CE-428E-B9C2-0974525BD799} => pcalua.exe -a C:\Users\Cameron\Downloads\stk-us-10005.exe -d C:\Users\Cameron\DownloadsTask: {2D840A65-83E9-4467-840D-F5E820C7F1CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)Task: {36DBB39A-8E2A-4548-9BCF-4CA990292AA3} - System32\Tasks\{57701E75-D4EF-4236-B592-9B07880194A9} => pcalua.exe -a C:\Users\Cameron\Downloads\ovisetup.exe -d C:\Users\Cameron\DownloadsTask: {5DC778AF-FC92-4516-9E3B-79AA7542E225} - System32\Tasks\PCEAC68WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe [2014-06-06] (ASUS)Task: {5E056447-4F3E-4AE7-9178-4B1E09FC1693} - System32\Tasks\{06C1350D-617B-4E44-9474-22067AD9DD09} => pcalua.exe -a "C:\Program Files (x86)\RosettaStoneLtdServices\installanchorservice.exe" -d "C:\Program Files (x86)\RosettaStoneLtdServices"Task: {9691EC9F-B4A7-4E8D-81EE-4AA7D9917270} - \Updater26278.exe No Task File <==== ATTENTIONTask: {A10FDA36-7BFA-4990-97ED-0C3E8EE339D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-22 21:09 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-12-07 00:39 - 2012-06-01 17:42 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe2013-04-21 17:06 - 2014-06-03 18:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-12-07 00:39 - 2015-02-08 11:36 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll2014-12-07 00:39 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll2014-08-29 18:48 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2014-08-29 18:48 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2014-08-29 18:48 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2014-08-29 18:48 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2013-03-25 13:23 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-01-19 21:30 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll2015-01-19 21:30 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-01-19 21:30 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll2014-05-22 13:18 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll2014-08-29 18:48 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2013-03-29 10:53 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-03-26 15:16 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2014-12-29 21:45 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll2014-12-29 21:45 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll2014-12-29 21:45 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll2014-12-29 21:45 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll2013-04-18 16:14 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-08-14 21:56 - 2015-01-15 18:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2400999468-2226729932-3990034108-500 - Administrator - Disabled)Cameron (S-1-5-21-2400999468-2226729932-3990034108-1000 - Administrator - Enabled) => C:\Users\CameronGuest (S-1-5-21-2400999468-2226729932-3990034108-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2400999468-2226729932-3990034108-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/08/2015 11:38:09 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 09:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:56:48 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:44:12 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:44:11 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:40:12 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:36:47 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:36:45 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (02/08/2015 11:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Error: (02/08/2015 11:53:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The BCM42RLY service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (02/08/2015 11:38:09 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 09:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:56:48 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:44:12 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:44:11 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:40:12 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/07/2015 08:36:47 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:36:45 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)Description: The service process could not connect to the service controller. Error: (02/07/2015 08:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i7-3770K CPU @ 3.50GHzPercentage of memory in use: 19%Total physical RAM: 16328.28 MBAvailable physical RAM: 13183.21 MBTotal Pagefile: 32710.46 MBAvailable Pagefile: 29395.41 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:232.78 GB) (Free:152.23 GB) NTFSDrive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (HDD) (Fixed) (Total:931.41 GB) (Free:581.19 GB) NTFSDrive g: (HDD 2) (Fixed) (Total:2794.39 GB) (Free:2622.93 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 232.9 GB) (Disk ID: CDF06961)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DDC4733D)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 2794.5 GB) (Disk ID: 51E92DF6) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Valinorum Posted February 9, 2015 ID:937882 Share Posted February 9, 2015 Step #2 Fix with FRSTMake sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.Open Notepad.exe. Do not use any other text editor software;Copy and Paste the contents inside the code-box to your Notepad --StartCreateRestorePoint:CloseProcesses:EmptyTemp:HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\MountPoints2: {1323f1d3-a917-11e2-b9f0-c86000cb982d} - H:\HPLauncher.exeGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> DefaultScope value is missing.Task: {9691EC9F-B4A7-4E8D-81EE-4AA7D9917270} - \Updater26278.exe No Task File <==== ATTENTIONCMD: bitsadmin /reset /allusersEndClick on File > Save as...Inside the File Name box type fixlist.txt;From the Save as type drop down list, choose All FilesSave the file to your Desktop;Re-run FRST.exe and click Fix;Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.After the completion, a log will be produced;Copy and Paste the contents of the log in your next reply.Required Log(s):FRST Fix LogRegards,Valinorum Link to post Share on other sites More sharing options...
Sturmgewehr Posted February 9, 2015 Author ID:937980 Share Posted February 9, 2015 The instructions you have given seem to have fixed it. Here is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015Ran by Cameron at 2015-02-09 13:04:20 Run:2Running from C:\Users\Cameron\DownloadsLoaded Profiles: Cameron (Available profiles: Cameron)Boot Mode: Normal============================================== Content of fixlist:*****************StartCreateRestorePoint:CloseProcesses:EmptyTemp:HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\MountPoints2: {1323f1d3-a917-11e2-b9f0-c86000cb982d} - H:\HPLauncher.exeGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> DefaultScope value is missing.Task: {9691EC9F-B4A7-4E8D-81EE-4AA7D9917270} - \Updater26278.exe No Task File <==== ATTENTIONCMD: bitsadmin /reset /allusersEnd***************** Restore point was successfully created.Processes closed successfully."HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1323f1d3-a917-11e2-b9f0-c86000cb982d}" => Key deleted successfully.HKCR\CLSID\{1323f1d3-a917-11e2-b9f0-c86000cb982d} => Key not found. C:\Windows\system32\GroupPolicy\Machine => Moved successfully.C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9691EC9F-B4A7-4E8D-81EE-4AA7D9917270}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9691EC9F-B4A7-4E8D-81EE-4AA7D9917270}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe" => Key deleted successfully. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Unable to cancel {EF7466EE-9F04-42E8-A290-402A82DEF145}.{E66E2547-4E28-48CD-ABC0-D4B7F040E164} canceled.{5EBDA260-7337-4F9E-8CD1-15A929073C7F} canceled.{E1D4C4C4-1DD2-4EDB-BDEB-9F36BADA5C6F} canceled.3 out of 4 jobs canceled. ========= End of CMD: ========= EmptyTemp: => Removed 5.6 GB temporary data. The system needed a reboot. ==== End of Fixlog 13:04:42 ==== Link to post Share on other sites More sharing options...
Valinorum Posted February 10, 2015 ID:938385 Share Posted February 10, 2015 Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak. ♣ Removal of Tools and Quarantined Files ♣ Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.Cleanup with Delfix Please download DelFix by Xplode to your Desktop. Download LinkDouble-click to run the program;Note: Windows Vista/7/8 users right-click and choose Run as administratorMake sure that all the boxes are checked;Click Run;A log will be opened after the operation is finished;Copy and Paste it in your next reply ♣ Prevention and Future Guidelines ♣ Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.Keep Windows up-to-date. It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.Run antivirus software and keep it up-to-date, too. Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!Keep your web browser plugins and other programs updated also. This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats. A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC. No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit. Download NoSript by Giorgio Maone. Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.Watch out for new threat named CryptoLocker CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures. How to prevent your computer from becoming infected by CryptoLocker.And last of all, surf smart. It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.Regards, Valinorum Link to post Share on other sites More sharing options...
Sturmgewehr Posted February 10, 2015 Author ID:938413 Share Posted February 10, 2015 Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak. ♣ Removal of Tools and Quarantined Files ♣ Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.Cleanup with Delfix Please download DelFix by Xplode to your Desktop.Download LinkDouble-click to run the program;Note: Windows Vista/7/8 users right-click and choose Run as administratorMake sure that all the boxes are checked;Click Run;A log will be opened after the operation is finished;Copy and Paste it in your next reply♣ Prevention and Future Guidelines ♣ Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.Keep Windows up-to-date.It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.Run antivirus software and keep it up-to-date, too.Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!Keep your web browser plugins and other programs updated also.This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.Download NoSript by Giorgio Maone.Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.Watch out for new threat named CryptoLockerCryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.How to prevent your computer from becoming infected by CryptoLocker.And last of all, surf smart.It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online. Regards,Valinorum Well, whatever it was, it's gone now. Thanks so much for your help. I did not know the fix was so simple. I should have came here right after it started happening (: If it wasn't Malware, what could have it been? It must have been a Temp file because the fix cleared 5.6 GB of them. I'm glad it's over! Link to post Share on other sites More sharing options...
Valinorum Posted February 11, 2015 ID:938569 Share Posted February 11, 2015 Please, try to avoid quoting messages of the helpers as it makes the replies necessarily long. I blame the unused task file. It was removed earlier but not the task file. The CMD window may appear due to it and pending further information which it did not get as the mother file was removed. Regards, Valinorum Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 16, 2015 Root Admin ID:940002 Share Posted February 16, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts