Jump to content

Strange Issues Regarding Cmd.exe (Possible Malware?)


Recommended Posts

Hi. I'm Sturm. I just joined and have been using Malwarebytes for years now. I have been having this issue with a cmd.exe window appearing a few minutes after booting. The window actually appears twice on startup, around 15 seconds after the first one, and does not contain any text. It is simply a blank window, and the text on top just says "Cmd.exe". I have no idea what this is, and it only appeared four weeks ago. With the help of a friend, I discovered it had something to do with my IP being renewed and released upon startup, and even doing it hours after that. I cannot find the root source of it, however, and I fear it may be some form of Malware, although I haven't heard of anyone else having an issue like this. I scanned with Malwarebytes, and nothing significant came up. All that was found was some old files and keys from Adware I long since gotten rid of. I initially thought it was my adapter that was causing this, so I swapped it out and put in a new one. To my dismay, nothing changed. Interestingly, the cmd window appears only once (instead of "flashing" twice) without an internet connection.

 

Today, I installed Process Explorer to hopefully discover some more information about the mysterious cmd windows. I found several suspicious things. I thought that Mobsync was the cause of it, but this turned out false. I then suspected LMS.exe and UNS.exe, because upon the cmd appearing, they seemed to also appear, with Google Update triggering before them. I disabled all three, and nothing changed.

 

The only file left that is of interest so far is Conhost.exe or maybe WmiPrvSE.exe (the latter because I did see it temporarily highlighted green several times when the popups appear). I have three copies of Conhost.exe by default according to Process Explorer. When I open Cmd.exe manually, they expand to include another copy. When the popups happen, they expand the same way, but I am unsure if it is the "same" copy I saw when I opened Cmd manually. What does this mean? Am I infected? I don't see anything malicious as of yet, but it is very frustrating and I want to get to the bottom of it, before it turns into something else. It has the ability to force me out of a game when the popups happen. I'm not sure if this is a normal property of Cmd.exe or unique to my issue. I am sure, however, that Conhost.exe does have something in common with the popups. I just don't know what.

post-183095-0-18361500-1423368481_thumb.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015

Ran by Cameron (administrator) on CAMERONPC on 08-02-2015 11:53:03

Running from C:\Users\Cameron\Downloads

Loaded Profiles: Cameron (Available profiles: Cameron)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(ASUS) C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)

HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.)

HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)

HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\MountPoints2: {1323f1d3-a917-11e2-b9f0-c86000cb982d} - H:\HPLauncher.exe

HKU\S-1-5-18\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-2400999468-2226729932-3990034108-1000 -> DefaultScope {5C2331C4-8D18-43A1-8F68-00EF2B12B4BD} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2400999468-2226729932-3990034108-1000 -> {5C2331C4-8D18-43A1-8F68-00EF2B12B4BD} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2400999468-2226729932-3990034108-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

 

Chrome: 

=======

CHR Profile: C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default

CHR Profile: C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2

CHR Extension: (Google Slides) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]

CHR Extension: (Google Docs) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]

CHR Extension: (Google Drive) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]

CHR Extension: (YouTube) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]

CHR Extension: (Adblock Plus) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-06]

CHR Extension: (Google Search) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]

CHR Extension: (Google Sheets) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]

CHR Extension: (Google Wallet) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]

CHR Extension: (Gmail) - C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)

R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-15] (ASUSTeK Computer Inc.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)

S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-03] ()

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))

S3 WinRing0_1_2_0; F:\Realtemp\WinRing0x64.sys [14544 2014-10-08] (OpenLibSys.org)

S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) [File not signed]

S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]

S3 CorsairCAHS1; system32\drivers\CAHS164.sys [X]

S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

S3 cpuz137; \??\C:\Users\Cameron\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]

S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

S3 RTL8192Ce; system32\DRIVERS\rtl8192Ce.sys [X]

S3 RTWlanE; system32\DRIVERS\rtwlane.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-08 11:53 - 2015-02-08 11:53 - 00015101 _____ () C:\Users\Cameron\Downloads\FRST.txt

2015-02-08 11:52 - 2015-02-08 11:53 - 00000000 ____D () C:\FRST

2015-02-08 11:52 - 2015-02-08 11:52 - 02132992 _____ (Farbar) C:\Users\Cameron\Downloads\FRST64.exe

2015-02-07 23:40 - 2015-02-07 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-07 23:40 - 2015-02-07 23:40 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-07 23:40 - 2015-02-07 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-07 23:40 - 2015-02-07 23:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-07 23:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-07 23:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-07 23:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-07 23:39 - 2015-02-07 23:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Cameron\Downloads\mbam-setup-2.0.4.1028.exe

2015-02-07 18:30 - 2015-02-07 18:30 - 00000000 ____D () C:\Program Files (x86)\Process Explorer

2015-02-07 18:16 - 2015-02-07 18:16 - 01188194 _____ () C:\Users\Cameron\Downloads\ProcessExplorer.zip

2015-02-06 23:07 - 2015-02-06 23:59 - 00000239 _____ () C:\Users\Cameron\Desktop\Linksys Smart Wi-Fi.txt

2015-02-06 15:21 - 2015-02-06 15:21 - 00003544 _____ () C:\Windows\System32\Tasks\PCEAC68WLANMGR

2015-02-06 15:20 - 2015-02-06 15:20 - 00000908 _____ () C:\Users\Public\Desktop\ASUS PCE-AC68 WLAN Control Center.lnk

2015-02-06 15:20 - 2015-02-06 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility

2015-02-06 15:20 - 2014-02-06 11:02 - 04400128 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll

2015-02-06 15:20 - 2014-02-06 11:02 - 03667968 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll

2015-02-06 15:07 - 2015-02-06 15:08 - 72243055 _____ () C:\Users\Cameron\Downloads\UT_PCE_AC68_2088.zip

2015-02-06 15:04 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-02-06 15:03 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-02-06 15:03 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2015-02-06 15:03 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-02-06 15:03 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-02-05 20:53 - 2015-02-05 20:53 - 00001269 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk

2015-02-05 20:53 - 2015-02-05 20:53 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\Xirrus

2015-02-05 20:53 - 2015-02-05 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus

2015-02-05 20:53 - 2015-02-05 20:53 - 00000000 ____D () C:\Program Files (x86)\Xirrus

2015-02-05 20:52 - 2015-02-05 20:53 - 22224144 _____ (Xirrus) C:\Users\Cameron\Downloads\WiFiInspector-Setup-1.2.1.4.exe

2015-02-05 18:14 - 2015-02-05 18:14 - 00000221 _____ () C:\Users\Cameron\Desktop\Sniper Elite V2.url

2015-02-05 17:09 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2015-02-05 17:09 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-05 17:09 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-05 17:09 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2015-02-05 17:09 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2015-02-05 17:09 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2015-02-05 17:09 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2015-02-05 17:09 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2015-02-05 17:09 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2015-02-05 17:09 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2015-02-05 17:09 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2015-02-05 17:09 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2015-02-05 17:09 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2015-02-05 17:09 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll

2015-02-05 17:09 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2015-02-05 17:09 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-02-05 17:09 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2015-02-05 17:09 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys

2015-02-05 17:09 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2015-02-05 17:09 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2015-02-05 15:38 - 2014-02-06 13:49 - 08071888 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS

2015-02-05 15:38 - 2014-02-06 13:49 - 00096560 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll

2015-02-05 15:38 - 2010-09-07 14:27 - 00038912 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\system32\Drivers\PcaSp60.sys

2015-02-05 15:37 - 2010-09-07 14:27 - 00038912 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\Drivers\PcaSp60.sys

2015-02-02 00:46 - 2015-02-02 00:44 - 00051266 _____ () C:\Users\Cameron\Documents\1.save

2015-02-02 00:46 - 2015-02-01 22:01 - 00002200 _____ () C:\Users\Cameron\Documents\2.save

2015-02-02 00:46 - 2015-02-01 22:01 - 00000000 _____ () C:\Users\Cameron\Documents\2.save.upload

2015-02-01 13:45 - 2015-02-01 13:45 - 00000000 ____D () C:\Windows\Sun

2015-01-30 18:28 - 2015-02-02 00:45 - 00000000 ____D () C:\Users\Cameron\Documents\ACU Saves

2015-01-27 23:42 - 2015-01-27 23:42 - 19560830 _____ () C:\Users\Cameron\Downloads\FW_EA3500_1.1.40.162464_prod.zip

2015-01-27 23:34 - 2015-01-28 00:05 - 00000000 ____D () C:\ProgramData\Linksys

2015-01-27 23:34 - 2015-01-27 23:34 - 20775200 _____ (Belkin International, Inc.) C:\Users\Cameron\Downloads\EA3500.2.0.14294.0-Setup.exe

2015-01-25 14:28 - 2015-01-25 14:28 - 02533933 _____ () C:\Users\Cameron\Downloads\DR_PCE_N15_1008.zip

2015-01-25 14:26 - 2015-01-25 14:28 - 61520750 _____ () C:\Users\Cameron\Downloads\UT_PCE_N15_1012.zip

2015-01-25 00:47 - 2015-01-25 00:52 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2015-01-25 00:47 - 2015-01-25 00:47 - 00001050 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

2015-01-25 00:47 - 2015-01-25 00:47 - 00001038 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk

2015-01-24 21:39 - 2015-01-24 21:39 - 00000000 ____D () C:\Users\Cameron\AppData\Local\Mikogo

2015-01-24 20:14 - 2015-01-24 20:14 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\NVIDIA

2015-01-24 13:09 - 2015-01-24 13:09 - 00001354 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk

2015-01-24 13:09 - 2015-01-16 01:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2015-01-24 13:09 - 2015-01-16 01:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2015-01-24 13:09 - 2015-01-16 01:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2015-01-24 13:09 - 2015-01-16 01:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2015-01-24 13:09 - 2014-11-22 05:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2015-01-24 13:09 - 2014-11-22 05:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2015-01-24 13:09 - 2014-11-22 05:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2015-01-22 21:09 - 2015-01-10 03:07 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2015-01-22 21:09 - 2015-01-10 03:07 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2015-01-22 21:09 - 2015-01-09 18:30 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2015-01-22 21:09 - 2015-01-09 18:30 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2015-01-22 21:09 - 2015-01-09 18:29 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2015-01-22 21:09 - 2015-01-09 18:29 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2015-01-22 21:09 - 2015-01-09 18:29 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2015-01-22 21:09 - 2015-01-09 18:29 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2015-01-22 21:09 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2015-01-22 21:09 - 2015-01-09 14:47 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin

2015-01-22 21:08 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

2015-01-22 21:08 - 2015-01-12 23:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2015-01-22 21:08 - 2015-01-12 23:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-01-22 21:08 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-01-22 21:08 - 2015-01-10 03:07 - 00027441 _____ () C:\Windows\system32\nvinfo.pb

2015-01-21 13:31 - 2015-02-08 01:16 - 00000000 ____D () C:\Users\Cameron\Documents\Assassin's Creed Unity

2015-01-20 12:30 - 2015-01-20 12:36 - 00000088 _____ () C:\Users\Cameron\Documents\ACU Key.txt

2015-01-20 08:39 - 2015-01-20 08:39 - 00000222 _____ () C:\Users\Cameron\Desktop\Assassins Creed Unity.url

2015-01-13 17:46 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-13 17:46 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-13 17:46 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-13 17:46 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-13 17:46 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-13 17:46 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-13 17:46 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-13 17:25 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-13 17:24 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-13 17:24 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-13 17:24 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 17:22 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-12 18:24 - 2015-01-12 18:46 - 00007673 _____ () C:\Users\Cameron\Documents\TombRaider.log

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-08 11:53 - 2013-04-18 15:54 - 01269710 _____ () C:\Windows\WindowsUpdate.log

2015-02-08 11:49 - 2014-12-29 21:44 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-08 11:43 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-08 11:43 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-08 11:43 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-08 11:36 - 2014-09-24 14:53 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-08 11:36 - 2013-04-18 20:52 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-02-08 11:36 - 2010-11-20 22:47 - 00236978 _____ () C:\Windows\PFRO.log

2015-02-08 11:36 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-08 11:36 - 2009-07-13 23:51 - 00267275 _____ () C:\Windows\setupact.log

2015-02-08 01:17 - 2013-04-18 21:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-07 23:14 - 2014-06-23 12:19 - 00000000 ____D () C:\Users\Cameron\AppData\Roaming\BitTorrent

2015-02-07 21:49 - 2014-12-29 21:44 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-07 15:07 - 2013-04-21 17:08 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2015-02-07 15:07 - 2013-04-21 17:06 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2015-02-07 14:18 - 2013-04-21 17:06 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2015-02-06 23:59 - 2014-09-06 14:39 - 00001072 _____ () C:\Users\Cameron\Desktop\Linksys Smart Wi-Fi.lnk

2015-02-06 23:59 - 2014-09-06 14:39 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Linksys Smart Wi-Fi.lnk

2015-02-06 22:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-06 15:20 - 2014-09-06 14:21 - 00000000 ____D () C:\Program Files (x86)\ASUS

2015-02-06 15:20 - 2013-04-18 16:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-02-05 17:58 - 2014-02-10 16:03 - 00000396 __RSH () C:\ProgramData\ntuser.pol

2015-02-05 17:10 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-05 17:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-02-05 16:17 - 2013-04-18 21:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-02-05 16:17 - 2013-04-18 21:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-05 16:17 - 2013-04-18 21:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-02-05 14:55 - 2009-07-13 21:34 - 00000411 _____ () C:\Windows\win.ini

2015-02-03 00:10 - 2013-05-25 10:09 - 00000222 _____ () C:\Users\Cameron\Desktop\Chivalry Medieval Warfare.url

2015-02-02 15:37 - 2013-12-06 12:56 - 00000000 ____D () C:\Users\Cameron\Documents\3DMark

2015-02-02 15:34 - 2013-12-06 12:57 - 00000022 _____ () C:\Windows\GPU-Z.INI

2015-02-01 21:18 - 2014-06-30 11:44 - 00000222 _____ () C:\Users\Cameron\Desktop\Arma 3.url

2015-02-01 13:44 - 2014-10-17 09:01 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-02-01 13:44 - 2014-10-17 09:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-02-01 13:44 - 2014-10-17 09:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-02-01 13:44 - 2014-10-17 09:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-02-01 13:44 - 2014-10-17 09:01 - 00000000 ____D () C:\Program Files (x86)\Java

2015-02-01 13:44 - 2014-09-14 21:30 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-29 20:35 - 2009-07-14 00:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-28 15:31 - 2014-09-29 20:42 - 01065984 _____ () C:\Users\Cameron\AppData\Local\file__0.localstorage

2015-01-28 14:53 - 2013-07-19 16:15 - 00000221 _____ () C:\Users\Cameron\Desktop\Metro Last Light.url

2015-01-25 13:09 - 2014-09-13 14:19 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-01-25 01:02 - 2013-04-18 16:33 - 00058016 _____ () C:\Users\Cameron\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-25 01:02 - 2009-07-13 23:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-24 23:33 - 2014-12-29 21:44 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-24 13:09 - 2014-12-14 19:37 - 00000000 ____D () C:\Users\Cameron\AppData\Local\NVIDIA

2015-01-24 13:09 - 2014-12-14 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-01-24 13:09 - 2013-10-29 18:05 - 00000000 ____D () C:\Users\Cameron\AppData\Local\NVIDIA Corporation

2015-01-24 13:09 - 2013-07-17 12:25 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2015-01-24 13:09 - 2013-04-18 16:42 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-01-24 13:09 - 2013-04-18 16:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2015-01-22 21:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help

2015-01-21 22:01 - 2013-05-31 19:02 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-01-19 21:33 - 2013-08-14 11:39 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-19 21:31 - 2013-04-19 22:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-11 22:14 - 2013-09-13 14:42 - 00000222 _____ () C:\Users\Cameron\Desktop\Tomb Raider.url

 

==================== Files in the root of some directories =======

 

2014-09-29 20:42 - 2015-01-28 15:31 - 1065984 _____ () C:\Users\Cameron\AppData\Local\file__0.localstorage

2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Cameron\AppData\Local\setup.txt

2014-05-31 19:17 - 2014-05-31 19:17 - 0000057 _____ () C:\ProgramData\Ament.ini

 

Some content of TEMP:

====================

C:\Users\Cameron\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Cameron\AppData\Local\Temp\drm_dyndata_7370014.dll

C:\Users\Cameron\AppData\Local\Temp\drm_dyndata_7380014.dll

C:\Users\Cameron\AppData\Local\Temp\drm_dyndata_7410004.dll

C:\Users\Cameron\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Cameron\AppData\Local\Temp\ICReinstall_Adobe_Flash_Setup.exe

C:\Users\Cameron\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Cameron\AppData\Local\Temp\jre-8u31-windows-au.exe

C:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.44.10.exe

C:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.46.0.exe

C:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exe

C:\Users\Cameron\AppData\Local\Temp\Nexus%20Mod%20Manager-0.51.0.exe

C:\Users\Cameron\AppData\Local\Temp\nv3DVStreaming.dll

C:\Users\Cameron\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Cameron\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Cameron\AppData\Local\Temp\nvStereoApiI.dll

C:\Users\Cameron\AppData\Local\Temp\nvStInst.exe

C:\Users\Cameron\AppData\Local\Temp\optprosetup.exe

C:\Users\Cameron\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Cameron\AppData\Local\Temp\sfextra.dll

C:\Users\Cameron\AppData\Local\Temp\SHSetup.exe

C:\Users\Cameron\AppData\Local\Temp\sonarinst.exe

C:\Users\Cameron\AppData\Local\Temp\ubi5B5A.tmp.exe

C:\Users\Cameron\AppData\Local\Temp\Uninstaller-3548.exe

C:\Users\Cameron\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Cameron\AppData\Local\Temp\_is5215.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-03 00:59

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015

Ran by Cameron at 2015-02-08 11:53:21

Running from C:\Users\Cameron\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)

3DMark 11 Demo (HKLM-x32\...\Steam App 221870) (Version:  - Futuremark)

7-Zip 9.32 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0932-000001000000}) (Version: 9.32.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - )

Arma 2 (HKLM-x32\...\Steam App 33900) (Version:  - Bohemia Interactive)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)

Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)

Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version:  - Ubisoft)

Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)

Assassin's Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)

ASUS PCE-AC68 WLAN Card Utilities/Driver (HKLM-x32\...\{39BD9681-D3B1-435C-A0C1-F87C68513401}) (Version: 2.0.8.8 - ASUS)

Autumn Aurora 2 for S.T.A.L.K.E.R - Shadow of Chernobyl (HKLM-x32\...\Autumn Aurora 2_is1) (Version:  - )

BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)

Brytenwalda version 1.40 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.40 - Brytenwalda Dev.)

Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)

Corsair Headset Software (HKLM-x32\...\{F075D08D-A56D-4AA8-9A6A-45C79B78F45F}) (Version: 2.0.26 - Corsair)

CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )

Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)

Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)

CrystalDiskMark 3.0.3b (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.3b - Crystal Dew World)

CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )

CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)

CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4619 - CyberLink Corp.)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.)

Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

Death to Spies (HKLM-x32\...\Steam App 9800) (Version:  - Haggard Games)

Death to Spies: Moment of Truth (HKLM-x32\...\Steam App 34410) (Version:  - Haggard Games)

Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Softworks)

Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)

Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)

Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)

Far Cry 4 - Editor (HKLM-x32\...\Steam App 322310) (Version:  - )

Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version:  - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)

Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft)

Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)

Five Nights at Freddy's 2 (HKLM-x32\...\Steam App 332800) (Version:  - Scott Cawthon)

Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark)

GECK - New Vegas Edition (HKLM-x32\...\Steam App 22480) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)

Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)

Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - Square Enix)

Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version:  - Eidos)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)

Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.0919.01 - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)

Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Tale Worlds)

Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds)

MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)

NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)

Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version:  - )

Python 2.7 pywin32-216 (HKLM-x32\...\pywin32-py2.7) (Version:  - )

Python 2.7.1 (HKLM-x32\...\{32939827-d8e5-470a-b126-870db3c69fdf}) (Version: 2.7.1150 - Python Software Foundation)

Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)

Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire)

RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - GSC Game World)

S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)

Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)

SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden

Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)

Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)

State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - )

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - )

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)

TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)

The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)

The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Softworks)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)

The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)

Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)

Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)

Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)

wxPython 2.8.12.0 (ansi) for Python 2.7 (HKLM-x32\...\wxPython2.8-ansi-py27_is1) (Version: 2.8.12.0-ansi - Total Control Software)

Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

06-02-2015 15:03:47 Windows Update

06-02-2015 15:06:36 Windows Update

06-02-2015 15:10:18 Removed ASUS PCE-AC68 WLAN Card Utilities/Driver

06-02-2015 15:20:44 Installed ASUS PCE-AC68 WLAN Card Utilities/Driver

07-02-2015 17:10:19 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2014-04-22 23:22 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {15646CAA-ADEA-4860-A051-ECAF974A959C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)

Task: {223CC440-60C5-4962-BF48-F6DEDAAFE9FB} - System32\Tasks\{F8B107F9-10CE-428E-B9C2-0974525BD799} => pcalua.exe -a C:\Users\Cameron\Downloads\stk-us-10005.exe -d C:\Users\Cameron\Downloads

Task: {2D840A65-83E9-4467-840D-F5E820C7F1CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {36DBB39A-8E2A-4548-9BCF-4CA990292AA3} - System32\Tasks\{57701E75-D4EF-4236-B592-9B07880194A9} => pcalua.exe -a C:\Users\Cameron\Downloads\ovisetup.exe -d C:\Users\Cameron\Downloads

Task: {5DC778AF-FC92-4516-9E3B-79AA7542E225} - System32\Tasks\PCEAC68WLANMGR => C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe [2014-06-06] (ASUS)

Task: {5E056447-4F3E-4AE7-9178-4B1E09FC1693} - System32\Tasks\{06C1350D-617B-4E44-9474-22067AD9DD09} => pcalua.exe -a "C:\Program Files (x86)\RosettaStoneLtdServices\installanchorservice.exe" -d "C:\Program Files (x86)\RosettaStoneLtdServices"

Task: {9691EC9F-B4A7-4E8D-81EE-4AA7D9917270} - \Updater26278.exe No Task File <==== ATTENTION

Task: {A10FDA36-7BFA-4990-97ED-0C3E8EE339D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2015-01-22 21:09 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-12-07 00:39 - 2012-06-01 17:42 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

2013-04-21 17:06 - 2014-06-03 18:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-07 00:39 - 2015-02-08 11:36 - 00033280 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll

2014-12-07 00:39 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

2014-08-29 18:48 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-08-29 18:48 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-08-29 18:48 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-08-29 18:48 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2013-03-25 13:23 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-01-19 21:30 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-01-19 21:30 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-01-19 21:30 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2014-05-22 13:18 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-29 18:48 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2013-03-29 10:53 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-03-26 15:16 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-12-29 21:45 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-29 21:45 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-29 21:45 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-29 21:45 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2013-04-18 16:14 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-08-14 21:56 - 2015-01-15 18:42 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Registry Areas =====================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2400999468-2226729932-3990034108-500 - Administrator - Disabled)

Cameron (S-1-5-21-2400999468-2226729932-3990034108-1000 - Administrator - Enabled) => C:\Users\Cameron

Guest (S-1-5-21-2400999468-2226729932-3990034108-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2400999468-2226729932-3990034108-1005 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/08/2015 11:38:09 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 09:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:56:48 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:44:12 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:44:11 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:40:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:36:47 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:36:45 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (02/08/2015 11:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

Error: (02/08/2015 11:53:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The BCM42RLY service failed to start due to the following error: 

%%2

 

 

Microsoft Office Sessions:

=========================

Error: (02/08/2015 11:38:09 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 09:22:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:56:48 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:44:12 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:44:11 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:40:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/07/2015 08:36:47 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:36:45 PM) (Source: LMS) (EventID: 2) (User: CAMERONPC)

Description: The service process could not connect to the service controller.

 

Error: (02/07/2015 08:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-3770K CPU @ 3.50GHz

Percentage of memory in use: 19%

Total physical RAM: 16328.28 MB

Available physical RAM: 13183.21 MB

Total Pagefile: 32710.46 MB

Available Pagefile: 29395.41 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: (SSD) (Fixed) (Total:232.78 GB) (Free:152.23 GB) NTFS

Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (HDD) (Fixed) (Total:931.41 GB) (Free:581.19 GB) NTFS

Drive g: (HDD 2) (Fixed) (Total:2794.39 GB) (Free:2622.93 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: CDF06961)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DDC4733D)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (Size: 2794.5 GB) (Disk ID: 51E92DF6)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Step #2 Fix with FRST

    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --

      StartCreateRestorePoint:CloseProcesses:EmptyTemp:HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\MountPoints2: {1323f1d3-a917-11e2-b9f0-c86000cb982d} - H:\HPLauncher.exeGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONSearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> DefaultScope value is missing.Task: {9691EC9F-B4A7-4E8D-81EE-4AA7D9917270} - \Updater26278.exe No Task File <==== ATTENTIONCMD: bitsadmin /reset /allusersEnd
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.

  • Required Log(s):
    • FRST Fix Log
Regards,

Valinorum

Link to post
Share on other sites

The instructions you have given seem to have fixed it.

 

Here is the log: 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Cameron at 2015-02-09 13:04:20 Run:2
Running from C:\Users\Cameron\Downloads
Loaded Profiles: Cameron (Available profiles: Cameron)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\...\MountPoints2: {1323f1d3-a917-11e2-b9f0-c86000cb982d} - H:\HPLauncher.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
Task: {9691EC9F-B4A7-4E8D-81EE-4AA7D9917270} - \Updater26278.exe No Task File <==== ATTENTION
CMD: bitsadmin /reset /allusers
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2400999468-2226729932-3990034108-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1323f1d3-a917-11e2-b9f0-c86000cb982d}" => Key deleted successfully.
HKCR\CLSID\{1323f1d3-a917-11e2-b9f0-c86000cb982d} => Key not found. 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9691EC9F-B4A7-4E8D-81EE-4AA7D9917270}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9691EC9F-B4A7-4E8D-81EE-4AA7D9917270}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater26278.exe" => Key deleted successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {EF7466EE-9F04-42E8-A290-402A82DEF145}.
{E66E2547-4E28-48CD-ABC0-D4B7F040E164} canceled.
{5EBDA260-7337-4F9E-8CD1-15A929073C7F} canceled.
{E1D4C4C4-1DD2-4EDB-BDEB-9F36BADA5C6F} canceled.
3 out of 4 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 5.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:04:42 ====
Link to post
Share on other sites

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.


♣ Removal of Tools and Quarantined Files ♣


Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

  • Cleanup with Delfix

    Please download DelFix by Xplode to your Desktop.

    Download Link

    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣


Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.

    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.

  • Run antivirus software and keep it up-to-date, too.

    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!

  • Keep your web browser plugins and other programs updated also.

    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

  • Watch out for new threat named CryptoLocker

    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.

    How to prevent your computer from becoming infected by CryptoLocker.

  • And last of all, surf smart.

    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

Regards,

Valinorum

Link to post
Share on other sites

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.


 

♣ Removal of Tools and Quarantined Files ♣


Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

  • Cleanup with Delfix

    Please download DelFix by Xplode to your Desktop.

    Download Link

    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣


Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.

    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.

  • Run antivirus software and keep it up-to-date, too.

    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!

  • Keep your web browser plugins and other programs updated also.

    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

  • Watch out for new threat named CryptoLocker

    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.

    How to prevent your computer from becoming infected by CryptoLocker.

  • And last of all, surf smart.

    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

     

Regards,

Valinorum

 

Well, whatever it was, it's gone now. Thanks so much for your help. I did not know the fix was so simple. I should have came here right after it started happening (:

 

If it wasn't Malware, what could have it been? It must have been a Temp file because the fix cleared 5.6 GB of them. I'm glad it's over!

Link to post
Share on other sites

Please, try to avoid quoting messages of the helpers as it makes the replies necessarily long. I blame the unused task file. It was removed earlier but not the task file. The CMD window may appear due to it and pending further information which it did not get as the mother file was removed.

Regards,

Valinorum

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.