TechSpot

MyAllSearch Virus Log Handling

By Gibsonian
Mar 6, 2016
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by Ivan (administrator) on ARKHAM (06-03-2016 17:46:26)
    Running from C:\Users\Ivan\Desktop
    Loaded Profiles: Ivan (Available Profiles: Ivan)
    Platform: Windows 7 Ultimate (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Sunbelt Software) C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4791\Agent.exe
    (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.6734\Battle.net.exe
    (Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Wow-64.exe
    (Blizzard Entertainment) C:\Program Files (x86)\World of Warcraft\Utils\WowBrowserProxy.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
    HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [1348944 2010-08-20] (Sunbelt Software)
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2763776 2009-10-28] (VIA)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
    HKU\S-1-5-21-1872521961-1581501611-3650484097-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
    HKU\S-1-5-21-1872521961-1581501611-3650484097-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
    Tcpip\..\Interfaces\{7C43E946-0AE4-4B6E-A363-5AC0A27D9CBB}: [DhcpNameServer] 64.71.255.204 64.71.255.198

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1872521961-1581501611-3650484097-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-30] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-30] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-08-10] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-08-10] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-08-10] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-08-10] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-21] ()
    FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-30] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-30] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.ca/
    CHR StartupUrls: Default -> "hxxp://www.google.ca/"
    CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-09]
    CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-09]
    CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
    CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Sheets) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-09]
    CHR Extension: (Google Docs Offline) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-09]
    CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-09]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-15] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-15] (Dropbox, Inc.)
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-26] (Electronic Arts)
    R2 SBAMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2763080 2010-08-20] (Sunbelt Software)
    R2 SBPIMSvc; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [181584 2010-08-20] (Sunbelt Software)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
    R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-14] (Disc Soft Ltd)
    R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-14] (Disc Soft Ltd)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
    R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [64600 2010-06-14] (Sunbelt Software)
    R1 SbFw; C:\Windows\System32\drivers\SbFw.sys [253528 2010-07-27] (Sunbelt Software, Inc.)
    S3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84056 2010-04-15] (Sunbelt Software, Inc.)
    R3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84056 2010-04-15] (Sunbelt Software, Inc.)
    S3 sbhips; C:\Windows\System32\drivers\sbhips.sys [60504 2010-07-27] (Sunbelt Software, Inc.)
    R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
    R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [98392 2010-05-13] (Sunbelt Software)
    R1 SbTis; C:\Windows\System32\drivers\sbtis.sys [94296 2010-07-27] (Sunbelt Software, Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-16] ()
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-06 17:46 - 2016-03-06 17:47 - 00018000 _____ C:\Users\Ivan\Desktop\FRST.txt
    2016-03-06 17:45 - 2016-03-06 17:45 - 02374144 _____ (Farbar) C:\Users\Ivan\Desktop\FRST64.exe
    2016-02-20 06:39 - 2016-03-06 06:34 - 00003416 _____ C:\Windows\System32\Tasks\SteamClient
    2016-02-18 15:30 - 2016-02-18 15:30 - 00001717 _____ C:\Users\Public\Desktop\Craft The World.lnk
    2016-02-18 15:30 - 2016-02-18 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2016-02-18 15:29 - 2016-02-18 15:29 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\dekovir
    2016-02-17 14:09 - 2016-02-17 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-02-15 19:35 - 2016-02-15 19:44 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\CDisplayEx
    2016-02-15 19:35 - 2016-02-15 19:35 - 00000836 _____ C:\Users\Ivan\Desktop\CDisplayEx.lnk
    2016-02-15 19:35 - 2016-02-15 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
    2016-02-15 19:35 - 2016-02-15 19:35 - 00000000 ____D C:\Program Files\CDisplayEx
    2016-02-15 19:34 - 2016-03-06 06:35 - 00000000 ___RD C:\Users\Ivan\Dropbox
    2016-02-15 19:34 - 2016-02-15 19:34 - 00001230 _____ C:\Users\Ivan\Desktop\Dropbox.lnk
    2016-02-15 19:32 - 2016-02-15 19:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Dropbox
    2016-02-15 19:31 - 2016-03-06 17:36 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2016-02-15 19:31 - 2016-03-06 06:35 - 00000000 ____D C:\Users\Ivan\AppData\Local\Dropbox
    2016-02-15 19:31 - 2016-03-06 06:34 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2016-02-15 19:31 - 2016-02-17 14:09 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-02-15 19:31 - 2016-02-15 19:31 - 00003900 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
    2016-02-15 19:31 - 2016-02-15 19:31 - 00003648 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
    2016-02-15 19:31 - 2016-02-15 19:31 - 00000000 ____D C:\ProgramData\Dropbox
    2016-02-14 07:21 - 2016-02-14 07:22 - 00000000 ____D C:\Users\Ivan\Desktop\Tor Browser
    2016-02-14 06:59 - 2016-02-14 06:59 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
    2016-02-13 22:50 - 2016-03-05 20:12 - 00000000 ___SD C:\Users\Ivan\AppData\LocalLow\Temp
    2016-02-10 06:50 - 2016-02-10 06:50 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
    2016-02-10 06:49 - 2016-02-14 06:59 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
    2016-02-10 06:49 - 2016-02-14 06:59 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
    2016-02-10 06:49 - 2016-02-10 06:49 - 00001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2016-02-10 06:49 - 2016-02-10 06:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    2016-02-05 10:47 - 2016-02-05 10:47 - 00000000 ____D C:\Users\Ivan\AppData\Local\CAPCOM
    2016-02-05 10:37 - 2016-02-05 10:37 - 00001106 _____ C:\Users\Ivan\Desktop\Dragons Dogma Dark Arisen.lnk
    2016-02-05 10:37 - 2016-02-05 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen
    2016-02-05 10:19 - 2016-02-05 10:47 - 00000000 ____D C:\Program Files (x86)\Dragons Dogma Dark Arisen

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-06 17:46 - 2015-08-16 15:24 - 00000000 ____D C:\FRST
    2016-03-06 17:46 - 2015-08-12 15:41 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Skype
    2016-03-06 17:45 - 2015-08-11 19:19 - 00000000 ____D C:\Users\Ivan\Desktop\Random Downloads
    2016-03-06 17:39 - 2015-10-12 05:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\Battle.net
    2016-03-06 17:12 - 2015-08-09 18:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-06 15:12 - 2015-08-09 18:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-06 14:09 - 2015-08-09 19:02 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-03-06 09:42 - 2015-10-12 05:34 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2016-03-06 09:40 - 2015-10-12 05:31 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-03-06 06:41 - 2009-07-13 23:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-03-06 06:41 - 2009-07-13 23:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-03-06 06:34 - 2015-08-09 18:40 - 00000000 ____D C:\Users\Ivan
    2016-03-06 06:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-03-05 20:12 - 2015-08-12 17:25 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
    2016-02-28 07:29 - 2009-07-14 00:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-02-21 21:24 - 2015-08-12 15:41 - 00000000 ____D C:\ProgramData\Skype
    2016-02-20 09:02 - 2015-08-12 17:20 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\HandBrake
    2016-02-20 06:44 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-02-20 06:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-02-19 19:14 - 2015-08-09 18:43 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-18 15:30 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-02-18 15:29 - 2015-07-05 08:02 - 00000000 ____D C:\GOG Games
    2016-02-05 10:17 - 2016-01-16 17:15 - 00000000 ____D C:\Users\Ivan\Documents\NCSOFT
    2016-02-05 10:17 - 2015-10-08 19:20 - 00000000 ____D C:\Program Files (x86)\NCSOFT
    2016-02-05 10:17 - 2015-10-08 19:19 - 00000000 ____D C:\Users\Ivan\AppData\Local\NCSOFT

    ==================== Files in the root of some directories =======

    2015-11-16 17:19 - 2015-11-16 17:32 - 0000308 _____ () C:\Users\Ivan\AppData\Roaming\Rim.Desktop.Exception.log
    2015-11-16 17:18 - 2015-11-16 17:49 - 0002021 _____ () C:\Users\Ivan\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2015-11-16 17:19 - 2015-11-16 17:32 - 0000308 _____ () C:\Users\Ivan\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2015-10-02 15:15 - 2015-10-02 15:15 - 0001588 _____ () C:\Users\Ivan\AppData\Roaming\SpeedRunnersLog.txt

    Some files in TEMP:
    ====================
    C:\Users\Ivan\AppData\Local\Temp\bitool.dll
    C:\Users\Ivan\AppData\Local\Temp\DAEMON Tools Lite.exe
    C:\Users\Ivan\AppData\Local\Temp\dt_CA33.tmp.exe
    C:\Users\Ivan\AppData\Local\Temp\jre-8u66-windows-au.exe
    C:\Users\Ivan\AppData\Local\Temp\jre-8u73-windows-au.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-28 10:58

    ==================== End of FRST.txt ============================
     
  2. Gibsonian

    Gibsonian TS Rookie Topic Starter Posts: 75

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Ivan (2016-03-06 17:47:22)
    Running from C:\Users\Ivan\Desktop
    Windows 7 Ultimate (X64) (2015-08-09 23:40:53)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1872521961-1581501611-3650484097-500 - Administrator - Disabled)
    Guest (S-1-5-21-1872521961-1581501611-3650484097-501 - Limited - Disabled)
    Ivan (S-1-5-21-1872521961-1581501611-3650484097-1000 - Administrator - Enabled) => C:\Users\Ivan

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Sunbelt VIPRE (Enabled - Up to date) {BE5DD172-7F42-7948-1A60-E6A720288F81}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Sunbelt VIPRE (Enabled - Up to date) {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    FW: Sunbelt VIPRE (Disabled) {86665057-352D-7810-313F-4F92DEFBC8FA}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1872521961-1581501611-3650484097-1000\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Assassin's Creed Syndicate (HKLM-x32\...\Uplay Install 1875) (Version: 1.31 - Ubisoft)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.0.834 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Batman™: Arkham Knight (HKLM-x32\...\Steam App 208650) (Version: - Rocksteady Studios)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    calibre (HKLM-x32\...\{EEFFE01E-F594-42EE-815D-50B8A17985B7}) (Version: 2.49.0 - Kovid Goyal)
    CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
    Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
    Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
    Craft The World (HKLM-x32\...\1443622961_is1) (Version: 2.0.0.3 - GOG.com)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0115 - Disc Soft Ltd)
    Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
    Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
    Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
    Dragons Dogma Dark Arisen (HKLM-x32\...\Dragons Dogma Dark Arisen_is1) (Version: - )
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.35.3 - Dropbox, Inc.) Hidden
    Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
    Fleet Operations version 3.2.7 (HKLM-x32\...\{F00C56DC-3121-42BC-A4CB-9233D2265EB5}_is1) (Version: 3.2.7 - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
    HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
    iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
    ManyCam 3.1.60 (HKLM-x32\...\ManyCam) (Version: 3.1.60 - ManyCam LLC)
    Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
    NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
    NVIDIA Graphics Driver 359.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.00 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
    Perfect Uninstaller v6.3.4.0 (HKLM\...\Perfect Uninstaller_is1) (Version: - www.PerfectUninstaller.net)
    Planetbase (HKLM-x32\...\{582CC591-D575-4D2B-B683-031225AEDB83}_is1) (Version: 1.0.1 - Madruga Works)
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
    SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
    Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
    Uplay (HKLM-x32\...\Uplay) (Version: 10.0 - Ubisoft)
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    VIPRE Antivirus Premium (HKLM-x32\...\{2305B203-951F-4D88-B366-6E86F524390D}) (Version: 4.0.3904 - Sunbelt Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {039E829E-324B-4367-8A04-58A6A8975885} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {6D923517-56A9-4EE3-9EC3-B073C39057E0} - System32\Tasks\SteamClient => C:\Users\Ivan\AppData\Roaming\Steam\SteamHelper.exe [2015-10-09] (Valve Corporation ) <==== ATTENTION
    Task: {7A6452B6-AE8A-4AAB-A22A-66B122B9E282} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
    Task: {81F4236B-5BD4-4685-9EC8-287F431B2147} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
    Task: {C0802862-BFEE-49F9-9504-3EBB024E98BD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-15] (Dropbox, Inc.)
    Task: {E6B81D48-EE51-457E-B113-2FFCC84C06B2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-15] (Dropbox, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-11-22 08:22 - 2015-11-14 01:06 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-27 06:07 - 2009-05-07 15:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
    2015-09-27 06:07 - 2009-05-07 15:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
    2015-09-27 06:07 - 2008-01-18 14:50 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
    2015-09-27 06:07 - 2009-10-28 09:26 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
    2015-12-30 20:23 - 2015-12-08 20:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2005-12-22 16:28 - 2005-12-22 16:28 - 00160768 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\unrar.dll
    2015-08-09 18:50 - 2015-12-08 20:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-08-09 19:03 - 2015-12-15 00:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-08-09 19:03 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-08-09 19:03 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-08-09 19:03 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-08-09 19:03 - 2016-02-04 16:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-08-09 19:03 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-08-09 19:03 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-08-09 19:03 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-08-09 19:03 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-08-09 19:03 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-08-09 19:03 - 2016-02-04 16:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2015-08-09 19:03 - 2015-12-29 20:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
    2016-02-15 19:33 - 2016-01-12 13:44 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2016-02-17 14:09 - 2016-01-12 13:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2016-02-17 14:09 - 2016-01-12 13:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2016-02-15 19:33 - 2016-01-12 13:44 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2016-02-15 19:33 - 2016-01-12 13:44 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2016-02-15 19:33 - 2016-01-12 13:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-02-17 14:09 - 2016-01-12 13:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2016-02-15 19:33 - 2016-02-16 13:39 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-02-15 19:33 - 2016-01-12 13:44 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2016-02-17 14:09 - 2016-02-16 13:38 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2016-02-15 19:33 - 2016-01-12 13:45 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2016-02-17 14:09 - 2016-02-16 13:38 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2016-02-17 14:09 - 2016-02-16 13:38 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2016-02-17 14:09 - 2016-01-12 13:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2016-02-15 19:33 - 2016-01-12 13:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2016-02-15 19:33 - 2016-01-12 13:47 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2016-02-15 19:33 - 2016-01-12 13:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
    2016-02-15 19:33 - 2016-01-12 13:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2016-02-15 19:33 - 2016-01-12 13:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2016-02-15 19:33 - 2016-01-12 13:47 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2016-02-15 19:33 - 2016-01-12 13:47 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2016-02-15 19:33 - 2016-01-12 13:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2016-02-15 19:33 - 2016-01-12 13:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-02-15 19:33 - 2016-01-12 13:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2016-02-15 19:33 - 2016-01-12 13:47 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2016-02-17 14:09 - 2016-02-16 13:38 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2016-02-17 14:09 - 2016-01-12 13:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2016-02-15 19:33 - 2016-02-16 13:39 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-02-15 19:33 - 2016-01-12 13:44 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
    2016-02-17 14:09 - 2016-01-12 13:44 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2016-02-17 14:09 - 2016-01-12 13:45 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
    2016-02-17 14:09 - 2016-02-16 13:38 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2016-02-15 19:33 - 2016-01-12 13:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2016-02-15 19:33 - 2016-02-16 13:39 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-02-17 14:09 - 2016-02-16 13:39 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2016-02-15 19:33 - 2016-01-12 13:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2016-02-17 14:09 - 2016-01-12 13:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2016-02-17 14:09 - 2016-01-12 13:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2016-02-15 19:33 - 2016-02-16 13:39 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2016-02-17 14:09 - 2016-02-16 13:39 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2016-02-15 19:33 - 2016-01-12 13:52 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-08-09 19:03 - 2016-01-05 20:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2010-07-15 15:46 - 2010-07-15 15:46 - 00300368 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Vipre.dll
    2015-08-11 20:04 - 2015-06-26 02:13 - 00184184 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libBase64.dll
    2015-08-11 20:04 - 2015-06-26 02:13 - 00175992 _____ () C:\Program Files (x86)\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll
    2015-08-09 19:03 - 2015-09-24 18:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\libcef.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\libGLESv2.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\ortp.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00909312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\platforms\qwindows.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\libEGL.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qgif.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qico.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qjpeg.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qmng.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qsvg.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\imageformats\qtiff.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\qml\QtQuick.2\qtquick2plugin.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
    2016-01-28 16:18 - 2016-01-28 16:18 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.6734\qml\QtQml\Models.2\modelsplugin.dll
    2015-12-30 15:38 - 2015-12-30 15:38 - 23950848 _____ () C:\Program Files (x86)\World of Warcraft\Utils\libcef.dll
    2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-05-15 15:27 - 2015-05-15 15:27 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
    2013-09-29 20:39 - 2013-09-29 20:39 - 01241088 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
    2013-09-29 20:39 - 2013-09-29 20:39 - 02010624 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
    2016-02-19 19:14 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
    2016-02-19 19:14 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
    2016-02-19 19:14 - 2016-02-17 23:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-08-18 10:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1872521961-1581501611-3650484097-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 64.71.255.204 - 64.71.255.198
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{77C3F7C8-566F-4915-BDEE-816E1AA636EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{5B444AA6-3235-42AD-B3F7-4D2F501B2830}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{3737BAC2-27EE-4D0E-9191-19362708F114}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{64B55FBD-088C-4537-99ED-1D18A12D1092}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{D0024CC5-84ED-47FE-969D-D904A9E5D6FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{5DF0C0FE-6336-4B15-B705-2CBE371DDE22}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{6891B9EA-0C2B-4935-8992-9BB72076370E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9ED0277A-178C-4016-A124-B8B05EB77236}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{39FE13DE-2C83-44D5-B8A4-CCBD74370F51}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{6BEE1206-EBC9-460B-B274-F43EBB0F119D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{4506A9F4-7F9D-4448-AAE8-69F8867DD85E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{CAEB6194-F39C-43F9-8A57-A6E3B82E5CFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
    FirewallRules: [{C7915A99-5DEB-4E1C-ADED-B038C0016628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe
    FirewallRules: [{4E3B7778-AFBD-4FE5-8F2B-3DD7F1ACE951}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{579A7777-10B3-44ED-8E8C-A81BC7D30B68}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DFB9EC26-626C-4585-A6A3-CD15AA502F3F}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{9EC8093F-4643-4467-B478-1ADD4EE0BB57}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{926265A9-DE05-4ED4-AA6E-76F06F313A99}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F47025E9-8F5F-4B55-B9D4-461E9328547B}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{7B17B998-52BD-40DE-B45D-73A746ED1D84}] => (Allow) C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{C3A8DD37-46EC-4FDE-B585-D6D2DAF97812}C:\program files (x86)\activision\star trek armada ii fleet operations\data\armada2.exe] => (Allow) C:\program files (x86)\activision\star trek armada ii fleet operations\data\armada2.exe
    FirewallRules: [UDP Query User{C9DA70C6-0619-4584-B88B-87D69C26B7E8}C:\program files (x86)\activision\star trek armada ii fleet operations\data\armada2.exe] => (Allow) C:\program files (x86)\activision\star trek armada ii fleet operations\data\armada2.exe
    FirewallRules: [TCP Query User{6B27A5BE-476B-4B9B-B78E-F2E21AF5F626}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
    FirewallRules: [UDP Query User{E19E4EBC-0DDD-4979-9580-E34888C1B11E}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
    FirewallRules: [{22B5CD31-C850-4299-AD3D-8889B9C86A6F}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
    FirewallRules: [{A4F99B71-203B-4535-99DF-966BBDE3B4FF}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
    FirewallRules: [{5F3EDB38-4C4D-4E74-B5BB-96E954C0BB01}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F0180A66-560D-487E-8B39-189CB57D85DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1E9781CF-DE8A-42AB-A749-B871B172A35E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4C983FEF-C36E-4534-80E3-F80DBB1589C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{18AA80C4-92FD-48EF-AFB4-A2E965AE0E20}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
    FirewallRules: [{DC161226-9D27-4BBC-93A1-C7DC3F8049FC}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rainbow Six Siege - Closed Beta\RainbowSix.exe
    FirewallRules: [{314D8608-113B-49C2-B405-CBE2C89A9A66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{9A28C98F-E0D1-44CC-9198-7F6C0B29FF04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{BA01B37E-02D6-4C45-A3C4-FF20B6B7E43F}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [{6AA71889-C291-47C1-AA02-8EB41BA1B3F7}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
    FirewallRules: [{9E0E9187-7A91-47E5-B0EA-6E9658040105}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{B9648AFF-7320-45A1-98E7-E2AF64942E43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{D9A18BBA-56EB-4877-835A-45D1720A8279}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{B3D786C9-BAD6-4F3C-8F78-9CDEA57C2A93}] => (Allow) LPort=2869
    FirewallRules: [{5493DE1B-EBF7-47A3-BC27-18D0F6F67CD7}] => (Allow) LPort=1900
    FirewallRules: [{D0158807-C48E-498F-B285-4BAE245FADB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{55324294-94B1-4F82-BE53-D103E8C42E27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
    FirewallRules: [{779FC76D-DAB7-48C4-819B-6F4F5F94B340}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{CC4E2F2E-3C54-4422-82F4-8E6DCCBB6611}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Syndicate\ACS.exe
    FirewallRules: [TCP Query User{CA9136E0-D477-4176-9FD5-95E8EA9F2656}C:\users\ivan\appdata\local\temp\rar$exa0.383\airplayer\airplayer.exe] => (Allow) C:\users\ivan\appdata\local\temp\rar$exa0.383\airplayer\airplayer.exe
    FirewallRules: [UDP Query User{79586FEE-E133-46B2-B214-29ABE15F843B}C:\users\ivan\appdata\local\temp\rar$exa0.383\airplayer\airplayer.exe] => (Allow) C:\users\ivan\appdata\local\temp\rar$exa0.383\airplayer\airplayer.exe
    FirewallRules: [TCP Query User{1FBBF380-A6AB-4AAE-B877-15039EEDC40F}C:\users\ivan\appdata\local\temp\rar$exa0.203\airplayer\airplayer.exe] => (Allow) C:\users\ivan\appdata\local\temp\rar$exa0.203\airplayer\airplayer.exe
    FirewallRules: [UDP Query User{211773BE-F961-4002-BD88-BD388E9160DC}C:\users\ivan\appdata\local\temp\rar$exa0.203\airplayer\airplayer.exe] => (Allow) C:\users\ivan\appdata\local\temp\rar$exa0.203\airplayer\airplayer.exe
    FirewallRules: [TCP Query User{AD0BFB49-E9FC-4E07-BA34-49674913AA57}C:\users\ivan\desktop\random downloads\airplayer.exe] => (Allow) C:\users\ivan\desktop\random downloads\airplayer.exe
    FirewallRules: [UDP Query User{1D095C69-DE9A-44F1-8602-D9429284AC03}C:\users\ivan\desktop\random downloads\airplayer.exe] => (Allow) C:\users\ivan\desktop\random downloads\airplayer.exe
    FirewallRules: [{ED99918F-78D2-4E11-9F77-35F71C5936C8}] => (Allow) C:\Program Files (x86)\Planetbase\steam_api64.exe
    FirewallRules: [{3288C6F7-5AF9-4AA0-AF3D-2F4897AC6E95}] => (Allow) C:\Program Files (x86)\Planetbase\steam_api64.exe
    FirewallRules: [{139D3052-DC91-4685-A115-0C0303B2CA57}] => (Block) %ProgramFiles%\MPC-HC\mpc-hc64.exe
    FirewallRules: [{8036C0C7-792D-44E8-8A7F-FED2160FFE53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
    FirewallRules: [{8CF277BB-6BAE-4C61-AB4D-BDECBEA445CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
    FirewallRules: [{57EDCD80-5F6E-413A-845D-52031E93912B}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
    FirewallRules: [{D9749F24-93B0-4BA5-AD76-52BE56B14A88}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
    FirewallRules: [{2022A23F-58EE-4C05-934D-3A3014BC6229}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{BBEED5AF-30A0-4DA6-9ABD-A83604C3FC37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{F3334551-E9F3-4322-B9D1-563E91364C39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{E0FC0620-CEDC-45D0-B1F1-E2B5CB06A373}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
    FirewallRules: [{B84D4164-CC7D-4143-A950-D73BE197B1FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{B06D84D2-B57F-4F64-AD9D-E4CAD6F831C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{7571E3B4-04C1-4409-B6CF-7A05AE913BF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{EFE6EB8A-A9BF-4015-9D6E-7C3978DBCCCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe

    ==================== Restore Points =========================

    24-02-2016 18:05:07 Scheduled Checkpoint
    03-03-2016 18:40:31 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Network Controller
    Description: Network Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/06/2016 11:30:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(c8:85:50:26:e1:1e@fe80::ca85:50ff:fe26:e11e._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (03/05/2016 12:34:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(c8:85:50:26:e1:1e@fe80::ca85:50ff:fe26:e11e._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/28/2016 06:49:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(c8:85:50:26:e1:1e@fe80::ca85:50ff:fe26:e11e._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/27/2016 12:03:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(78639E5639951FB4._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/27/2016 12:02:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(c8:85:50:26:e1:1e@fe80::ca85:50ff:fe26:e11e._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/22/2016 08:53:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(78639E5639951FB4._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/20/2016 06:14:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(78639E5639951FB4._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/20/2016 09:35:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(78639E5639951FB4._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/18/2016 08:07:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(78639E5639951FB4._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (02/18/2016 07:57:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(78639E5639951FB4._appletv-v2._tcp.local.) active for over two minutes. This places considerable burden on the network.


    System errors:
    =============
    Error: (02/24/2016 06:00:42 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (02/17/2016 02:07:39 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {96D1EED3-701E-4FE5-B996-A543A8465897}

    Error: (02/13/2016 09:58:53 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (02/06/2016 01:37:28 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (02/05/2016 10:34:33 AM) (Source: volsnap) (EventID: 25) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (02/05/2016 06:53:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    %%1053

    Error: (02/05/2016 06:53:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (02/03/2016 08:41:39 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (02/03/2016 06:44:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    %%1053

    Error: (02/03/2016 06:44:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


    CodeIntegrity:
    ===================================
    Date: 2015-12-11 20:08:42.312
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-11 20:08:42.312
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-11 20:08:42.292
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-11 20:08:42.282
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-11 20:08:42.272
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-18 11:15:31.414
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-08-18 11:15:31.414
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU K 875 @ 2.93GHz
    Percentage of memory in use: 86%
    Total physical RAM: 8189.05 MB
    Available physical RAM: 1081.69 MB
    Total Virtual: 16376.25 MB
    Available Virtual: 9062.01 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:26.51 GB) NTFS
    Drive d: (Media) (Fixed) (Total:1397.26 GB) (Free:80.21 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 402CC209)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: D106BE47)
    Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...