TechSpot

Sluggish, etc

By Ordog28
Oct 24, 2015
  1. Hi! I'm a fairly advanced user, can usually take care of these things myself. Not today though. Having some issues with thing getting very sluggish, etc.

    Here's my FRST.txt, 1st part:


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015
    Ran by Trent (administrator) on HELL-PC1 (24-10-2015 19:46:50)
    Running from C:\Users\Trent\Downloads
    Loaded Profiles: Trent (Available Profiles: Trent)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\Trent\Downloads\FRST64(1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{53F25C74-60CF-4759-939E-9FC7D98FA93A}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Homepage: hxxps://www.google.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3822528139-1650123135-726693888-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Trent\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-3822528139-1650123135-726693888-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Trent\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
    FF Plugin HKU\S-1-5-21-3822528139-1650123135-726693888-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Trent\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\searchplugins\amazon-search-suggestions.xml [2014-06-21]
    FF SearchPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\searchplugins\bookfindercom.xml [2015-10-17]
    FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\Extensions\artur.dubovoy@gmail.com [2015-09-24]
    FF Extension: Adblock Plus - C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
    FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt => not found

    Chrome:
    =======
    CHR Profile: C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
    CHR Extension: (Google Docs) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
    CHR Extension: (Google Drive) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
    CHR Extension: (Google Search) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
    CHR Extension: (Google Sheets) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
    CHR Extension: (Gmail) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
    CHR HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
    S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
    S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
    R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
    S4 C7EE2EF2; C:\Windows\System32\drivers\C7EE2EF2.sys [478392 2015-09-25] (Kaspersky Lab ZAO)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-10-11] ()
    S4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-09] (Malwarebytes Corporation)
    S4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-09] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
    S4 SaiH0109; C:\Windows\System32\DRIVERS\SaiH0109.sys [171144 2007-05-01] (Saitek)
    S4 SaiH0160; C:\Windows\System32\DRIVERS\SaiH0160.sys [179584 2008-11-24] (Saitek)
    S4 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
    S4 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
    S4 SaiU0109; C:\Windows\System32\DRIVERS\SaiU0109.sys [34304 2007-05-01] (Saitek)
    S4 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-07-21] (wisecleaner.com)
    S4 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S4 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S4 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S4 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S4 NVHDA; system32\drivers\nvhda64v.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-24 19:46 - 2015-10-24 19:46 - 02196992 _____ (Farbar) C:\Users\Trent\Downloads\FRST64(1).exe
    2015-10-24 19:34 - 2015-10-24 19:34 - 00000112 _____ C:\Windows\setupact.log
    2015-10-24 19:34 - 2015-10-24 19:34 - 00000000 _____ C:\Windows\setuperr.log
    2015-10-24 18:58 - 2015-10-24 18:58 - 02196992 _____ (Farbar) C:\Users\Trent\Downloads\FRST64.exe
    2015-10-24 18:56 - 2015-10-24 18:56 - 06677440 _____ (Piriform Ltd) C:\Users\Trent\Downloads\ccsetup510.exe
    2015-10-24 18:55 - 2015-10-24 18:55 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-10-24 16:42 - 2015-10-24 16:44 - 00000000 ____D C:\Users\Trent\AppData\Local\2Browse
    2015-10-24 14:03 - 2015-10-24 14:10 - 00000000 ____D C:\ProgramData\UVK
    2015-10-24 14:03 - 2015-10-24 14:03 - 00001806 _____ C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
    2015-10-24 13:08 - 2015-10-24 18:19 - 00000000 ___RD C:\Users\Trent\Google Drive
    2015-10-24 13:08 - 2015-10-24 13:08 - 00001695 _____ C:\Users\Trent\Desktop\Google Drive.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-10-24 13:04 - 2015-10-24 13:04 - 00929872 _____ (Google Inc.) C:\Users\Trent\Downloads\googledrivesync.exe
    2015-10-24 13:04 - 2015-10-24 13:04 - 00929872 _____ (Google Inc.) C:\Users\Trent\Downloads\googledrivesync (2).exe
    2015-10-24 13:04 - 2015-10-24 13:04 - 00929872 _____ (Google Inc.) C:\Users\Trent\Downloads\googledrivesync (1).exe
    2015-10-24 04:37 - 2015-10-24 13:10 - 00000000 ____D C:\Users\Trent\Desktop\New folder (2)
    2015-10-24 04:16 - 2015-10-24 04:16 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-24 04:16 - 2015-10-24 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-10-24 04:15 - 2015-10-24 19:20 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-24 04:15 - 2015-10-24 18:18 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-24 04:15 - 2015-10-24 04:15 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-10-24 04:15 - 2015-10-24 04:15 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-10-24 04:14 - 2015-10-24 13:05 - 00000000 ____D C:\Users\Trent\AppData\Local\Google
    2015-10-24 04:14 - 2015-10-24 13:05 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-24 04:14 - 2015-10-24 04:14 - 00929872 _____ (Google Inc.) C:\Users\Trent\Downloads\ChromeSetup.exe
    2015-10-24 04:07 - 2015-10-24 04:39 - 00000000 ____D C:\Users\Trent\AppData\Local\Apple Inc
    2015-10-24 03:46 - 2015-10-24 03:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-10-24 03:38 - 2015-10-24 03:41 - 125138200 _____ (Apple Inc.) C:\Users\Trent\Downloads\icloudsetup.exe
    2015-10-24 01:14 - 2015-10-24 01:14 - 00398732 _____ C:\Users\Trent\Desktop\Letters to the Editor April 2, 2013 _ Letters to the Editor _ North Bay Bohemian.htm
    2015-10-24 01:14 - 2015-10-24 01:14 - 00000000 ____D C:\Users\Trent\Desktop\Letters to the Editor April 2, 2013 _ Letters to the Editor _ North Bay Bohemian_files
    2015-10-23 03:15 - 2015-10-24 02:22 - 00000213 _____ C:\Users\Trent\Desktop\october23.txt
    2015-10-22 00:52 - 2015-10-22 00:52 - 00784679 _____ C:\Users\Trent\Desktop\These Florida Tea Partiers plan to set up a secret vigilante court to arrest — and possibly execute — Obama.htm
    2015-10-22 00:52 - 2015-10-22 00:52 - 00000000 ____D C:\Users\Trent\Desktop\These Florida Tea Partiers plan to set up a secret vigilante court to arrest — and possibly execute — Obama_files
    2015-10-20 13:21 - 2015-10-20 13:21 - 00097114 _____ C:\Users\Trent\Desktop\Transaction History.htm
    2015-10-20 13:21 - 2015-10-20 13:21 - 00000000 ____D C:\Users\Trent\Desktop\Transaction History_files
    2015-10-20 00:07 - 2015-10-20 00:07 - 00014658 _____ C:\Users\Trent\Desktop\A. Lorene Mullins - Springfield, Missouri (MO) _ Crestleaf.htm
    2015-10-20 00:07 - 2015-10-20 00:07 - 00000000 ____D C:\Users\Trent\Desktop\A. Lorene Mullins - Springfield, Missouri (MO) _ Crestleaf_files
    2015-10-19 00:24 - 2015-10-19 00:24 - 00221428 _____ C:\Users\Trent\Desktop\Virus and Malware Removal - TechSpot Forums.htm
    2015-10-19 00:24 - 2015-10-19 00:24 - 00000000 ____D C:\Users\Trent\Desktop\Virus and Malware Removal - TechSpot Forums_files
    2015-10-19 00:21 - 2015-10-19 00:21 - 00293222 _____ C:\Users\Trent\Desktop\Speed Up Windows 7 - Ultimate Tweaks For a Blazing Fast Windows 7.htm
    2015-10-19 00:21 - 2015-10-19 00:21 - 00000000 ____D C:\Users\Trent\Desktop\Speed Up Windows 7 - Ultimate Tweaks For a Blazing Fast Windows 7_files
    2015-10-18 23:06 - 2015-10-18 23:06 - 00045259 _____ C:\Users\Trent\Desktop\Disable Visual Effects in Windows for Better Performance.htm
    2015-10-18 23:06 - 2015-10-18 23:06 - 00000000 ____D C:\Users\Trent\Desktop\Disable Visual Effects in Windows for Better Performance_files
    2015-10-18 22:00 - 2015-10-19 01:50 - 00000000 ____D C:\Users\Trent\Desktop\New folder
    2015-10-18 21:59 - 2015-10-18 21:59 - 02037177 _____ C:\Users\Trent\Downloads\taskfree.zip
    2015-10-18 21:04 - 2015-10-18 20:55 - 07303271 _____ C:\Users\Trent\Desktop\CBS.log
    2015-10-18 19:23 - 2015-10-18 19:23 - 00000844 _____ C:\Users\Trent\Desktop\JRT.txt
    2015-10-18 18:53 - 2015-10-18 18:53 - 00000513 _____ C:\Users\Trent\Desktop\jhjhjhjh.txt
    2015-10-18 14:12 - 2015-10-18 14:12 - 00000000 ____D C:\Users\Trent\Desktop\Fix Today
    2015-10-18 00:49 - 2015-10-18 00:52 - 56755032 _____ C:\Users\Trent\Desktop\test.mp4
    2015-10-17 20:03 - 2015-10-17 20:03 - 00000034 _____ C:\Users\Trent\Desktop\fggfgfgfgf.txt
    2015-10-16 23:14 - 2015-10-16 23:14 - 00289503 _____ C:\Users\Trent\Desktop\Folk Art _ Skinner Auctioneers.htm
    2015-10-16 23:14 - 2015-10-16 23:14 - 00000000 ____D C:\Users\Trent\Desktop\Folk Art _ Skinner Auctioneers_files
    2015-10-16 01:57 - 2015-10-16 01:58 - 00000000 ____D C:\Users\Trent\Downloads\bootkit_remover
    2015-10-16 01:56 - 2015-10-16 01:56 - 00044607 _____ C:\Users\Trent\Downloads\bootkit_remover.zip
    2015-10-16 00:55 - 2015-10-16 00:55 - 01801288 _____ (Malwarebytes) C:\Users\Trent\Desktop\JRT(2).exe
    2015-10-16 00:55 - 2015-10-16 00:54 - 05636101 ____R (Swearware) C:\Users\Trent\Desktop\ComboFix.exe
    2015-10-16 00:42 - 2015-10-18 19:15 - 00004566 _____ C:\Users\Trent\Desktop\Rkill.txt
    2015-10-16 00:26 - 2015-10-16 00:27 - 00045382 _____ C:\Users\Trent\Downloads\Addition.txt
    2015-10-16 00:24 - 2015-10-24 19:46 - 00015105 _____ C:\Users\Trent\Downloads\FRST.txt
    2015-10-16 00:19 - 2015-10-16 00:20 - 00000000 ____D C:\Users\Trent\Desktop\New folder (9)
    2015-10-16 00:19 - 2015-10-16 00:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Trent\Desktop\rkill(1).exe
    2015-10-15 23:58 - 2015-10-15 23:58 - 00380416 _____ C:\Users\Trent\Desktop\9y2q50pm.exe
    2015-10-15 20:57 - 2015-10-15 21:00 - 00005517 _____ C:\Users\Trent\Downloads\hijackthis.log
    2015-10-15 00:34 - 2015-10-15 00:35 - 11336600 _____ (SurfRight B.V.) C:\Users\Trent\Desktop\HitmanPro_x64.exe
    2015-10-14 22:17 - 2015-10-14 22:17 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
    2015-10-14 21:59 - 2012-08-03 00:27 - 02993296 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
    2015-10-14 21:59 - 2012-08-03 00:27 - 02206352 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
    2015-10-14 21:59 - 2012-08-03 00:27 - 00681104 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
    2015-10-14 21:40 - 2015-10-14 21:40 - 00000022 _____ C:\Users\Trent\Downloads\Autoruns.zip
    2015-10-14 21:40 - 2015-10-14 21:40 - 00000000 ____D C:\Auto
    2015-10-13 18:41 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-13 18:41 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-13 18:41 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-13 18:41 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-13 18:41 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-13 18:41 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-13 18:41 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-13 18:41 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-13 18:41 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-13 18:41 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-13 18:41 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-13 18:41 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-13 18:41 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
     
  2. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    2015-10-13 18:41 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-13 18:41 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-13 18:41 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-13 18:41 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-13 18:41 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-13 18:41 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-13 18:41 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-13 18:41 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-13 18:41 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-13 18:41 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-13 18:41 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-13 18:41 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-13 18:41 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-13 18:41 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-13 18:41 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-13 18:41 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-13 18:40 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-13 18:40 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-13 18:40 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-13 18:40 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-13 18:40 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-13 18:40 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-13 18:40 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-13 18:40 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-13 18:40 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-13 18:40 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-13 18:40 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-13 18:40 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-13 18:40 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-13 18:40 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-13 18:40 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-13 18:40 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-13 18:40 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-13 18:40 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-13 18:40 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-13 18:40 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-13 18:40 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-13 18:40 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-13 18:40 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-13 18:40 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-13 18:40 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-13 18:40 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-13 18:40 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-13 18:40 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-13 18:40 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-13 18:40 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-13 18:40 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-13 18:40 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-13 18:40 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-13 18:40 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-13 18:40 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-13 18:40 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-13 18:40 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-13 18:40 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-13 18:40 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-13 18:40 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-13 18:40 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-13 18:40 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-13 18:40 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-13 18:40 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-13 18:40 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-13 18:40 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-13 18:40 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-13 18:40 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-13 18:40 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-13 18:40 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-13 18:40 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-13 18:40 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-13 18:40 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-13 18:40 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-13 18:40 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-13 18:40 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-13 18:40 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-13 18:40 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-13 18:40 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-13 18:40 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-13 18:40 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-13 18:40 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-13 18:40 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-13 18:40 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-13 18:40 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-13 18:40 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-13 18:40 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-13 18:40 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-13 18:40 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-13 18:40 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-13 18:40 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-13 18:40 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-13 18:40 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-13 18:40 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-13 18:40 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-13 18:40 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-11 14:37 - 2015-10-11 14:34 - 04000126 _____ C:\Users\Trent\Desktop\CBS (3).log
    2015-10-11 01:23 - 2015-10-12 15:43 - 00000868 _____ C:\Users\Trent\Desktop\FreeFixer.lnk
    2015-10-11 01:17 - 2015-10-11 01:17 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
    2015-10-11 01:09 - 2015-10-11 14:58 - 00000000 ____D C:\Users\Trent\AppData\Local\FreeFixer
    2015-10-11 01:09 - 2015-10-11 05:23 - 00000000 ____D C:\Users\Trent\AppData\Roaming\FreeFixer
    2015-10-11 01:09 - 2015-10-11 01:09 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
    2015-10-11 01:09 - 2015-10-11 01:09 - 00000000 ____D C:\Program Files\FreeFixer
    2015-10-10 04:07 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 17395512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 15716648 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 12769408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-10-10 04:07 - 2015-10-03 00:06 - 03573832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 03154104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-10-10 03:25 - 2015-10-24 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
    2015-10-10 03:18 - 2015-10-14 22:14 - 00000000 ____D C:\Users\Trent\Desktop\New folder (6)
    2015-10-10 03:03 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-10 03:03 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-10 03:03 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-10 03:03 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-10 03:03 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-10 03:03 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-10 03:03 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-10 03:03 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-10 03:03 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-04 22:09 - 2015-10-04 22:09 - 00000000 ____D C:\Users\Trent\AppData\Roaming\HD Tune Pro
    2015-10-04 22:09 - 2015-10-04 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
    2015-10-04 22:09 - 2015-10-04 22:09 - 00000000 ____D C:\Program Files (x86)\HD Tune Pro
    2015-10-04 18:56 - 2015-10-04 23:26 - 00000000 ____D C:\Users\Trent\AppData\Roaming\gsmartcontrol
    2015-10-02 21:55 - 2015-10-02 21:55 - 00005216 _____ C:\Users\Trent\AppData\Local\recently-used.xbel
    2015-09-27 17:45 - 2015-09-27 17:46 - 00023934 _____ C:\Users\Trent\Documents\Main052013BACKUP.kdbx
    2015-09-25 03:43 - 2015-09-25 03:43 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\C7EE2EF2.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-24 19:46 - 2014-05-10 15:23 - 00000000 ____D C:\FRST
    2015-10-24 19:29 - 2013-05-19 21:00 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-10-24 19:26 - 2013-05-22 00:35 - 00000000 ____D C:\Users\Trent\AppData\Local\CrashDumps
    2015-10-24 18:57 - 2015-07-21 16:52 - 00000000 ____D C:\Program Files\CCleaner
    2015-10-24 18:25 - 2009-07-13 23:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-24 18:25 - 2009-07-13 23:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-24 18:21 - 2015-07-21 17:46 - 01141398 ____N C:\Windows\WindowsUpdate.log
    2015-10-24 18:16 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-24 14:16 - 2013-11-05 15:11 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Dropbox
    2015-10-24 14:08 - 2014-03-14 21:48 - 00000000 ____D C:\Program Files (x86)\PDF Architect
    2015-10-24 14:03 - 2014-09-22 23:43 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer
    2015-10-24 13:59 - 2013-05-20 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    2015-10-24 13:55 - 2013-05-19 18:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-10-24 13:48 - 2015-06-02 23:47 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Apple Computer
    2015-10-24 13:48 - 2015-06-02 23:46 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-10-24 13:31 - 2013-05-20 16:57 - 00000000 ____D C:\Users\Trent\AppData\Roaming\KeePass
    2015-10-24 13:08 - 2013-05-19 18:00 - 00000000 ____D C:\Users\Trent
    2015-10-24 03:56 - 2013-05-20 21:15 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2015-10-24 03:48 - 2015-06-02 23:47 - 00000000 ____D C:\Users\Trent\AppData\Local\Apple Computer
    2015-10-24 03:46 - 2015-06-02 23:46 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-10-24 03:27 - 2013-05-19 23:56 - 00000000 ____D C:\Users\Trent\AppData\Roaming\vlc
    2015-10-24 02:43 - 2014-02-22 17:33 - 00000000 ____D C:\Users\Trent\Desktop\TV
    2015-10-22 01:51 - 2013-05-20 20:11 - 00024030 _____ C:\Users\Trent\Documents\Main052013.kdbx
    2015-10-19 04:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2015-10-19 01:54 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-10-19 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2015-10-19 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-10-18 19:24 - 2014-03-23 00:02 - 00000000 ____D C:\Qoobox
    2015-10-18 17:25 - 2013-11-06 00:58 - 00000000 ____D C:\Windows\pss
    2015-10-18 14:08 - 2013-07-14 20:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-10-18 13:37 - 2013-07-14 20:01 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-18 13:37 - 2013-05-19 18:30 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-18 13:37 - 2013-05-19 18:30 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-18 04:28 - 2014-05-11 13:53 - 00000000 ____D C:\Program Files (x86)\Trillian
    2015-10-18 00:48 - 2015-02-02 19:44 - 00051159 _____ C:\Users\Trent\Desktop\Br cke Die The Bridge (2008).720p.2008.en.srt
    2015-10-16 01:38 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
    2015-10-16 00:00 - 2013-05-19 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-10-15 23:59 - 2013-11-06 00:49 - 00000000 ____D C:\AdwCleaner
    2015-10-15 16:22 - 2014-07-23 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-10-14 22:17 - 2013-05-19 18:10 - 00000000 ____D C:\Program Files (x86)\VIA
    2015-10-14 05:53 - 2015-04-04 23:52 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-13 18:52 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-13 18:47 - 2013-05-19 19:47 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-13 18:42 - 2015-04-04 23:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-12 03:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-11 01:17 - 2013-05-20 21:15 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
    2015-10-11 01:06 - 2013-05-19 20:02 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
    2015-10-11 01:06 - 2013-05-19 19:14 - 00030528 _____ C:\Windows\GVTDrv64.sys
    2015-10-11 01:06 - 2013-05-19 19:14 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2015-10-10 04:08 - 2015-09-22 00:29 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-10-10 03:39 - 2013-05-19 18:16 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
    2015-10-10 03:31 - 2014-06-10 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2015-10-10 03:04 - 2015-04-15 03:20 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-10 03:04 - 2014-04-30 00:50 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-03 00:06 - 2015-09-22 00:27 - 00033507 _____ C:\Windows\system32\nvinfo.pb
    2015-10-02 21:55 - 2013-05-20 22:46 - 00000000 ____D C:\Users\Trent\.gimp-2.8
    2015-10-02 21:49 - 2015-09-22 00:29 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 02982520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2015-10-02 21:49 - 2015-09-22 00:29 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-10-01 20:29 - 2014-08-28 15:37 - 00000000 ____D C:\Users\Trent\AppData\Local\Adobe
    2015-10-01 04:33 - 2015-09-22 00:29 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
    2015-09-28 04:34 - 2013-05-19 23:19 - 00007619 _____ C:\Users\Trent\AppData\Local\Resmon.ResmonCfg
    2015-09-28 04:32 - 2013-05-19 20:33 - 00006656 _____ C:\Windows\system32\lpcio.dll
    2015-09-25 21:24 - 2013-05-23 12:52 - 00000000 ____D C:\Users\Trent\Documents\Turbo Lister Backup

    ==================== Files in the root of some directories =======

    2013-10-31 19:19 - 2013-10-31 19:19 - 0000037 ___SH () C:\Users\Trent\AppData\Local\70149b02515b3bb20dd492.47983420
    2013-06-18 20:00 - 2013-07-18 20:03 - 0893239 _____ () C:\Users\Trent\AppData\Local\a.zip
    2013-06-18 20:00 - 2013-07-18 20:03 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Trent\AppData\Local\BcsKtYcHW.dll
    2015-10-02 21:55 - 2015-10-02 21:55 - 0005216 _____ () C:\Users\Trent\AppData\Local\recently-used.xbel
    2013-05-19 23:19 - 2015-09-28 04:34 - 0007619 _____ () C:\Users\Trent\AppData\Local\Resmon.ResmonCfg
    2013-11-19 14:41 - 2013-11-19 14:41 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\Trent\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Trent\AppData\Local\Temp\sfareca00001.dll
    C:\Users\Trent\AppData\Local\Temp\UVK Setup.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-21 04:18

    ==================== End of FRST.txt ============================
     
  3. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    ADDITION.TXT:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-10-2015 01
    Ran by Trent (2015-10-16 00:26:50)
    Running from C:\Users\Trent\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) (2013-05-19 23:00:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3822528139-1650123135-726693888-500 - Administrator - Disabled)
    Guest (S-1-5-21-3822528139-1650123135-726693888-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3822528139-1650123135-726693888-1003 - Limited - Enabled)
    Trent (S-1-5-21-3822528139-1650123135-726693888-1000 - Administrator - Enabled) => C:\Users\Trent

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
    3CXPhone (HKLM-x32\...\{0DF8FA4D-299C-4250-9F09-C14E47E12224}) (Version: 4.0.26523.0 - 3CX)
    Abyss Odyssey (HKLM-x32\...\Steam App 255070) (Version: - ACE Team)
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Advanced Port Scanner v1.3 (HKLM-x32\...\Advanced Port Scanner v1.3) (Version: - )
    Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - )
    Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
    CPUID HWMonitor Pro 1.19 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
    Darkest Hour: A Hearts of Iron Game (HKLM-x32\...\Steam App 73170) (Version: - )
    Data Lifeguard Diagnostic for Windows 1.28 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    DiskCheckup v3.1 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.1.1007 - PassMark Software)
    Dropbox (HKU\S-1-5-21-3822528139-1650123135-726693888-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
    Endless Space (HKLM-x32\...\Steam App 208140) (Version: - Amplitude Studios)
    ET6 B15.0210.1 (HKLM-x32\...\InstallShield_{35D86AE6-EC16-4C56-8CE7-B85F0E5EFFA4}) (Version: 1.00.0000 - GIGABYTE)
    ET6 B15.0210.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
    Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
    Eudora (HKLM-x32\...\{7377A063-BCF1-40E1-86D9-312DA517776A}) (Version: 7.0 - )
    Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
    FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
    FileBot (HKLM\...\{0EF9BB7D-F610-47DE-9D05-5FD7494C0FD9}) (Version: 4.0 - Reinhard Pointner)
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
    FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Galactic Civilizations III (HKLM-x32\...\Steam App 226860) (Version: - Stardock Entertainment)
    Geneforge 5 (HKLM-x32\...\Steam App 201010) (Version: - Spiderweb Software)
    Genesis Rising (HKLM-x32\...\Genesis Rising_is1) (Version: 1.044 - DreamCatcher Interactive Inc.)
    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
    GnuCash 2.4.13 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
    Godus (HKLM-x32\...\Steam App 232810) (Version: - 22cans)
    Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version: - Positech Games)
    GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
    HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
    Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version: - )
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
    Kinetic Void (HKLM-x32\...\Steam App 227160) (Version: - Badland Studio)
    Kohan II: Kings of War (HKLM-x32\...\Steam App 97130) (Version: - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
    Lost Empire - Immortals (HKLM-x32\...\{A5CA4D22-AC18-4947-9314-595366411669}) (Version: 1.0.2 - Pollux Gamelabs)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 1.0 Refresh (HKLM-x32\...\{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}) (Version: 1.1.10405.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
    Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
    NAPS2 2.6.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
    NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
    PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
    PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
    PDF Merge (HKLM-x32\...\{50217A00-46B2-40E3-8664-5C93BFFA03B0}) (Version: 1.0.0 - Free PDF Soulutions)
    PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
    Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    smartmontools (HKLM-x32\...\smartmontools) (Version: 6.4 2015-06-04 r4109 (sf-6.4-1) - smartmontools.org)
    Solar 2 (HKLM-x32\...\Steam App 97000) (Version: - Murudai)
    Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - )
    Speccy (HKLM\...\Speccy) (Version: 1.21 - Piriform)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
    Stamps.com (x32 Version: 10.1.1.2456 - Stamps.com, Inc.) Hidden
    StarDrive (HKLM-x32\...\Steam App 220660) (Version: - Zero Sum Games)
    Starion Tactics (HKLM-x32\...\Steam App 312960) (Version: - Corncrow Games)
    Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version: - Little Green Men Games)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version: - Firefly Studios)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Last Federation (HKLM-x32\...\Steam App 273070) (Version: - Arcen Games, LLC)
    Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
    Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
    Unity of Command (HKLM-x32\...\Unity_of_Command) (Version: - )
    Unity Web Player (HKU\S-1-5-21-3822528139-1650123135-726693888-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    VT Hash Check 1.41 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.31 - Boredom Software)
    WinASO Registry Optimizer 4.8.7 (HKLM-x32\...\WinASO Registry Optimizer_is1) (Version: - X.M.Y International LLC)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    Wise Care 365 3.74 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.74 - WiseCleaner.com, Inc.)
    Wise Registry Cleaner 7.94 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 7.94 - WiseCleaner.com, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3822528139-1650123135-726693888-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Trent\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3822528139-1650123135-726693888-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Trent\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3822528139-1650123135-726693888-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Trent\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3822528139-1650123135-726693888-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Trent\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3822528139-1650123135-726693888-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Trent\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    13-10-2015 18:41:38 Windows Update
    14-10-2015 22:15:15 Installed Platform
    15-10-2015 17:37:10 Checkpoint by HitmanPro
    15-10-2015 17:45:56 Checkpoint by HitmanPro
    15-10-2015 17:55:09 Removed Free Webcam Recorder
    15-10-2015 17:57:12 Removed Document Express DjVu Plug-in

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-09-01 19:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3706CDB9-8770-498B-9B18-C359A51164BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
    Task: {850D76C4-4B7F-4FC8-AE95-BCF739B1855C} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
    Task: {92308677-A4CF-4A2A-89BF-838F85C69594} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-01] (Adobe Systems Incorporated)
    Task: {B6AFFC00-21DF-4760-9BC8-BC131497027A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
    Task: {FBC60D46-CF13-486A-A499-2906BCB2BF48} - System32\Tasks\{C6400B35-216E-4B70-BE81-8CFFC624A5BC} => pcalua.exe -a C:\Users\Trent\Desktop\SETUP.EXE -d C:\Users\Trent\Desktop

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-09-22 00:29 - 2015-10-02 21:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-10-14 22:17 - 2012-08-09 05:55 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
    2015-10-14 22:17 - 2012-08-09 05:55 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C7EE2EF2.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\C7EE2EF2.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: BstHdAndroidSvc => 2
    MSCONFIG\Services: BstHdLogRotatorSvc => 2
    MSCONFIG\Services: BstHdUpdaterSvc => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2
    MSCONFIG\Services: PDF Architect Helper Service => 2
    MSCONFIG\Services: PDF Architect Service => 2
    MSCONFIG\Services: rpcapd => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: TermService => 3
    MSCONFIG\Services: UmRdpService => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^3CXPhone for Windows.lnk => C:\Windows\pss\3CXPhone for Windows.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UV Realtime.lnk => C:\Windows\pss\UV Realtime.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Trent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Digital Coupon Print Driver => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
    MSCONFIG\startupreg: GUSDelayStartup => "C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe" -delayrun
    MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
    MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
    MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{E46F67B5-F17D-42D2-A51C-08F60D2C3386}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{508CD570-56EC-4C82-B388-E8853878908C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{4EDB3F82-6E28-491E-8524-964FE0072114}] => (Allow) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
    FirewallRules: [{3DDD59F3-C988-4B18-9003-949C6789703C}] => (Allow) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
    FirewallRules: [{E3F4599F-3B73-4344-9436-DCFF4CE0C759}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kohan II\k2.exe
    FirewallRules: [{8AE4A887-0A8E-48DA-B41D-1858636E80B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kohan II\k2.exe
    FirewallRules: [{E82BC8DC-58F3-4C26-BDA6-AF80D6E704B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Solar 2\Solar2.exe
    FirewallRules: [{E47BA479-9544-48AC-A8FF-145187672DD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Solar 2\Solar2.exe
    FirewallRules: [{AE974F87-20A4-4505-A0D8-5E252013E3F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{EBD9B1E1-F374-4B43-91A0-4A9F7D0E2DBC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{A4357CCB-2499-4866-8201-D1116BD84EDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
    FirewallRules: [{CAEF874A-CBA0-41DC-ADEE-648ACC95AA07}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
    FirewallRules: [{09974150-04E3-4983-9D9F-6074F47FC146}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{D144A06D-73A0-4625-BF55-CB540352E778}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
    FirewallRules: [{486411FB-F3A3-4757-BCCE-69EB1120DC52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gratuitous Space Battles\GSB.exe
    FirewallRules: [{CB4322EF-B3E9-470E-ADBD-6DD38FFBCF1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gratuitous Space Battles\GSB.exe
    FirewallRules: [{3E840671-3BA1-4709-B21B-301A5618A56C}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
    FirewallRules: [{43A4896A-D51C-4BB1-89A7-BD701DC267AB}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
    FirewallRules: [{7E9D89E3-5955-4BF4-9CBC-89175E40C0AA}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
    FirewallRules: [{346F00A2-04D2-49D5-95CD-E696B27E8BB6}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
    FirewallRules: [TCP Query User{5319D058-22A5-4AFD-8848-DDC0DC0C69CB}C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe] => (Block) C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe
    FirewallRules: [UDP Query User{D321120D-4D34-4F6D-BDBE-10530680CB89}C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe] => (Block) C:\program files\cpuid\hwmonitorpro\hwmonitorpro.exe
    FirewallRules: [{A1DEEC5F-299E-4BDD-9F4F-467577316E2F}] => (Allow) C:\Users\Trent\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1F527F14-CD64-4518-ACC3-AF91B94104C1}] => (Allow) C:\Users\Trent\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{3A7954DE-1F1A-4FAC-B66C-1A0FDBCF43AC}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe
    FirewallRules: [UDP Query User{7C199E95-DA62-4253-B3A7-5EB02228DF1B}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe
    FirewallRules: [{29076443-9E06-4B34-A701-079DA38B1893}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{7470F852-302D-403B-9BBE-5C877DFE4919}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{9697F610-0DFC-45C5-B929-215D37ECDB98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{4E13CFF1-364A-4767-A2A1-08B0B7FDF309}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{F1721A58-7004-494A-8173-7F8EA83A7CAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{62F8649B-3036-4A2A-8344-F1AF6E82AC64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{481F0CA0-FB84-4D87-B145-F0C8EC14F4B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{258F0C20-8207-4D52-B7B8-A663EC60BF79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{C16EF4FF-2959-40F6-99B1-5378BC8741C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{E56E71A6-8965-4EAE-A947-D30917496553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{1AB7989A-36C2-4A1B-896B-49961D85D661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{961B6290-3FB0-4368-A528-940B42E8958C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{BB82A730-23BF-4323-A476-3343B7CCF9FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
    FirewallRules: [{2EBA16A3-A4D0-421D-BEC2-E1CDEAA6D232}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
    FirewallRules: [{358AA6E3-A8DD-4F26-99B4-0DA958EC0A57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe
    FirewallRules: [{FD88B655-6648-42E1-BABE-65000A04FDF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe
    FirewallRules: [{AA55F348-548D-46B9-8379-AE9E3F4DFB20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{ED65B93F-124F-461F-969E-F7C98FCE08A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{1A7DDE66-C922-4DEE-831B-A867B782A66F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
    FirewallRules: [{37F6141E-BF98-4178-BA00-FF6FC98448F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
    FirewallRules: [TCP Query User{5AF36791-B054-48DB-947F-8EAA24C0AF76}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{2C4546C6-4BA1-496D-9360-6A2161C3DCB2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [{C908501F-3E96-4E4C-8002-3E814B88A9C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{5110C5FB-06C3-40DD-985E-E72FAAE85BFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{70F7E406-4903-4A3C-97CC-36D52EA533E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{EB4758EF-1D39-4954-B790-8D785C4227BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{8591E085-BA3A-474D-8FC6-7200CAF7C0D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{79FB84D7-EC52-47D9-B07A-A39554643EFD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{4339D665-2CF9-4291-B933-45C3016AAA42}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
    FirewallRules: [{739DBFCB-63BE-4BC6-A881-D782B2B6435C}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
    FirewallRules: [{BF869C9F-1C8C-4B37-B57E-E4DB3B5C27DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarDrive\StarDrive.exe
    FirewallRules: [{8A809832-37E8-40C1-919F-1C0EAD145C41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarDrive\StarDrive.exe
    FirewallRules: [{1DB84C23-2B02-4135-9DE8-9EFE61FA5BA0}] => (Allow) C:\Program Files (x86)\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe
    FirewallRules: [{4FDB2F03-58CC-43B4-91C4-2FDBD19F25F0}] => (Allow) C:\Program Files (x86)\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe
    FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
    FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
    FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
    FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
    FirewallRules: [TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
    FirewallRules: [UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
    FirewallRules: [{72052803-7B75-40BE-8D86-14BFCFD1822F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7CD4E2A5-4C28-4912-BE3A-B6037E08523D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{29D49649-9CA5-4929-8C36-A486852D0325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Godus\windows\godus.exe
    FirewallRules: [{9A969AFC-9998-4192-B15E-A8A1F128C09F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Godus\windows\godus.exe
    FirewallRules: [{E261AF3C-A819-4DB0-AD92-DB9269AC79F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
    FirewallRules: [{5EE58E85-12F4-4B30-8136-005CD07BD839}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
    FirewallRules: [{A68E632D-8C4E-4823-9E24-079587455258}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{9D71F4A6-34E2-4A15-850E-EBCB32B1FAF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FEEE6240-0861-4746-B967-D1AB72E72427}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E92B0B04-44DE-4C6A-928F-E7C5B4016ECC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AC496D9A-8BF8-4248-894D-47CE6C8B5EAD}] => (Allow) LPort=15600
    FirewallRules: [{3DC2A320-23BB-46DF-83DC-95CA93CBDC1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Last Federation\LastFederation.exe
    FirewallRules: [{4F9556FE-94AD-460C-85E6-78701FCAA251}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Last Federation\LastFederation.exe
    FirewallRules: [{7CFDE7D4-1923-4D81-9FD6-D1C25C16E51D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geneforge 5\Geneforge 5.exe
    FirewallRules: [{8C771004-F304-44E0-82A5-223E9FC0E845}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geneforge 5\Geneforge 5.exe
    FirewallRules: [{21ECCE07-DD71-4C3A-9C7A-8C0EF2C61119}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DB232E0B-4EEA-40FA-8C55-576CC4C468DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starion Tactics\Starion.exe
    FirewallRules: [{8FD0BDCF-9271-4DC2-AEBF-24952ACA6679}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starion Tactics\Starion.exe
    FirewallRules: [{DD2AF949-649B-464C-82DB-63B1A0355CF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
    FirewallRules: [{D301F4EB-9D28-4CC1-9DFE-BBEA25008DF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
    FirewallRules: [{99655471-3697-4649-BDD2-5CBEEA404BDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [{5D416A5C-417A-4AC0-AF80-A6D617CFC8C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [TCP Query User{5DE31436-27B6-446E-A9B4-3E990E0CD828}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
    FirewallRules: [UDP Query User{A6F1036E-BDE6-42BB-AAC6-DCE895FD376E}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
    FirewallRules: [TCP Query User{1DA0E0F4-86CA-4690-AA12-D4BFD62D2C8F}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\et6\gbtupd.exe
    FirewallRules: [UDP Query User{66F0EFAA-FF21-4765-9A4D-994AF7ACB646}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Block) C:\program files (x86)\gigabyte\et6\gbtupd.exe
    FirewallRules: [TCP Query User{F33F4B02-F5C8-4A26-8AFC-9AEE9F5F9335}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [UDP Query User{7E3A717F-372F-4CBD-BD9B-5328EDBD69AF}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe

    ==================== Faulty Device Manager Devices =============

    Name: Programmable Root Enumerator
    Description: Programming Support
    Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
    Manufacturer: Mad Catz
    Service: SaiNtBus
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: AMD IO Driver
    Description: AMD IO Driver
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: AMD, Inc
    Service: amdiox64
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: Communications Port (COM1)
    Description: Communications Port
    Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard port types)
    Service: Serial
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/16/2015 12:11:30 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: 9y2q50pm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
    Faulting module name: 9y2q50pm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
    Exception code: 0xc0000005
    Fault offset: 0x0008d93e
    Faulting process id: 0xdb4
    Faulting application start time: 0x9y2q50pm.exe0
    Faulting application path: 9y2q50pm.exe1
    Faulting module path: 9y2q50pm.exe2
    Report Id: 9y2q50pm.exe3

    Error: (10/15/2015 03:55:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Helper.exe, version: 9.918.101.1, time stamp: 0x561dce18
    Faulting module name: Helper.exe, version: 9.918.101.1, time stamp: 0x561dce18
    Exception code: 0xc0000005
    Fault offset: 0x0000b373
    Faulting process id: 0x1104
    Faulting application start time: 0xHelper.exe0
    Faulting application path: Helper.exe1
    Faulting module path: Helper.exe2
    Report Id: Helper.exe3

    Error: (10/12/2015 02:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
    Faulting module name: ole32.dll, version: 6.1.7601.18915, time stamp: 0x55981fd5
    Exception code: 0xc0000005
    Fault offset: 0x0000000000029fb9
    Faulting process id: 0xa40
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3

    Error: (10/10/2015 11:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GUI.exe, version: 1.0.0.1, time stamp: 0x4f0fc8d2
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55afd8e7
    Exception code: 0x80000003
    Fault offset: 0x0001322c
    Faulting process id: 0xd14
    Faulting application start time: 0xGUI.exe0
    Faulting application path: GUI.exe1
    Faulting module path: GUI.exe2
    Report Id: GUI.exe3

    Error: (10/10/2015 11:07:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GUI.exe, version: 1.0.0.1, time stamp: 0x4f0fc8d2
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55afd8e7
    Exception code: 0x80000003
    Fault offset: 0x0001322c
    Faulting process id: 0xb34
    Faulting application start time: 0xGUI.exe0
    Faulting application path: GUI.exe1
    Faulting module path: GUI.exe2
    Report Id: GUI.exe3

    Error: (10/10/2015 05:03:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: GUI.exe, version: 1.0.0.1, time stamp: 0x4f0fc8d2
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55afd8e7
    Exception code: 0x80000003
    Fault offset: 0x0001322c
    Faulting process id: 0x5f8
    Faulting application start time: 0xGUI.exe0
    Faulting application path: GUI.exe1
    Faulting module path: GUI.exe2
    Report Id: GUI.exe3

    Error: (10/10/2015 03:25:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service Foxit Cloud Safe Update Service since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (10/10/2015 03:03:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service Foxit Cloud Safe Update Service since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (10/06/2015 03:57:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service Foxit Cloud Safe Update Service since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (10/05/2015 12:44:10 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 41.0.1.5750, time stamp: 0x560b37be
    Faulting module name: mozglue.dll, version: 41.0.1.5750, time stamp: 0x560b229d
    Exception code: 0x80000003
    Fault offset: 0x0000ec7f
    Faulting process id: 0xb94
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3


    System errors:
    =============
    Error: (10/16/2015 12:03:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (10/15/2015 11:59:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (10/15/2015 11:59:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VIA Karaoke digital mixer Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/15/2015 11:59:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/15/2015 11:59:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (10/15/2015 11:59:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (10/15/2015 11:59:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/15/2015 05:46:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (10/15/2015 04:21:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (10/15/2015 03:50:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: The following fatal alert was generated: 43. The internal error state is 252.


    CodeIntegrity:
    ===================================
    Date: 2015-09-01 19:52:25.933
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-09-01 19:52:25.887
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-6100 Six-Core Processor
    Percentage of memory in use: 21%
    Total physical RAM: 8148.68 MB
    Available physical RAM: 6401.61 MB
    Total Virtual: 16297.36 MB
    Available Virtual: 14349.25 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.54 GB) (Free:93.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] What exactly is slow?

    [​IMG] Uninstall following unwanted program: Catalina Savings Printer

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Hi! Thanks very much for your reply!

    It seems to get sluggish every so often... as if something is running in the background, however I could find nothing that was legit running. It does seem to get a bit better when MS Security Essentials is off. I'd bet that something has infected or made itself resemble something legit. It will affects anything from a video to a game email etc.. system bogged down.

    None of the programs found anything. I did shut down the coupon printer, however I doubt it was that. I've removed it before. JRT did have an error when starting: "the system was unable to find the specified registry key or value"

    Here's the first log, Rkill:

    RogueKiller V10.11.2.0 (x64) [Oct 20 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Trent [Administrator]
    Started from : C:\Users\Trent\Desktop\1.exe
    Mode : Delete -- Date : 10/24/2015 21:19:18

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤





    ******************************MBAM:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/24/2015
    Scan Time: 21:22
    Logfile: MBAM1.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.10.24.07
    Rootkit Database: v2015.10.23.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Trent

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 366774
    Time Elapsed: 2 hr, 1 min, 32 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Disabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Warn

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)




    **************************ADW:

    # AdwCleaner v5.014 - Logfile created 24/10/2015 at 23:57:49
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Trent - HELL-PC1
    # Running from : C:\Users\Trent\Desktop\3.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\FreeFixer
    [-] Folder Deleted : C:\Users\Trent\AppData\Local\FreeFixer
    [-] Folder Deleted : C:\Users\Trent\AppData\Roaming\FreeFixer
    [-] Folder Deleted : C:\Users\Trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [-] [C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C12].txt - [1134 bytes] ##########




    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AAKX-00ERMA0 ATA Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
    2 - Basic data partition | Offset (sectors): 468992 | Size: 476711 MB
    User = LL1 ... OK
    User = LL2 ... OK







    ******************************** JRT:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows 7 Ultimate x64
    Ran by Trent on Sun 10/25/2015 at 0:03:55.80
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome


    [C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 10/25/2015 at 0:11:42.43
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I want you to uninstall it not shut it down.

    [​IMG] Reinstall MSE.

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    It was late, poor choice of words - I uninstalled the coupon printer.
     
  8. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Thanks much. I have the following ComboFix report:

    ComboFix 15-10-23.01 - Trent 10/25/2015 18:37:28.5.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8149.7153 [GMT -5:00]
    Running from: c:\users\Trent\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\security\logs\scecomp.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-09-25 to 2015-10-25 )))))))))))))))))))))))))))))))
    .
    .
    2015-10-25 23:50 . 2015-10-25 23:50 -------- d-----w- c:\users\Public\AppData\Local\temp
    2015-10-25 23:50 . 2015-10-25 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-10-25 23:23 . 2015-10-20 09:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E81337FC-1C44-4B86-819D-6DA2AB29B4AB}\mpengine.dll
    2015-10-24 21:42 . 2015-10-24 21:44 -------- d-----w- c:\users\Trent\AppData\Local\2Browse
    2015-10-24 19:03 . 2015-10-24 19:10 -------- d-----w- c:\programdata\UVK
    2015-10-24 18:08 . 2015-10-25 19:10 -------- d-----r- c:\users\Trent\Google Drive
    2015-10-24 09:14 . 2015-10-24 18:05 -------- d-----w- c:\program files (x86)\Google
    2015-10-24 09:14 . 2015-10-24 18:05 -------- d-----w- c:\users\Trent\AppData\Local\Google
    2015-10-24 09:07 . 2015-10-24 09:39 -------- d-----w- c:\users\Trent\AppData\Local\Apple Inc
    2015-10-24 08:46 . 2015-10-24 08:46 -------- d-----w- c:\program files (x86)\Apple Software Update
    2015-10-15 02:59 . 2012-08-03 05:27 2206352 ----a-w- c:\windows\system32\drivers\viahduaa.sys
    2015-10-15 02:59 . 2012-08-03 05:27 681104 ----a-w- c:\windows\system32\VIASysFx.dll
    2015-10-15 02:59 . 2012-08-03 05:27 2993296 ----a-w- c:\windows\system32\VIAPropPageExt.dll
    2015-10-15 02:40 . 2015-10-15 02:40 -------- d-----w- C:\Auto
    2015-10-13 23:40 . 2015-09-29 03:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-10 09:07 . 2015-10-03 05:06 877176 ----a-w- c:\windows\system32\NvFBC64.dll
    2015-10-10 08:03 . 2015-09-25 18:07 98816 ----a-w- c:\windows\system32\wudriver.dll
    2015-10-05 03:09 . 2015-10-05 03:09 -------- d-----w- c:\users\Trent\AppData\Roaming\HD Tune Pro
    2015-10-05 03:09 . 2015-10-05 03:09 -------- d-----w- c:\program files (x86)\HD Tune Pro
    2015-10-04 23:56 . 2015-10-05 04:26 -------- d-----w- c:\users\Trent\AppData\Roaming\gsmartcontrol
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-10-25 02:02 . 2015-09-03 03:57 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-10-18 18:37 . 2013-05-19 23:30 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-10-18 18:37 . 2013-05-19 23:30 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-10-13 23:47 . 2013-05-20 00:47 143481208 ----a-w- c:\windows\system32\MRT.exe
    2015-10-11 06:06 . 2013-05-20 01:02 25640 ----a-w- c:\windows\etdrv.sys
    2015-10-11 06:06 . 2013-05-20 00:14 30528 ----a-w- c:\windows\GVTDrv64.sys
    2015-10-11 06:06 . 2013-05-20 00:14 25640 ----a-w- c:\windows\gdrv.sys
    2015-10-03 02:49 . 2015-09-22 05:29 6358648 ----a-w- c:\windows\system32\nvcpl.dll
    2015-10-03 02:49 . 2015-09-22 05:29 2982520 ----a-w- c:\windows\system32\nvsvc64.dll
    2015-10-03 02:49 . 2015-09-22 05:29 938800 ----a-w- c:\windows\system32\nvvsvc.exe
    2015-10-03 02:49 . 2015-09-22 05:29 62768 ----a-w- c:\windows\system32\nvshext.dll
    2015-10-03 02:49 . 2015-09-22 05:29 385328 ----a-w- c:\windows\system32\nvmctray.dll
    2015-10-03 02:49 . 2015-09-22 05:29 2554488 ----a-w- c:\windows\system32\nvsvcr.dll
    2015-10-01 09:33 . 2015-09-22 05:29 5284082 ----a-w- c:\windows\system32\nvcoproc.bin
    2015-09-29 02:58 . 2015-10-13 23:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-09-28 09:32 . 2013-05-20 01:33 6656 ----a-w- c:\windows\system32\lpcio.dll
    2015-09-25 08:43 . 2015-09-25 08:43 478392 ----a-w- c:\windows\system32\drivers\C7EE2EF2.sys
    2015-09-02 03:04 . 2015-09-10 07:03 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-09-02 03:04 . 2015-09-10 07:03 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-09-02 03:04 . 2015-09-10 07:03 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-09-02 03:04 . 2015-09-10 07:03 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-09-02 02:48 . 2015-09-10 07:03 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-09-02 02:48 . 2015-09-10 07:03 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-09-02 02:48 . 2015-09-10 07:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-09-02 02:47 . 2015-09-10 07:03 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-09-02 01:51 . 2015-09-10 07:03 3209216 ----a-w- c:\windows\system32\win32k.sys
    2015-09-02 01:47 . 2015-09-10 07:03 372736 ----a-w- c:\windows\system32\atmfd.dll
    2015-09-02 01:33 . 2015-09-10 07:03 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-08-27 18:18 . 2015-09-10 07:03 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2015-08-27 18:18 . 2015-09-10 07:03 1887232 ----a-w- c:\windows\system32\msxml3.dll
    2015-08-27 18:13 . 2015-09-10 07:03 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2015-08-27 18:13 . 2015-09-10 07:03 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-08-27 17:58 . 2015-09-10 07:03 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
    2015-08-27 17:58 . 2015-09-10 07:03 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
    2015-08-27 17:51 . 2015-09-10 07:03 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
    2015-08-27 17:51 . 2015-09-10 07:03 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2015-08-25 18:46 . 2015-09-22 05:27 1898288 ----a-w- c:\windows\system32\nvdispco6435582.dll
    2015-08-25 18:46 . 2015-09-22 05:27 1558648 ----a-w- c:\windows\system32\nvdispgenco6435582.dll
    2015-08-05 17:56 . 2015-09-10 07:03 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2015-08-05 17:56 . 2015-09-10 07:03 275456 ----a-w- c:\windows\system32\InkEd.dll
    2015-08-05 17:56 . 2015-09-17 18:48 22528 ----a-w- c:\windows\system32\icaapi.dll
    2015-08-05 17:40 . 2015-09-10 07:03 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
    2015-08-05 17:06 . 2015-09-17 18:48 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2015-07-30 18:06 . 2015-08-12 22:48 1180160 ----a-w- c:\windows\system32\FntCache.dll
    2015-07-30 18:06 . 2015-08-12 22:48 1648128 ----a-w- c:\windows\system32\DWrite.dll
    2015-07-30 18:06 . 2015-08-12 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-07-30 17:57 . 2015-08-12 22:48 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-07-30 17:57 . 2015-08-12 22:48 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2015-07-30 13:13 . 2015-08-12 23:18 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-30 13:13 . 2015-08-12 23:18 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C7EE2EF2.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
    R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
    R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
    R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
    R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
    R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    R4 C7EE2EF2;C7EE2EF2;c:\windows\system32\drivers\C7EE2EF2.sys;c:\windows\SYSNATIVE\drivers\C7EE2EF2.sys [x]
    R4 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    R4 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    R4 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
    R4 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
    R4 SaiH0109;SaiH0109;c:\windows\system32\DRIVERS\SaiH0109.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0109.sys [x]
    R4 SaiH0160;SaiH0160;c:\windows\system32\DRIVERS\SaiH0160.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0160.sys [x]
    R4 SaiU0109;SaiU0109;c:\windows\system32\DRIVERS\SaiU0109.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0109.sys [x]
    R4 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo64.dll;c:\windows\WiseHDInfo64.dll [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-10-24 09:15 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-19 18:37]
    .
    2015-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 09:14]
    .
    2015-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 09:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-10-12 17:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-10-12 17:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-10-12 17:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKU-Default-RunOnce-iCloud - c:\program files (x86)\Common Files\Apple\Internet Services\iCloud.exe
    AddRemove-FreeFixer1.13 - c:\program files\FreeFixer\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.13"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-10-25 18:53:10
    ComboFix-quarantined-files.txt 2015-10-25 23:53
    ComboFix2.txt 2015-09-02 01:08
    ComboFix3.txt 2014-04-05 07:03
    ComboFix4.txt 2014-03-23 05:12
    .
    Pre-Run: 113,338,494,976 bytes free
    Post-Run: 113,117,347,840 bytes free
    .
    - - End Of File - - DEE5291776B899A3FBDC26531B12746C
    A36C5E4F47E84449FF07ED3517B43A31
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  10. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
    Ran by Trent (administrator) on HELL-PC1 (25-10-2015 19:50:00)
    Running from C:\Users\Trent\Desktop
    Loaded Profiles: Trent (Available Profiles: Trent)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{53F25C74-60CF-4759-939E-9FC7D98FA93A}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Homepage: hxxps://www.google.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3822528139-1650123135-726693888-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Trent\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-3822528139-1650123135-726693888-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Trent\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\searchplugins\amazon-search-suggestions.xml [2014-06-21]
    FF SearchPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\searchplugins\bookfindercom.xml [2015-10-24]
    FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\Extensions\artur.dubovoy@gmail.com [2015-09-24]
    FF Extension: Adblock Plus - C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
    FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt => not found

    Chrome:
    =======
    CHR Profile: C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
    CHR Extension: (Google Docs) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
    CHR Extension: (Google Drive) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
    CHR Extension: (Google Search) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
    CHR Extension: (Google Sheets) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
    CHR Extension: (Google Docs Offline) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
    CHR Extension: (Gmail) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
    CHR HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
    S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
    S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
    S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
    S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
    S4 C7EE2EF2; C:\Windows\System32\drivers\C7EE2EF2.sys [478392 2015-09-25] (Kaspersky Lab ZAO)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-10-11] ()
    S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
    S4 SaiH0109; C:\Windows\System32\DRIVERS\SaiH0109.sys [171144 2007-05-01] (Saitek)
    S4 SaiH0160; C:\Windows\System32\DRIVERS\SaiH0160.sys [179584 2008-11-24] (Saitek)
    S4 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
    S4 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
    S4 SaiU0109; C:\Windows\System32\DRIVERS\SaiU0109.sys [34304 2007-05-01] (Saitek)
    S4 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-07-21] (wisecleaner.com)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S4 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S4 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S4 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S4 NVHDA; system32\drivers\nvhda64v.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-25 19:50 - 2015-10-25 19:50 - 00013684 _____ C:\Users\Trent\Desktop\FRST.txt
    2015-10-25 19:49 - 2015-10-25 19:49 - 00040305 _____ C:\Users\Trent\Downloads\Addition.txt
    2015-10-25 19:48 - 2015-10-25 19:49 - 00060238 _____ C:\Users\Trent\Downloads\FRST.txt
    2015-10-25 19:48 - 2015-10-25 19:48 - 02197504 _____ (Farbar) C:\Users\Trent\Desktop\FRST64.exe
    2015-10-25 18:53 - 2015-10-25 18:53 - 00021717 _____ C:\ComboFix.txt
    2015-10-25 18:34 - 2015-10-25 18:34 - 05637412 ____R (Swearware) C:\Users\Trent\Desktop\ComboFix.exe
    2015-10-25 18:34 - 2015-10-25 18:34 - 05637412 _____ (Swearware) C:\Users\Trent\Downloads\ComboFix.exe
    2015-10-25 18:10 - 2015-10-25 18:10 - 00203982 _____ C:\Users\Trent\Documents\7 Actions to Take Immediately Following an EMP Strike _ Ask a Prepper.htm
    2015-10-25 18:10 - 2015-10-25 18:10 - 00000000 ____D C:\Users\Trent\Documents\7 Actions to Take Immediately Following an EMP Strike _ Ask a Prepper_files
    2015-10-24 21:01 - 2015-10-24 21:01 - 01801288 _____ (Malwarebytes) C:\Users\Trent\Desktop\4.exe
    2015-10-24 21:01 - 2015-10-24 21:01 - 01691648 _____ C:\Users\Trent\Desktop\3.exe
    2015-10-24 20:57 - 2015-10-24 20:57 - 22794824 _____ C:\Users\Trent\Desktop\1.exe
    2015-10-24 20:54 - 2015-10-24 20:54 - 22908888 _____ (Malwarebytes ) C:\Users\Trent\Desktop\2.exe
    2015-10-24 19:49 - 2015-10-24 19:50 - 00000000 ____D C:\Users\Trent\Desktop\New folder (4)
    2015-10-24 19:34 - 2015-10-25 01:55 - 00000616 _____ C:\Windows\setupact.log
    2015-10-24 19:34 - 2015-10-24 19:34 - 00000000 _____ C:\Windows\setuperr.log
    2015-10-24 18:55 - 2015-10-24 18:55 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-10-24 16:42 - 2015-10-24 16:44 - 00000000 ____D C:\Users\Trent\AppData\Local\2Browse
    2015-10-24 14:03 - 2015-10-24 14:10 - 00000000 ____D C:\ProgramData\UVK
    2015-10-24 14:03 - 2015-10-24 14:03 - 00001806 _____ C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
    2015-10-24 13:08 - 2015-10-25 14:10 - 00000000 ___RD C:\Users\Trent\Google Drive
    2015-10-24 13:08 - 2015-10-24 13:08 - 00001695 _____ C:\Users\Trent\Desktop\Google Drive.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2015-10-24 13:05 - 2015-10-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-10-24 04:37 - 2015-10-24 13:10 - 00000000 ____D C:\Users\Trent\Desktop\New folder (2)
    2015-10-24 04:16 - 2015-10-24 04:16 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-24 04:16 - 2015-10-24 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-10-24 04:15 - 2015-10-25 19:20 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-24 04:15 - 2015-10-25 04:20 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-24 04:15 - 2015-10-24 04:15 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-10-24 04:15 - 2015-10-24 04:15 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-10-24 04:14 - 2015-10-24 13:05 - 00000000 ____D C:\Users\Trent\AppData\Local\Google
    2015-10-24 04:14 - 2015-10-24 13:05 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-24 04:07 - 2015-10-24 04:39 - 00000000 ____D C:\Users\Trent\AppData\Local\Apple Inc
    2015-10-24 03:46 - 2015-10-24 03:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-10-24 01:14 - 2015-10-24 01:14 - 00398732 _____ C:\Users\Trent\Desktop\Letters to the Editor April 2, 2013 _ Letters to the Editor _ North Bay Bohemian.htm
    2015-10-24 01:14 - 2015-10-24 01:14 - 00000000 ____D C:\Users\Trent\Desktop\Letters to the Editor April 2, 2013 _ Letters to the Editor _ North Bay Bohemian_files
    2015-10-23 03:15 - 2015-10-25 18:18 - 00000230 _____ C:\Users\Trent\Desktop\october23.txt
    2015-10-22 00:52 - 2015-10-22 00:52 - 00784679 _____ C:\Users\Trent\Desktop\These Florida Tea Partiers plan to set up a secret vigilante court to arrest — and possibly execute — Obama.htm
    2015-10-22 00:52 - 2015-10-22 00:52 - 00000000 ____D C:\Users\Trent\Desktop\These Florida Tea Partiers plan to set up a secret vigilante court to arrest — and possibly execute — Obama_files
    2015-10-20 13:21 - 2015-10-20 13:21 - 00097114 _____ C:\Users\Trent\Desktop\Transaction History.htm
    2015-10-20 13:21 - 2015-10-20 13:21 - 00000000 ____D C:\Users\Trent\Desktop\Transaction History_files
    2015-10-20 00:07 - 2015-10-20 00:07 - 00014658 _____ C:\Users\Trent\Desktop\A. Lorene Mullins - Springfield, Missouri (MO) _ Crestleaf.htm
    2015-10-20 00:07 - 2015-10-20 00:07 - 00000000 ____D C:\Users\Trent\Desktop\A. Lorene Mullins - Springfield, Missouri (MO) _ Crestleaf_files
    2015-10-19 00:24 - 2015-10-19 00:24 - 00221428 _____ C:\Users\Trent\Desktop\Virus and Malware Removal - TechSpot Forums.htm
    2015-10-19 00:24 - 2015-10-19 00:24 - 00000000 ____D C:\Users\Trent\Desktop\Virus and Malware Removal - TechSpot Forums_files
    2015-10-19 00:21 - 2015-10-19 00:21 - 00293222 _____ C:\Users\Trent\Desktop\Speed Up Windows 7 - Ultimate Tweaks For a Blazing Fast Windows 7.htm
    2015-10-19 00:21 - 2015-10-19 00:21 - 00000000 ____D C:\Users\Trent\Desktop\Speed Up Windows 7 - Ultimate Tweaks For a Blazing Fast Windows 7_files
    2015-10-18 23:06 - 2015-10-18 23:06 - 00045259 _____ C:\Users\Trent\Desktop\Disable Visual Effects in Windows for Better Performance.htm
    2015-10-18 23:06 - 2015-10-18 23:06 - 00000000 ____D C:\Users\Trent\Desktop\Disable Visual Effects in Windows for Better Performance_files
    2015-10-18 22:00 - 2015-10-19 01:50 - 00000000 ____D C:\Users\Trent\Desktop\New folder
    2015-10-18 21:04 - 2015-10-18 20:55 - 07303271 _____ C:\Users\Trent\Desktop\CBS.log
    2015-10-18 18:53 - 2015-10-18 18:53 - 00000513 _____ C:\Users\Trent\Desktop\jhjhjhjh.txt
    2015-10-18 14:12 - 2015-10-18 14:12 - 00000000 ____D C:\Users\Trent\Desktop\Fix Today
    2015-10-18 00:49 - 2015-10-18 00:52 - 56755032 _____ C:\Users\Trent\Desktop\test.mp4
    2015-10-17 20:03 - 2015-10-17 20:03 - 00000034 _____ C:\Users\Trent\Desktop\fggfgfgfgf.txt
     
  11. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    2015-10-16 23:14 - 2015-10-16 23:14 - 00289503 _____ C:\Users\Trent\Desktop\Folk Art _ Skinner Auctioneers.htm
    2015-10-16 23:14 - 2015-10-16 23:14 - 00000000 ____D C:\Users\Trent\Desktop\Folk Art _ Skinner Auctioneers_files
    2015-10-16 00:42 - 2015-10-18 19:15 - 00004566 _____ C:\Users\Trent\Desktop\Rkill.txt
    2015-10-16 00:19 - 2015-10-16 00:20 - 00000000 ____D C:\Users\Trent\Desktop\New folder (9)
    2015-10-15 00:34 - 2015-10-15 00:35 - 11336600 _____ (SurfRight B.V.) C:\Users\Trent\Desktop\HitmanPro_x64.exe
    2015-10-14 22:17 - 2015-10-14 22:17 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
    2015-10-14 21:59 - 2012-08-03 00:27 - 02993296 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
    2015-10-14 21:59 - 2012-08-03 00:27 - 02206352 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
    2015-10-14 21:59 - 2012-08-03 00:27 - 00681104 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
    2015-10-14 21:40 - 2015-10-14 21:40 - 00000000 ____D C:\Auto
    2015-10-13 18:41 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-13 18:41 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-13 18:41 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-13 18:41 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-13 18:41 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-13 18:41 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-13 18:41 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-13 18:41 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-13 18:41 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-13 18:41 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-13 18:41 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-13 18:41 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-13 18:41 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-13 18:41 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-13 18:41 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-13 18:41 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-13 18:41 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-13 18:41 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-13 18:41 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-13 18:41 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-13 18:41 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 18:41 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-13 18:41 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-13 18:41 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-13 18:41 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-13 18:41 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-13 18:41 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-13 18:41 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-13 18:41 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-13 18:41 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-13 18:41 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-13 18:41 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-13 18:41 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-13 18:41 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-13 18:40 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-13 18:40 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-13 18:40 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-13 18:40 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-13 18:40 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-13 18:40 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-13 18:40 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-13 18:40 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-13 18:40 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-13 18:40 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-13 18:40 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-13 18:40 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-13 18:40 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-13 18:40 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-13 18:40 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-13 18:40 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 18:40 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-13 18:40 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-13 18:40 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-13 18:40 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-13 18:40 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-13 18:40 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-13 18:40 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-13 18:40 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-13 18:40 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-13 18:40 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-13 18:40 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-13 18:40 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-13 18:40 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-13 18:40 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-13 18:40 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-13 18:40 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-13 18:40 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-13 18:40 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-13 18:40 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-13 18:40 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-13 18:40 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-13 18:40 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-13 18:40 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-13 18:40 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-13 18:40 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-13 18:40 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-13 18:40 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-13 18:40 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-13 18:40 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-13 18:40 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-13 18:40 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-13 18:40 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-13 18:40 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-13 18:40 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-13 18:40 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-13 18:40 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-13 18:40 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-13 18:40 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-13 18:40 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-13 18:40 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-13 18:40 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-13 18:40 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-13 18:40 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-13 18:40 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-13 18:40 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-13 18:40 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-13 18:40 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-13 18:40 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-13 18:40 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-13 18:40 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-13 18:40 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-13 18:40 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-13 18:40 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-13 18:40 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-13 18:40 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-13 18:40 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-13 18:40 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-13 18:40 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-13 18:40 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-13 18:40 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-13 18:40 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-13 18:40 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-11 14:37 - 2015-10-11 14:34 - 04000126 _____ C:\Users\Trent\Desktop\CBS (3).log
    2015-10-11 01:23 - 2015-10-12 15:43 - 00000868 _____ C:\Users\Trent\Desktop\FreeFixer.lnk
    2015-10-11 01:17 - 2015-10-11 01:17 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
    2015-10-10 04:07 - 2015-10-03 00:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 17395512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 15716648 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 12769408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-10-10 04:07 - 2015-10-03 00:06 - 03573832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 03154104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-10-10 04:07 - 2015-10-03 00:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-10-10 03:25 - 2015-10-24 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
    2015-10-10 03:18 - 2015-10-24 19:49 - 00000000 ____D C:\Users\Trent\Desktop\New folder (6)
    2015-10-10 03:03 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-10 03:03 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-10 03:03 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-10 03:03 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-10 03:03 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-10 03:03 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-10 03:03 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-10 03:03 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-10 03:03 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-10 03:03 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-10 03:03 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-10 03:03 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-04 22:09 - 2015-10-04 22:09 - 00000000 ____D C:\Users\Trent\AppData\Roaming\HD Tune Pro
    2015-10-04 22:09 - 2015-10-04 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
    2015-10-04 22:09 - 2015-10-04 22:09 - 00000000 ____D C:\Program Files (x86)\HD Tune Pro
    2015-10-04 18:56 - 2015-10-04 23:26 - 00000000 ____D C:\Users\Trent\AppData\Roaming\gsmartcontrol
    2015-10-02 21:55 - 2015-10-02 21:55 - 00005216 _____ C:\Users\Trent\AppData\Local\recently-used.xbel
    2015-09-27 17:45 - 2015-09-27 17:46 - 00023934 _____ C:\Users\Trent\Documents\Main052013BACKUP.kdbx
    2015-09-25 03:43 - 2015-09-25 03:43 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\C7EE2EF2.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-25 19:50 - 2014-05-10 15:23 - 00000000 ____D C:\FRST
    2015-10-25 19:48 - 2013-05-19 23:56 - 00000000 ____D C:\Users\Trent\AppData\Roaming\vlc
    2015-10-25 18:53 - 2014-03-23 00:02 - 00000000 ____D C:\Qoobox
    2015-10-25 18:50 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
    2015-10-25 18:28 - 2013-05-19 21:00 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-10-25 18:23 - 2015-07-21 17:46 - 01203700 _____ C:\Windows\WindowsUpdate.log
    2015-10-25 18:18 - 2015-07-17 03:12 - 00001945 _____ C:\Windows\epplauncher.mif
    2015-10-25 14:47 - 2009-07-13 23:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-25 14:47 - 2009-07-13 23:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-24 23:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-24 23:57 - 2013-11-06 00:49 - 00000000 ____D C:\AdwCleaner
    2015-10-24 21:46 - 2013-05-22 00:35 - 00000000 ____D C:\Users\Trent\AppData\Local\CrashDumps
    2015-10-24 21:02 - 2015-09-02 22:57 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-10-24 18:57 - 2015-07-21 16:52 - 00000000 ____D C:\Program Files\CCleaner
    2015-10-24 14:16 - 2013-11-05 15:11 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Dropbox
    2015-10-24 14:08 - 2014-03-14 21:48 - 00000000 ____D C:\Program Files (x86)\PDF Architect
    2015-10-24 14:03 - 2014-09-22 23:43 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer
    2015-10-24 13:59 - 2013-05-20 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    2015-10-24 13:55 - 2013-05-19 18:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-10-24 13:48 - 2015-06-02 23:47 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Apple Computer
    2015-10-24 13:48 - 2015-06-02 23:46 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-10-24 13:31 - 2013-05-20 16:57 - 00000000 ____D C:\Users\Trent\AppData\Roaming\KeePass
    2015-10-24 13:08 - 2013-05-19 18:00 - 00000000 ____D C:\Users\Trent
    2015-10-24 03:56 - 2013-05-20 21:15 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2015-10-24 03:48 - 2015-06-02 23:47 - 00000000 ____D C:\Users\Trent\AppData\Local\Apple Computer
    2015-10-24 03:46 - 2015-06-02 23:46 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-10-24 02:43 - 2014-02-22 17:33 - 00000000 ____D C:\Users\Trent\Desktop\TV
    2015-10-22 01:51 - 2013-05-20 20:11 - 00024030 _____ C:\Users\Trent\Documents\Main052013.kdbx
    2015-10-19 04:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2015-10-19 01:54 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-10-19 01:54 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2015-10-19 01:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-10-18 17:25 - 2013-11-06 00:58 - 00000000 ____D C:\Windows\pss
    2015-10-18 14:08 - 2013-07-14 20:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-10-18 13:37 - 2013-07-14 20:01 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-18 13:37 - 2013-05-19 18:30 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-18 13:37 - 2013-05-19 18:30 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-18 04:28 - 2014-05-11 13:53 - 00000000 ____D C:\Program Files (x86)\Trillian
    2015-10-18 00:48 - 2015-02-02 19:44 - 00051159 _____ C:\Users\Trent\Desktop\Br cke Die The Bridge (2008).720p.2008.en.srt
    2015-10-16 00:00 - 2013-05-19 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-10-15 16:22 - 2014-07-23 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-10-14 22:17 - 2013-05-19 18:10 - 00000000 ____D C:\Program Files (x86)\VIA
    2015-10-14 05:53 - 2015-04-04 23:52 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-13 18:52 - 2013-07-12 01:05 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-13 18:47 - 2013-05-19 19:47 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-13 18:42 - 2015-04-04 23:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-12 03:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-11 01:17 - 2013-05-20 21:15 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
    2015-10-11 01:06 - 2013-05-19 20:02 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
    2015-10-11 01:06 - 2013-05-19 19:14 - 00030528 _____ C:\Windows\GVTDrv64.sys
    2015-10-11 01:06 - 2013-05-19 19:14 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
    2015-10-10 04:08 - 2015-09-22 00:29 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-10-10 03:39 - 2013-05-19 18:16 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
    2015-10-10 03:31 - 2014-06-10 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2015-10-10 03:04 - 2015-04-15 03:20 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-10 03:04 - 2014-04-30 00:50 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-03 00:06 - 2015-09-22 00:27 - 00033507 _____ C:\Windows\system32\nvinfo.pb
    2015-10-02 21:55 - 2013-05-20 22:46 - 00000000 ____D C:\Users\Trent\.gimp-2.8
    2015-10-02 21:49 - 2015-09-22 00:29 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 02982520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2015-10-02 21:49 - 2015-09-22 00:29 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-10-02 21:49 - 2015-09-22 00:29 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-10-01 20:29 - 2014-08-28 15:37 - 00000000 ____D C:\Users\Trent\AppData\Local\Adobe
    2015-10-01 04:33 - 2015-09-22 00:29 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
    2015-09-28 04:34 - 2013-05-19 23:19 - 00007619 _____ C:\Users\Trent\AppData\Local\Resmon.ResmonCfg
    2015-09-28 04:32 - 2013-05-19 20:33 - 00006656 _____ C:\Windows\system32\lpcio.dll
    2015-09-25 21:24 - 2013-05-23 12:52 - 00000000 ____D C:\Users\Trent\Documents\Turbo Lister Backup

    ==================== Files in the root of some directories =======

    2013-10-31 19:19 - 2013-10-31 19:19 - 0000037 ___SH () C:\Users\Trent\AppData\Local\70149b02515b3bb20dd492.47983420
    2015-10-02 21:55 - 2015-10-02 21:55 - 0005216 _____ () C:\Users\Trent\AppData\Local\recently-used.xbel
    2013-05-19 23:19 - 2015-09-28 04:34 - 0007619 _____ () C:\Users\Trent\AppData\Local\Resmon.ResmonCfg
    2013-11-19 14:41 - 2013-11-19 14:41 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-21 04:18

    ==================== End of FRST.txt ============================
     
  12. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Dditional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
    Ran by Trent (2015-10-25 19:50:26)
    Running from C:\Users\Trent\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2013-05-19 23:00:54)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3822528139-1650123135-726693888-500 - Administrator - Disabled)
    Guest (S-1-5-21-3822528139-1650123135-726693888-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3822528139-1650123135-726693888-1003 - Limited - Enabled)
    Trent (S-1-5-21-3822528139-1650123135-726693888-1000 - Administrator - Enabled) => C:\Users\Trent

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    @Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
    3CXPhone (HKLM-x32\...\{0DF8FA4D-299C-4250-9F09-C14E47E12224}) (Version: 4.0.26523.0 - 3CX)
    Abyss Odyssey (HKLM-x32\...\Steam App 255070) (Version: - ACE Team)
    Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Advanced Port Scanner v1.3 (HKLM-x32\...\Advanced Port Scanner v1.3) (Version: - )
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
    Darkest Hour: A Hearts of Iron Game (HKLM-x32\...\Steam App 73170) (Version: - )
    Data Lifeguard Diagnostic for Windows 1.28 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Endless Space (HKLM-x32\...\Steam App 208140) (Version: - Amplitude Studios)
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
    Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
    Eudora (HKLM-x32\...\{7377A063-BCF1-40E1-86D9-312DA517776A}) (Version: 7.0 - )
    Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
    FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
    FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Galactic Civilizations III (HKLM-x32\...\Steam App 226860) (Version: - Stardock Entertainment)
    Geneforge 5 (HKLM-x32\...\Steam App 201010) (Version: - Spiderweb Software)
    Genesis Rising (HKLM-x32\...\Genesis Rising_is1) (Version: 1.044 - DreamCatcher Interactive Inc.)
    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
    Godus (HKLM-x32\...\Steam App 232810) (Version: - 22cans)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
    Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version: - Positech Games)
    HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
    Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version: - )
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
    Kinetic Void (HKLM-x32\...\Steam App 227160) (Version: - Badland Studio)
    Kohan II: Kings of War (HKLM-x32\...\Steam App 97130) (Version: - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
    Lost Empire - Immortals (HKLM-x32\...\{A5CA4D22-AC18-4947-9314-595366411669}) (Version: 1.0.2 - Pollux Gamelabs)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 1.0 Refresh (HKLM-x32\...\{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}) (Version: 1.1.10405.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
    Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
    NAPS2 2.6.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
    NVIDIA Graphics Driver 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
    P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
    PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
    PDF Merge (HKLM-x32\...\{50217A00-46B2-40E3-8664-5C93BFFA03B0}) (Version: 1.0.0 - Free PDF Soulutions)
    Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
    Solar 2 (HKLM-x32\...\Steam App 97000) (Version: - Murudai)
    Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - )
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
    Stamps.com (x32 Version: 10.1.1.2456 - Stamps.com, Inc.) Hidden
    StarDrive (HKLM-x32\...\Steam App 220660) (Version: - Zero Sum Games)
    Starion Tactics (HKLM-x32\...\Steam App 312960) (Version: - Corncrow Games)
    Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version: - Little Green Men Games)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version: - Firefly Studios)
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Last Federation (HKLM-x32\...\Steam App 273070) (Version: - Arcen Games, LLC)
    Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
    Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
    Unity of Command (HKLM-x32\...\Unity_of_Command) (Version: - )
    Unity Web Player (HKU\S-1-5-21-3822528139-1650123135-726693888-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
    UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.5.1.0 - Carifred)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    VT Hash Check 1.41 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.31 - Boredom Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    24-10-2015 13:54:47 Removed ET6 B15.0210.1
    24-10-2015 13:57:17 Removed FileBot
    25-10-2015 00:04:00 JRT Pre-Junkware Removal
    25-10-2015 00:29:08 JRT Pre-Junkware Removal
    25-10-2015 18:22:29 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-10-25 18:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {850D76C4-4B7F-4FC8-AE95-BCF739B1855C} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
    Task: {92308677-A4CF-4A2A-89BF-838F85C69594} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)
    Task: {C2EBD28E-6641-4524-9D26-A57BCD81E9C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
    Task: {D45B3018-547E-4BD4-B0BB-AFF209310860} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
    Task: {F3D3CB6A-ED3C-4109-A3FA-51A2974FEAEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
    Task: {FBC60D46-CF13-486A-A499-2906BCB2BF48} - System32\Tasks\{C6400B35-216E-4B70-BE81-8CFFC624A5BC} => pcalua.exe -a C:\Users\Trent\Desktop\SETUP.EXE -d C:\Users\Trent\Desktop

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-22 00:29 - 2015-10-02 21:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C7EE2EF2.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\C7EE2EF2.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: BstHdAndroidSvc => 2
    MSCONFIG\Services: BstHdLogRotatorSvc => 2
    MSCONFIG\Services: BstHdUpdaterSvc => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: IDriverT => 3
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2
    MSCONFIG\Services: PDF Architect Helper Service => 2
    MSCONFIG\Services: PDF Architect Service => 2
    MSCONFIG\Services: rpcapd => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: TermService => 3
    MSCONFIG\Services: UmRdpService => 3
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^3CXPhone for Windows.lnk => C:\Windows\pss\3CXPhone for Windows.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UV Realtime.lnk => C:\Windows\pss\UV Realtime.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Trent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Digital Coupon Print Driver => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
    MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    MSCONFIG\startupreg: GUSDelayStartup => "C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe" -delayrun
    MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
    MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
    MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{E46F67B5-F17D-42D2-A51C-08F60D2C3386}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{508CD570-56EC-4C82-B388-E8853878908C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{4EDB3F82-6E28-491E-8524-964FE0072114}] => (Allow) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
    FirewallRules: [{3DDD59F3-C988-4B18-9003-949C6789703C}] => (Allow) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
    FirewallRules: [{E3F4599F-3B73-4344-9436-DCFF4CE0C759}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kohan II\k2.exe
    FirewallRules: [{8AE4A887-0A8E-48DA-B41D-1858636E80B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kohan II\k2.exe
    FirewallRules: [{E82BC8DC-58F3-4C26-BDA6-AF80D6E704B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Solar 2\Solar2.exe
    FirewallRules: [{E47BA479-9544-48AC-A8FF-145187672DD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Solar 2\Solar2.exe
    FirewallRules: [{AE974F87-20A4-4505-A0D8-5E252013E3F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{EBD9B1E1-F374-4B43-91A0-4A9F7D0E2DBC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Pirates and Zombies\SpazGame.exe
    FirewallRules: [{A4357CCB-2499-4866-8201-D1116BD84EDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
    FirewallRules: [{CAEF874A-CBA0-41DC-ADEE-648ACC95AA07}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
    FirewallRules: [{486411FB-F3A3-4757-BCCE-69EB1120DC52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gratuitous Space Battles\GSB.exe
    FirewallRules: [{CB4322EF-B3E9-470E-ADBD-6DD38FFBCF1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gratuitous Space Battles\GSB.exe
    FirewallRules: [TCP Query User{3A7954DE-1F1A-4FAC-B66C-1A0FDBCF43AC}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe
    FirewallRules: [UDP Query User{7C199E95-DA62-4253-B3A7-5EB02228DF1B}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe
    FirewallRules: [{29076443-9E06-4B34-A701-079DA38B1893}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{7470F852-302D-403B-9BBE-5C877DFE4919}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{9697F610-0DFC-45C5-B929-215D37ECDB98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{4E13CFF1-364A-4767-A2A1-08B0B7FDF309}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
    FirewallRules: [{F1721A58-7004-494A-8173-7F8EA83A7CAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{62F8649B-3036-4A2A-8344-F1AF6E82AC64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
    FirewallRules: [{481F0CA0-FB84-4D87-B145-F0C8EC14F4B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{258F0C20-8207-4D52-B7B8-A663EC60BF79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{C16EF4FF-2959-40F6-99B1-5378BC8741C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{E56E71A6-8965-4EAE-A947-D30917496553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{1AB7989A-36C2-4A1B-896B-49961D85D661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{961B6290-3FB0-4368-A528-940B42E8958C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
    FirewallRules: [{BB82A730-23BF-4323-A476-3343B7CCF9FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
    FirewallRules: [{2EBA16A3-A4D0-421D-BEC2-E1CDEAA6D232}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
    FirewallRules: [{358AA6E3-A8DD-4F26-99B4-0DA958EC0A57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe
    FirewallRules: [{FD88B655-6648-42E1-BABE-65000A04FDF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe
    FirewallRules: [{AA55F348-548D-46B9-8379-AE9E3F4DFB20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{ED65B93F-124F-461F-969E-F7C98FCE08A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
    FirewallRules: [{1A7DDE66-C922-4DEE-831B-A867B782A66F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
    FirewallRules: [{37F6141E-BF98-4178-BA00-FF6FC98448F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
    FirewallRules: [TCP Query User{5AF36791-B054-48DB-947F-8EAA24C0AF76}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{2C4546C6-4BA1-496D-9360-6A2161C3DCB2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [{C908501F-3E96-4E4C-8002-3E814B88A9C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{5110C5FB-06C3-40DD-985E-E72FAAE85BFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
    FirewallRules: [{70F7E406-4903-4A3C-97CC-36D52EA533E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{EB4758EF-1D39-4954-B790-8D785C4227BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
    FirewallRules: [{8591E085-BA3A-474D-8FC6-7200CAF7C0D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{79FB84D7-EC52-47D9-B07A-A39554643EFD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{BF869C9F-1C8C-4B37-B57E-E4DB3B5C27DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarDrive\StarDrive.exe
    FirewallRules: [{8A809832-37E8-40C1-919F-1C0EAD145C41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarDrive\StarDrive.exe
    FirewallRules: [{1DB84C23-2B02-4135-9DE8-9EFE61FA5BA0}] => (Allow) C:\Program Files (x86)\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe
    FirewallRules: [{4FDB2F03-58CC-43B4-91C4-2FDBD19F25F0}] => (Allow) C:\Program Files (x86)\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe
    FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
    FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
    FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
    FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
    FirewallRules: [TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
    FirewallRules: [UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
    FirewallRules: [{72052803-7B75-40BE-8D86-14BFCFD1822F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7CD4E2A5-4C28-4912-BE3A-B6037E08523D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{29D49649-9CA5-4929-8C36-A486852D0325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Godus\windows\godus.exe
    FirewallRules: [{9A969AFC-9998-4192-B15E-A8A1F128C09F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Godus\windows\godus.exe
    FirewallRules: [{E261AF3C-A819-4DB0-AD92-DB9269AC79F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
    FirewallRules: [{5EE58E85-12F4-4B30-8136-005CD07BD839}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
    FirewallRules: [{A68E632D-8C4E-4823-9E24-079587455258}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{9D71F4A6-34E2-4A15-850E-EBCB32B1FAF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FEEE6240-0861-4746-B967-D1AB72E72427}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E92B0B04-44DE-4C6A-928F-E7C5B4016ECC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{AC496D9A-8BF8-4248-894D-47CE6C8B5EAD}] => (Allow) LPort=15600
    FirewallRules: [{3DC2A320-23BB-46DF-83DC-95CA93CBDC1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Last Federation\LastFederation.exe
    FirewallRules: [{4F9556FE-94AD-460C-85E6-78701FCAA251}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Last Federation\LastFederation.exe
    FirewallRules: [{7CFDE7D4-1923-4D81-9FD6-D1C25C16E51D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geneforge 5\Geneforge 5.exe
    FirewallRules: [{8C771004-F304-44E0-82A5-223E9FC0E845}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geneforge 5\Geneforge 5.exe
    FirewallRules: [{21ECCE07-DD71-4C3A-9C7A-8C0EF2C61119}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DB232E0B-4EEA-40FA-8C55-576CC4C468DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starion Tactics\Starion.exe
    FirewallRules: [{8FD0BDCF-9271-4DC2-AEBF-24952ACA6679}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starion Tactics\Starion.exe
    FirewallRules: [{DD2AF949-649B-464C-82DB-63B1A0355CF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
    FirewallRules: [{D301F4EB-9D28-4CC1-9DFE-BBEA25008DF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
    FirewallRules: [{99655471-3697-4649-BDD2-5CBEEA404BDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [{5D416A5C-417A-4AC0-AF80-A6D617CFC8C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\abyss_odyssey\Binaries\Win32\AO.exe
    FirewallRules: [TCP Query User{F33F4B02-F5C8-4A26-8AFC-9AEE9F5F9335}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [UDP Query User{7E3A717F-372F-4CBD-BD9B-5328EDBD69AF}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
    FirewallRules: [{5A686B01-3D5F-425E-95B0-AE5966A5F9F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{4339D665-2CF9-4291-B933-45C3016AAA42}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
    FirewallRules: [{739DBFCB-63BE-4BC6-A881-D782B2B6435C}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe

    ==================== Faulty Device Manager Devices =============

    Name: Programmable Root Enumerator
    Description: Programming Support
    Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
    Manufacturer: Mad Catz
    Service: SaiNtBus
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: AMD IO Driver
    Description: AMD IO Driver
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: AMD, Inc
    Service: amdiox64
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

    Name: Communications Port (COM1)
    Description: Communications Port
    Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard port types)
    Service: Serial
    Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
    Resolution: The start type for this driver is set to disabled in the registry.
    Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/24/2015 11:59:54 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhost (1624) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Trent\AppData\Local\Microsoft\Windows\WebCache\V0100021.log.

    Error: (10/24/2015 09:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: viaaud.exe, version: 10.8.0.20, time stamp: 0x5004dbcf
    Faulting module name: viaaud.exe, version: 10.8.0.20, time stamp: 0x5004dbcf
    Exception code: 0xc0000417
    Fault offset: 0x0000000000161370
    Faulting process id: 0x848
    Faulting application start time: 0xviaaud.exe0
    Faulting application path: viaaud.exe1
    Faulting module path: viaaud.exe2
    Report Id: viaaud.exe3

    Error: (10/22/2015 12:54:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Tl.exe, version: 9.918.101.1, time stamp: 0x561dd042
    Faulting module name: libdb48.dll, version: 4.0.8.24, time stamp: 0x4a970384
    Exception code: 0xc0000005
    Fault offset: 0x00041de8
    Faulting process id: 0x114c
    Faulting application start time: 0xTl.exe0
    Faulting application path: Tl.exe1
    Faulting module path: Tl.exe2
    Report Id: Tl.exe3

    Error: (10/18/2015 07:40:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

    Details:
    Could not query the status of the EventSystem service.

    System Error:
    A system shutdown is in progress.
    .

    Error: (10/18/2015 07:22:28 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description:

    Error: (10/18/2015 07:22:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:

    Error: (10/18/2015 07:20:27 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description:

    Error: (10/18/2015 07:20:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
    Description:

    Error: (10/18/2015 07:20:04 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\Trent\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

    Error: (10/16/2015 12:11:30 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: 9y2q50pm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
    Faulting module name: 9y2q50pm.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
    Exception code: 0xc0000005
    Fault offset: 0x0008d93e
    Faulting process id: 0xdb4
    Faulting application start time: 0x9y2q50pm.exe0
    Faulting application path: 9y2q50pm.exe1
    Faulting module path: 9y2q50pm.exe2
    Report Id: 9y2q50pm.exe3


    System errors:
    =============
    Error: (10/25/2015 06:53:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (10/25/2015 06:50:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (10/25/2015 06:49:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (10/25/2015 06:49:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (10/25/2015 06:45:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (10/25/2015 06:36:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (10/25/2015 12:48:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Steam Client Service service failed to start due to the following error:
    %%1053

    Error: (10/25/2015 12:48:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

    Error: (10/25/2015 12:05:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (10/25/2015 12:05:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2015-10-25 18:49:51.634
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-10-25 18:49:51.525
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-10-25 18:49:51.400
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-10-25 18:49:51.322
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-09-01 19:52:25.933
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-09-01 19:52:25.887
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-6100 Six-Core Processor
    Percentage of memory in use: 10%
    Total physical RAM: 8148.68 MB
    Available physical RAM: 7253.72 MB
    Total Virtual: 16297.36 MB
    Available Virtual: 15048.51 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.54 GB) (Free:105.42 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Thanks much. I have already noticed things running normally, even prior to today.

    Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
    Ran by Trent (2015-10-26 17:43:53) Run:1
    Running from C:\Users\Trent\Desktop
    Loaded Profiles: Trent (Available Profiles: Trent)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S4 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S4 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S4 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S4 NVHDA; system32\drivers\nvhda64v.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
    2013-10-31 19:19 - 2013-10-31 19:19 - 0000037 ___SH () C:\Users\Trent\AppData\Local\70149b02515b3bb20dd492.47983420
    2015-10-02 21:55 - 2015-10-02 21:55 - 0005216 _____ () C:\Users\Trent\AppData\Local\recently-used.xbel
    2013-05-19 23:19 - 2015-09-28 04:34 - 0007619 _____ () C:\Users\Trent\AppData\Local\Resmon.ResmonCfg
    2013-11-19 14:41 - 2013-11-19 14:41 - 0000057 _____ () C:\ProgramData\Ament.ini
    Task: {850D76C4-4B7F-4FC8-AE95-BCF739B1855C} - \Adobe Acrobat Update Task -> No File <==== ATTENTION

    *****************

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@Motive.com/NpMotive,version=1.1" => key removed successfully
    catchme => service removed successfully
    MREMP50 => service removed successfully
    MREMP50a64 => service removed successfully
    MREMPR5 => service removed successfully
    MRENDIS5 => service removed successfully
    MRESP50 => service removed successfully
    MRESP50a64 => service removed successfully
    NVHDA => service removed successfully
    nvvad_WaveExtensible => service removed successfully
    C:\Users\Trent\AppData\Local\70149b02515b3bb20dd492.47983420 => moved successfully
    C:\Users\Trent\AppData\Local\recently-used.xbel => moved successfully
    C:\Users\Trent\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\ProgramData\Ament.ini => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{850D76C4-4B7F-4FC8-AE95-BCF739B1855C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{850D76C4-4B7F-4FC8-AE95-BCF739B1855C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully

    ==== End of Fixlog 17:43:54 ====
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good news :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  16. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Results of screen317's Security Check version 1.009
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 45
    Java version 32-bit out of Date!
    Adobe Flash Player 19.0.0.226
    Adobe Reader XI
    Mozilla Firefox (41.0.2)
    Mozilla Thunderbird (38.3.0)
    Google Chrome (46.0.2490.80)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  17. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Farbar Service Scanner (FSS):

    Farbar Service Scanner Version: 26-07-2015
    Ran by Trent (administrator) on 26-10-2015 at 21:20:38
    Running from "C:\Users\Trent\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  18. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    2015-10-27 02:31:31.824 Sophos Virus Removal Tool version 2.5.4
    2015-10-27 02:31:31.824 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-10-27 02:31:31.824 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-10-27 02:31:31.824 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
    2015-10-27 02:31:31.824 Checking for updates...
    2015-10-27 02:31:34.710 Update progress: proxy server not available
    2015-10-27 02:31:40.669 Option all = no
    2015-10-27 02:31:40.669 Option recurse = yes
    2015-10-27 02:31:40.669 Option archive = no
    2015-10-27 02:31:40.669 Option service = yes
    2015-10-27 02:31:40.669 Option confirm = yes
    2015-10-27 02:31:40.669 Option sxl = yes
    2015-10-27 02:31:40.669 Option max-data-age = 35
    2015-10-27 02:31:40.669 Option EnableSafeClean = yes
    2015-10-27 02:31:42.135 Option vdl-logging = yes
    2015-10-27 02:31:42.151 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-10-27 02:31:42.151 Machine ID: 7c9052509e3844fe87882f6d7a4d29c5
    2015-10-27 02:31:42.151 Component SVRTcli.exe version 2.5.4
    2015-10-27 02:31:42.151 Component control.dll version 2.5.4
    2015-10-27 02:31:42.151 Component SVRTservice.exe version 2.5.4
    2015-10-27 02:31:42.151 Component engine\osdp.dll version 1.44.1.2230
    2015-10-27 02:31:42.151 Component engine\veex.dll version 3.63.0.2230
    2015-10-27 02:31:42.151 Component engine\savi.dll version 9.0.0.2230
    2015-10-27 02:31:42.151 Component rkdisk.dll version 1.5.30.0
    2015-10-27 02:31:42.151 Version info: Product version 2.5.4
    2015-10-27 02:31:42.151 Version info: Detection engine 3.63.0
    2015-10-27 02:31:42.151 Version info: Detection data 5.20
    2015-10-27 02:31:42.151 Version info: Build date 10/13/2015
    2015-10-27 02:31:42.151 Version info: Data files added 201
    2015-10-27 02:31:42.151 Version info: Last successful update (not yet updated)
    2015-10-27 02:32:00.169 Downloading updates...
    2015-10-27 02:32:00.278 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-10-27 02:32:00.278 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-10-27 02:32:00.278 Update progress: [I49502] Found supplement IDE521 LATEST
    2015-10-27 02:32:00.278 Update progress: [I49502] Found supplement IDE522 LATEST
    2015-10-27 02:32:00.278 Update progress: [I49502] Found supplement IDE523 LATEST
    2015-10-27 02:32:00.278 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-10-27 02:32:00.278 Update progress: [I19463] Syncing product SAVIW32 61
    2015-10-27 02:32:00.855 Update progress: [I19463] Syncing product IDE521 142
    2015-10-27 02:32:01.916 Installing updates...
    2015-10-27 02:32:02.727 Error level 1
    2015-10-27 02:32:02.743 Update progress: [I19463] Syncing product IDE522 61
    2015-10-27 02:32:02.743 Update progress: [I19463] Syncing product IDE523 1
    2015-10-27 02:32:35.269 Update successful
    2015-10-27 02:33:04.316 Option all = no
    2015-10-27 02:33:04.316 Option recurse = yes
    2015-10-27 02:33:04.316 Option archive = no
    2015-10-27 02:33:04.316 Option service = yes
    2015-10-27 02:33:04.316 Option confirm = yes
    2015-10-27 02:33:04.316 Option sxl = yes
    2015-10-27 02:33:04.316 Option max-data-age = 35
    2015-10-27 02:33:04.316 Option EnableSafeClean = yes
    2015-10-27 02:33:05.533 Option vdl-logging = yes
    2015-10-27 02:33:05.533 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-10-27 02:33:05.533 Machine ID: 7c9052509e3844fe87882f6d7a4d29c5
    2015-10-27 02:33:05.533 Component SVRTcli.exe version 2.5.4
    2015-10-27 02:33:05.533 Component control.dll version 2.5.4
    2015-10-27 02:33:05.533 Component SVRTservice.exe version 2.5.4
    2015-10-27 02:33:05.533 Component engine\osdp.dll version 1.44.1.2230
    2015-10-27 02:33:05.533 Component engine\veex.dll version 3.63.0.2230
    2015-10-27 02:33:05.533 Component engine\savi.dll version 9.0.0.2230
    2015-10-27 02:33:05.533 Component rkdisk.dll version 1.5.30.0
    2015-10-27 02:33:05.533 Version info: Product version 2.5.4
    2015-10-27 02:33:05.533 Version info: Detection engine 3.63.0
    2015-10-27 02:33:05.533 Version info: Detection data 5.20
    2015-10-27 02:33:05.533 Version info: Build date 10/13/2015
    2015-10-27 02:33:05.533 Version info: Data files added 201
    2015-10-27 02:33:05.533 Version info: Last successful update 10/26/2015 9:32:35 PM

    2015-10-27 03:00:10.839 Could not open C:\hiberfil.sys
    2015-10-27 03:00:10.854 Could not open C:\pagefile.sys
    2015-10-27 03:25:46.445 Could not open C:\System Volume Information\{157108de-7ad5-11e5-b8ff-94de80276d78}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-10-27 03:25:46.445 Could not open C:\System Volume Information\{157108fa-7ad5-11e5-b8ff-94de80276d78}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-10-27 03:25:46.445 Could not open C:\System Volume Information\{157109f6-7ad5-11e5-b8ff-94de80276d78}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-10-27 03:25:46.445 Could not open C:\System Volume Information\{33cefa3f-7a2c-11e5-8062-94de80276d78}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-10-27 03:25:46.445 Could not open C:\System Volume Information\{33cefa43-7a2c-11e5-8062-94de80276d78}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-10-27 03:25:46.445 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-10-27 03:25:46.445 Could not open C:\System Volume Information\{47dcbfe4-7c3b-11e5-86a2-94de80276d78}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-10-27 03:30:32.534 >>> Virus 'Mal/Wonton-BB' found in file C:\Users\Trent\Desktop\New folder (6)\bootkit_remover\boot_cleaner.exe
    2015-10-27 03:30:32.534 >>> Virus 'Mal/Wonton-BB' found in file HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-10-27 03:30:32.534 >>> Virus 'Mal/Wonton-BB' found in file HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-10-27 03:30:32.534 >>> Virus 'Mal/Wonton-BB' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-10-27 04:08:46.194 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-10-27 04:08:46.194 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-10-27 04:08:56.224 Could not open C:\Windows\System32\config\COMPONENTS
    2015-10-27 04:08:56.412 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-10-27 04:08:56.443 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-10-27 04:08:56.490 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-10-27 04:08:56.536 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-10-27 04:08:56.614 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-10-27 04:38:17.609 The following items will be cleaned up:
    2015-10-27 04:38:17.640 Mal/Wonton-BB
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    What happened to MSE?
    Did you uninstall it?

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.
     
  20. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Since I'd have to disable it to run the other software, I've not reinstalled MSE. I am debating what to replace it with.

    Java isn't installed on my default browser at all; I do not use it, it's on IE x32 only which is never used. However I shall update it. I've not used the 64 bit browser; bad enough having one Java, prefer not to install a 2nd one.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You have to install some AV program right away.
    Other than that...

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The issue seems to be resolved.
     
  23. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Hello.. thanks for all your help, but I stated having issues right afterwards. It's like it re installed. I have done some manual checking, found some questionable things (tool bar, etc) in the registry that are gone now.. but it is very sluggish again. I just got so angry at it I didn't want to deal with it anymore for a while.

    I do know that upon start up, there is a ton of CPU usage.

    Also sent you a bit via PP.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run RogueKiller, MBAM, AdwCleaner and JRT.
    Post all logs.
     
  25. Ordog28

    Ordog28 TS Member Topic Starter Posts: 30

    Thx much!

    Rogue Killer:
    RogueKiller V10.11.5.0 [Nov 9 2015] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Trent [Administrator]
    Started from : C:\Users\Trent\Desktop\11102015\RogueKiller.exe
    Mode : Scan -- Date : 11/11/2015 12:28:04

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
    2 - Basic data partition | Offset (sectors): 468992 | Size: 476711 MB
    User = LL1 ... OK
    User = LL2 ... OK
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...