Solved Game.EXE Bad Image Error

Moonspell · May 25, 2015

Hi
I have a serious problem in Windows 7 Service Pack 1 64bit
When I run the any game, two or three times on the error, and after a few minutes to play, the game will hang
These programs also got tested, but that does not work
SpyHunter
malwarebytes
ccleaner

Error Image

Broni · May 25, 2015

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Moonspell · May 26, 2015

Tnx for answering
about antivirus, I have Baidu Antivirus and always scan my computer with this
if its not good antivirus I uninstall it and install avast

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Moonspelll (administrator) on MOONSPELL on 26-05-2015 08:27:45
Running from E:\Downloads\Programs
Loaded Profiles: Moonspelll (Available Profiles: Moonspelll)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe
(BitTorrent Inc.) C:\Users\Moonspelll\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BavTray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3351\bas_helper.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\bavhm.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\SysOptEngineSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\PC Faster\5.1.0.0\CleanerEngineSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-17] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BavTray.exe [1988080 2015-04-29] (Baidu, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2013-08-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Baidu PC Faster 5.1.0.0] => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-14] (Baidu, Inc.)
HKLM-x32\...\Run: [Baidu PC Faster 4.0.0.0] => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-14] (Baidu, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [uTorrent] => C:\Users\Moonspelll\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-07] (BitTorrent Inc.)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\MountPoints2: D - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\MountPoints2: K - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\MountPoints2: {0f13546f-52c1-11e4-b155-1c6f65345fae} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\MountPoints2: {1a7ed7d6-4aac-11e4-8a6f-1c6f65345fae} - G:\setup.exe
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\MountPoints2: {4364e233-998e-11e4-a485-1c6f65345fae} - K:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\MountPoints2: {c522a586-4b09-11e4-8e25-1c6f65345fae} - K:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: => File not found
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BavShx64.dll [2015-04-29] (Baidu, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main,Start Page =KEYCODE
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UAE - Outlook.com formerly Hotmail, Skype, Bing and Latest News
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2407973311-3509357600-1588227675-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-11] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-10-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Extension: anonymoX - C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default\Extensions\client@anonymox.net.xpi [2014-10-19]
FF Extension: Access FreeNetI - C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default\Extensions\info@freeneti.com.xpi [2014-10-19]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-20]
FF HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5 [2015-05-22]
FF HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Webpage Screenshot) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-10-03]
CHR Extension: (Google Search) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-05-20]
CHR Extension: (Google Sheets) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (AdBlock) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-03]
CHR Extension: (No Name) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhiefdhfagmopanfdhcboijgjacllafi [2014-10-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03]
CHR Extension: (IDM Integration Module) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjgffenlaenblicaimjjhenpigegidh [2015-05-22]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-05-17]
CHR Extension: (Gmail) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] -https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3351\bassvc.exe [208928 2014-10-17] (Baidu, Inc.)
R2 BavSvc; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BavSvc.exe [2572928 2015-04-29] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BdSandboxSrv64.exe [264736 2015-01-08] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BHipsSvc.exe [531232 2015-04-29] (Baidu, Inc.)
S3 BsrSvc; C:\Program Files (x86)\PC Faster\5.1.0.0\System Repair\BsrSvc.exe [3147624 2015-04-01] (Baidu, Inc.)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-05-06] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
S3 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1169704 2015-05-19] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96688 2015-05-19] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589608 2015-05-19] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) []
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () []
S3 PCAppStoreSvc_{PCAppStore_5.0.1.8490}; C:\Program Files (x86)\PC App Store\5.0.1.8490\PCAppStoreSvc.exe [571424 2015-01-12] (Baidu Inc.)
R2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448 2015-05-14] (Baidu, Inc.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSSQLSERVER; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [X]
S3 SparkSafeUpdater; C:\Program Files (x86)\Baidu\SparkSafeUpdate\SparkUpdate.exe [X]
S2 SparkSecuritySvc; "C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe" -r [X]
S2 SparkSvc; "C:\Program Files (x86)\baidu\Spark\sparkservice.exe" -r [X]
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [X]
S4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R3 Baidu PC Faster FileShredder; C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [21824 2013-03-19] ()
U3 BdApiUtil; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BdApiUtil64.sys [116936 2015-04-29] (Baidu, Inc.)
R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-04-20] ()
U3 BdCameraProtect; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BdCameraProtect64.sys [25032 2015-04-29] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [232440 2015-01-08] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2015-04-29] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2015-04-29] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2015-04-29] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2015-04-29] (Baidu, Inc.)
R3 BNmon; C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\Bnmon64.sys [82376 2015-04-29] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [169416 2015-04-29] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [93512 2015-04-01] (Baidu, Inc.)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-03] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-11-03] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
U0 msahci; No ImagePath
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PCFApiUtil; C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [144648 2015-04-01] (Baidu, Inc.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-16] (Synaptics Incorporated)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S2 TBPanel; No ImagePath
S3 esgiguard; \??\E:\Downloads\Programs\SpyHunter.4.18.9.4384.Portable\SpyHunter\esgiguard.sys [X]
S3 HWiNFO32; \??\C:\Users\MOONSP~1\AppData\Local\Temp\HWiNFO64A.SYS [X]
S0 teaqr; System32\drivers\jolggb.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U4 vsserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Moonspell · May 26, 2015

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 08:23 - 2015-05-26 08:27 - 00000000 ____D () C:\FRST
2015-05-26 08:21 - 2015-05-26 08:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\NVIDIA
2015-05-26 02:32 - 2015-05-26 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-26 02:31 - 2015-05-26 02:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 02:31 - 2015-05-12 07:04 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-26 02:29 - 2015-05-13 11:22 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-26 02:29 - 2015-05-13 11:22 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-26 02:29 - 2015-05-13 11:22 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-26 02:29 - 2015-05-12 10:57 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-26 02:29 - 2014-11-22 15:16 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-26 02:29 - 2014-11-22 15:16 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-05-26 02:29 - 2014-11-22 15:16 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-26 02:16 - 2015-05-12 08:00 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-26 02:16 - 2015-05-11 21:31 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-26 01:39 - 2015-05-26 01:41 - 00042545 _____ () C:\Users\Moonspelll\Downloads\Gm-Of-Thrns-S05E07_IMDB-DL.rar
2015-05-26 01:39 - 2015-05-26 01:40 - 00040857 _____ () C:\Users\Moonspelll\Downloads\Pnny-Drdfl-S02E04_IMDB-DL.rar
2015-05-26 01:10 - 2015-05-26 01:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-26 01:00 - 2015-05-26 01:07 - 00000000 ____D () C:\Users\Moonspelll\Desktop\program data
2015-05-26 00:53 - 2015-05-26 00:54 - 00000000 ____D () C:\Users\Moonspelll\Desktop\dungeon
2015-05-25 23:06 - 2015-05-25 23:06 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\NVIDIA
2015-05-25 21:31 - 2015-05-25 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 20:11 - 2015-05-26 02:06 - 00005828 _____ () C:\Windows\PFRO.log
2015-05-25 18:02 - 2015-05-25 18:02 - 01228771 _____ () C:\ProgramData\1432525954.bdinstall.bin
2015-05-25 08:23 - 2015-05-25 10:53 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-05-25 08:23 - 2015-05-25 08:23 - 00000000 ____D () C:\Program Files\Bitdefender
2015-05-25 08:23 - 2015-05-25 08:23 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin32.dll
2015-05-25 08:23 - 2014-12-02 16:37 - 00084336 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2015-05-25 08:23 - 2014-12-02 13:37 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2015-05-25 08:22 - 2015-05-25 10:53 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-05-25 08:22 - 2015-05-25 08:22 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\QuickScan
2015-05-24 23:48 - 2015-05-24 23:48 - 00000319 _____ () C:\Users\Moonspelll\Downloads\bra.rar
2015-05-24 22:07 - 2015-05-21 00:33 - 00000000 ___RD () C:\Users\Moonspelll\Downloads\The.Witcher.3.Wild.Hunt
2015-05-24 22:06 - 2015-05-24 22:07 - 02379756 _____ () C:\Users\Moonspelll\Downloads\The.Witcher.3.Wild.Hunt.7z
2015-05-24 21:51 - 2015-05-20 10:13 - 02097664 _____ (LinGon) C:\Users\Moonspelll\Downloads\TheWitcher3_WH+14Tr-LNG_v1.02.exe
2015-05-24 21:51 - 2015-04-18 16:40 - 00006351 _____ () C:\Users\Moonspelll\Downloads\TheWitcher3_WH+14Tr-LNG_v1.02 - INFO.txt
2015-05-24 21:49 - 2015-05-24 21:50 - 01871390 _____ () C:\Users\Moonspelll\Downloads\TheWitcher3-WH-14Tr.rar
2015-05-24 21:38 - 2015-05-24 21:49 - 00000000 ____D () C:\Users\Moonspelll\Downloads\The Witcher 3 - Wild Hunt 1.03 +19 Trainer
2015-05-24 20:12 - 2015-05-26 02:40 - 00119059 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 19:18 - 2015-05-26 02:37 - 00001494 _____ () C:\Windows\setupact.log
2015-05-24 19:18 - 2015-05-24 19:19 - 00000000 ____D () C:\ProgramData\Baidu
2015-05-24 19:18 - 2015-05-24 19:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-24 19:15 - 2015-05-26 01:48 - 00000000 ____D () C:\AdwCleaner
2015-05-24 19:14 - 2015-05-24 19:15 - 02223104 _____ () C:\Users\Moonspelll\Downloads\adwcleaner_4.205.exe
2015-05-24 18:15 - 2015-05-26 02:59 - 00000573 _____ () C:\Windows\Tasks\RegCure Pro_sch_22C02BE9-021B-11E5-9D20-1C6F65345FAE.job
2015-05-24 18:15 - 2015-05-26 02:36 - 00000470 _____ () C:\Windows\Tasks\RegCure Pro Startup.job
2015-05-24 18:15 - 2015-05-25 18:15 - 00000452 _____ () C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job
2015-05-24 18:15 - 2015-05-24 18:15 - 00004018 _____ () C:\Windows\System32\Tasks\RegCure Pro_sch_22C02BE9-021B-11E5-9D20-1C6F65345FAE
2015-05-24 18:15 - 2015-05-24 18:15 - 00002940 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3_triggeronce
2015-05-24 18:15 - 2015-05-24 18:15 - 00002802 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-24 18:15 - 2015-05-24 18:15 - 00002634 _____ () C:\Windows\System32\Tasks\RegCure Pro Startup
2015-05-24 08:27 - 2015-05-24 08:27 - 00026629 _____ () C:\spyhunter.fix
2015-05-24 08:27 - 2014-10-25 10:07 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe
2015-05-24 00:11 - 2015-05-24 00:12 - 00003310 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-23 22:52 - 2015-05-23 22:52 - 00000000 _____ () C:\autoexec.bat
2015-05-23 22:51 - 2015-05-23 23:36 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Enigma Software Group
2015-05-23 19:07 - 2015-05-26 07:49 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 19:05 - 2015-05-23 19:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 19:05 - 2015-05-23 19:05 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 19:05 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 19:05 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 19:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 18:35 - 2015-05-23 19:30 - 00000000 ____D () C:\ProgramData\BCloudScan_exe
2015-05-23 00:46 - 2015-05-23 00:46 - 00000212 _____ () C:\Users\Moonspelll\Desktop\fffffhhf.txt
2015-05-22 19:04 - 2015-05-22 19:04 - 00000984 _____ () C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk
2015-05-22 18:55 - 2015-05-01 21:21 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-22 18:55 - 2015-05-01 21:21 - 01316000 _____ () C:\Windows\SysWOW64\nvspbridge.dll
2015-05-22 18:55 - 2015-05-01 21:20 - 01756424 _____ () C:\Windows\system32\nvspbridge64.dll
2015-05-22 18:55 - 2015-05-01 21:20 - 01570672 _____ () C:\Windows\system32\nvspcap64.dll
2015-05-22 11:30 - 2015-04-11 07:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-22 10:51 - 2015-05-26 08:21 - 00000000 ____D () C:\Users\Moonspelll\Documents\The Witcher 3
2015-05-22 10:51 - 2015-05-24 08:32 - 00000000 ____D () C:\Users\Moonspelll\Desktop\The Witcher 3
2015-05-21 19:31 - 2015-05-22 19:06 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-05-21 19:29 - 2014-06-15 15:18 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2015-05-21 19:29 - 2014-06-15 15:18 - 00450560 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\mss32.dll
2015-05-21 19:29 - 2014-06-15 15:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEShims.dll
2015-05-21 19:29 - 2014-06-15 15:10 - 00176128 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw32.dll
2015-05-20 22:34 - 2015-05-12 10:57 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\SET34E3.tmp
2015-05-20 22:34 - 2015-05-12 10:57 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET45B8.tmp
2015-05-20 22:34 - 2015-05-12 10:57 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\SET42C3.tmp
2015-05-20 22:19 - 2015-05-22 10:41 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nvidia GeForce Game Ready Driver
2015-05-20 21:21 - 2015-05-20 21:21 - 00001059 _____ () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LangOver 5.lnk
2015-05-20 21:21 - 2015-05-20 21:21 - 00001029 _____ () C:\Users\Moonspelll\Desktop\LangOver.lnk
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LangOver 5
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\LangOver.com
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Program Files (x86)\LangOver
2015-05-20 21:18 - 2015-05-20 21:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-20 21:15 - 2015-05-20 21:15 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-05-20 21:14 - 2015-05-20 21:14 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-05-20 21:14 - 2015-05-20 21:14 - 00002055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-05-20 21:14 - 2015-05-20 21:14 - 00002032 _____ () C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-05-20 21:13 - 2015-05-20 21:20 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-20 21:13 - 2015-05-20 21:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-20 18:27 - 2015-05-20 17:25 - 00197616 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-05-19 22:38 - 2015-05-19 22:38 - 00000017 _____ () C:\Users\Moonspelll\Desktop\nngcngcngc.txt
2015-05-17 18:39 - 2015-05-18 18:11 - 14503936 _____ () C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb
2015-05-17 18:38 - 2015-05-17 18:38 - 00001197 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Business 2015i.lnk
2015-05-17 18:38 - 2015-05-17 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2015-05-17 18:38 - 2015-05-17 18:38 - 00000000 ____D () C:\Program Files\SiSoftware
2015-05-17 08:56 - 2015-05-17 08:56 - 00002321 _____ () C:\Users\Moonspelll\Desktop\Chrome App Launcher.lnk
2015-05-17 08:56 - 2015-05-17 08:56 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-17 00:06 - 2015-05-17 00:06 - 00000000 ____D () C:\Users\Moonspelll\Documents\3DMarkFarandole
2015-05-16 22:42 - 2015-05-16 22:42 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-05-16 19:46 - 2015-05-16 19:46 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor.lnk
2015-05-16 19:46 - 2015-05-16 19:46 - 00001100 _____ () C:\Users\Public\Desktop\Infix PDF Editor.lnk
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Aspell
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor 6
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Aspell
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Program Files (x86)\Iceni
2015-05-15 23:06 - 2015-05-25 20:29 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2015-05-15 23:06 - 2015-05-16 01:00 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\thriXXX
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D () C:\ProgramData\thriXXX
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D () C:\Program Files (x86)\thriXXX
2015-05-15 01:30 - 2015-05-01 17:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 01:30 - 2015-05-01 17:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:17 - 2015-05-05 05:59 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 00:17 - 2015-05-05 05:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-15 00:17 - 2015-04-18 07:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-15 00:17 - 2015-04-18 07:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-15 00:14 - 2015-04-20 07:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 00:14 - 2015-04-20 07:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 00:14 - 2015-04-20 07:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-15 00:14 - 2015-04-20 06:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 00:09 - 2015-04-13 07:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 00:07 - 2015-04-08 07:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 00:07 - 2015-04-08 07:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-15 00:07 - 2015-04-08 07:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 00:47 - 2015-05-18 20:19 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-05-13 00:45 - 2015-05-18 20:21 - 00000000 ____D () C:\Users\Moonspelll\Documents\3DMark
2015-05-13 00:45 - 2015-05-13 00:45 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Futuremark
2015-05-13 00:44 - 2015-05-13 00:44 - 00001210 _____ () C:\Users\Public\Desktop\3DMark.lnk
2015-05-13 00:44 - 2015-05-13 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-05-13 00:44 - 2015-05-13 00:44 - 00000000 ____D () C:\Program Files\Futuremark
2015-05-12 16:42 - 2015-05-26 02:37 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-12 01:15 - 2015-05-12 01:15 - 00001458 _____ () C:\Users\Moonspelll\Desktop\aida64.exe - Shortcut.lnk
2015-05-12 01:14 - 2015-05-12 16:15 - 00000000 ____D () C:\Program Files\aida64extreme520
2015-05-12 01:02 - 2015-05-12 01:02 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2015-05-10 23:26 - 2015-05-10 23:26 - 04221101 _____ () C:\Users\Moonspelll\Desktop\Desktop.7z
2015-05-10 02:21 - 2015-05-12 17:30 - 00000104 _____ () C:\Users\Moonspelll\Desktop\t6e.txt
2015-05-09 00:41 - 2015-05-09 00:41 - 00042576 _____ (DeskSoft) C:\Windows\system32\Drivers\dsnpfd.sys
2015-05-07 19:59 - 2015-05-22 21:29 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-05-07 19:59 - 2015-04-27 23:58 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-07 19:59 - 2015-04-27 23:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-07 19:59 - 2015-04-27 23:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-07 19:59 - 2015-04-27 23:56 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-07 19:59 - 2015-04-27 23:52 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-07 19:59 - 2015-04-27 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-07 19:59 - 2015-04-27 23:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-07 19:59 - 2015-04-27 23:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:41 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-07 19:59 - 2015-04-27 23:41 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-07 19:59 - 2015-04-27 23:38 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

Moonspell · May 26, 2015

2015-05-07 19:59 - 2015-04-27 23:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-07 19:59 - 2015-04-27 23:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-07 19:59 - 2015-04-27 23:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-07 19:59 - 2015-04-27 23:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-07 19:59 - 2015-04-27 23:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-07 19:59 - 2015-04-27 22:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-07 19:59 - 2015-04-27 22:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-07 19:59 - 2015-04-27 22:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-07 19:39 - 2015-04-14 16:08 - 04664792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-05-07 19:39 - 2015-04-14 15:38 - 01736408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-05-07 19:39 - 2015-04-14 13:10 - 01303256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-05-07 19:39 - 2015-04-14 11:05 - 01990874 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-05-07 19:39 - 2015-04-13 15:44 - 00168816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-05-07 19:39 - 2015-04-09 13:30 - 02846936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-05-07 19:39 - 2015-03-19 09:50 - 02907864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-05-07 19:39 - 2015-03-10 14:34 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-05-07 19:39 - 2015-01-19 14:40 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-05-07 19:39 - 2014-12-02 15:12 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-05-07 19:39 - 2014-11-11 10:14 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-05-07 19:39 - 2014-05-22 12:54 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-05-07 19:39 - 2013-06-21 07:31 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-05-07 19:39 - 2012-08-31 15:48 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-05-07 19:39 - 2011-12-20 12:02 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-05-07 19:39 - 2011-11-22 12:58 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-05-07 19:38 - 2015-03-11 14:34 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-05-07 19:32 - 2015-05-07 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2015-05-07 17:47 - 2015-05-07 17:47 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\ExtremeCopy
2015-05-07 17:10 - 2015-05-07 17:10 - 00000000 ____D () C:\Program Files\Intel
2015-05-07 16:59 - 2015-05-07 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp
2015-05-07 16:59 - 2009-07-14 05:45 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difx70fc.rra
2015-05-07 16:57 - 2015-01-15 11:12 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-07 16:57 - 2015-01-15 11:12 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-05-07 15:17 - 2015-04-09 05:28 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\SET6CBD.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET75AE.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\SET6004.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET6F05.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\SET6AB9.tmp
2015-05-07 15:15 - 2015-02-20 02:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-07 15:15 - 2015-02-20 02:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-07 15:10 - 2010-05-06 14:56 - 00023693 _____ () C:\Windows\system32\deleteme.txt-nv16563
2015-05-06 03:13 - 2015-05-07 15:02 - 00000000 ____D () C:\ProgramData\DriverGenius
2015-05-06 03:13 - 2009-07-14 05:45 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difxcec2.rra
2015-05-06 03:12 - 2012-09-17 15:05 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2015-05-06 03:11 - 2015-05-06 03:11 - 00001211 _____ () C:\Users\Moonspelll\Desktop\Driver Genius.lnk
2015-05-06 03:11 - 2015-05-06 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius
2015-05-06 03:11 - 2015-05-06 03:11 - 00000000 ____D () C:\Program Files (x86)\Driver-Soft
2015-05-06 02:54 - 2015-05-06 02:54 - 00000967 _____ () C:\Users\Public\Desktop\DriverEasy.lnk
2015-05-06 02:54 - 2015-05-06 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-05-06 02:43 - 2015-05-06 02:46 - 00000000 ____D () C:\ProgramData\BsrSvc_exe
2015-05-04 20:04 - 2015-05-04 20:04 - 00000199 _____ () C:\Users\Moonspelll\Desktop\4242.txt
2015-05-02 19:15 - 2015-05-02 19:15 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\.mono
2015-05-02 19:15 - 2015-05-02 19:15 - 00000000 ____D () C:\ProgramData\.mono
2015-05-02 17:04 - 2015-05-02 17:04 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Microsoft Research
2015-05-02 17:03 - 2015-05-02 17:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Research
2015-05-01 19:02 - 2015-03-04 09:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 19:02 - 2015-03-04 09:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 19:02 - 2015-03-04 09:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 19:02 - 2015-03-04 09:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 19:02 - 2015-03-04 08:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-01 19:02 - 2015-03-04 08:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-01 19:02 - 2015-03-04 08:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-01 19:00 - 2015-02-18 11:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-01 19:00 - 2015-02-18 11:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-30 19:20 - 2015-05-15 00:03 - 00000150 _____ () C:\Users\Moonspelll\Desktop\`111.txt
2015-04-29 13:47 - 2015-04-20 15:35 - 00078792 _____ () C:\Windows\system32\Drivers\bdark64.sys
2015-04-29 05:41 - 2015-05-26 02:37 - 00003807 _____ () C:\Windows\system32\HWLook.log
2015-04-29 05:41 - 2015-04-29 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 08:27 - 2015-01-11 00:43 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\uTorrent
2015-05-26 02:46 - 2015-03-06 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2015-05-26 02:45 - 2009-07-14 09:15 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 02:45 - 2009-07-14 09:15 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 02:43 - 2009-07-14 09:43 - 00916036 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 02:37 - 2014-10-03 07:15 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-26 02:36 - 2009-07-14 09:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 02:35 - 2014-10-03 07:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\DMCache
2015-05-26 02:32 - 2014-10-03 07:37 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-26 02:32 - 2014-10-03 07:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-26 02:32 - 2014-10-03 07:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-26 02:16 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\Help
2015-05-26 01:25 - 2015-02-13 06:23 - 00009541 _____ () C:\Windows\WinInit.Ini
2015-05-26 01:24 - 2014-10-16 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-26 01:12 - 2014-10-03 19:11 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-05-26 01:01 - 2015-01-07 19:58 - 00000000 ____D () C:\KMPlayer
2015-05-26 00:52 - 2014-10-03 07:50 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-05-25 20:27 - 2015-02-28 23:41 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-05-25 20:27 - 2015-02-28 23:41 - 00000000 ____D () C:\Program Files\Image-Line
2015-05-25 20:27 - 2015-02-28 23:35 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-05-25 15:02 - 2014-10-13 02:26 - 00000312 _____ () C:\Windows\Tasks\PerfectRegistry_DEFAULT.job
2015-05-24 23:47 - 2014-11-24 23:37 - 00000000 ____D () C:\Users\Moonspelll\Documents\Assassin's Creed Unity
2015-05-24 19:12 - 2014-11-15 08:06 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\TeamViewer
2015-05-24 19:12 - 2014-10-03 08:08 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\DAEMON Tools Pro
2015-05-24 19:12 - 2014-10-03 07:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 08:30 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\tracing
2015-05-23 23:24 - 2015-03-06 21:49 - 00000000 ____D () C:\Users\Moonspelll\Desktop\New folder
2015-05-23 22:18 - 2014-10-03 07:54 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Last.fm
2015-05-23 19:34 - 2010-11-21 11:46 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-05-23 19:31 - 2014-11-09 23:31 - 00000000 ____D () C:\Program Files\BurnInTest
2015-05-23 19:31 - 2014-10-19 20:28 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-22 19:20 - 2015-02-26 15:24 - 00001031 _____ () C:\Users\Moonspelll\Desktop\Internet Download Manager.lnk
2015-05-22 19:04 - 2014-10-03 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-05-22 19:04 - 2014-10-03 07:55 - 00000000 ____D () C:\Program Files\CPUID
2015-05-22 18:56 - 2014-11-03 15:42 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\NVIDIA Corporation
2015-05-22 11:34 - 2014-10-03 06:57 - 00000000 ____D () C:\Users\Moonspelll
2015-05-22 10:51 - 2014-10-03 20:09 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 19:54 - 2014-10-03 18:05 - 00899902 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-21 19:08 - 2015-04-25 17:12 - 00001066 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-05-21 19:08 - 2014-10-20 00:10 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2015-05-20 22:33 - 2015-01-18 16:29 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\ViberPC
2015-05-20 22:32 - 2015-01-18 16:45 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Viber
2015-05-20 22:26 - 2014-11-08 19:09 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Adobe
2015-05-20 22:25 - 2009-07-14 09:15 - 00413896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-20 22:19 - 2014-11-03 15:34 - 00000000 ____D () C:\Program Files\P30Day
2015-05-20 21:21 - 2015-02-08 20:16 - 00110096 _____ () C:\Users\Moonspelll\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 21:20 - 2014-10-03 07:56 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Adobe
2015-05-20 01:26 - 2014-10-13 02:26 - 00000320 _____ () C:\Windows\Tasks\PerfectRegistry_UPDATES.job
2015-05-16 16:06 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-16 04:52 - 2014-10-04 01:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-16 04:46 - 2014-10-04 01:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 11:45 - 2010-11-21 11:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 00:44 - 2014-10-03 22:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-12 10:57 - 2015-02-20 02:18 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\SET443B.tmp
2015-05-12 10:57 - 2015-02-20 02:18 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET49B3.tmp
2015-05-12 10:57 - 2015-02-20 02:18 - 00031710 _____ () C:\Windows\system32\nvinfo.pb
2015-05-11 08:40 - 2014-10-03 07:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-11 08:40 - 2012-02-15 17:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-09 01:40 - 2014-11-11 01:38 - 00000000 ____D () C:\Program Files (x86)\BWMeter
2015-05-08 19:33 - 2015-02-13 17:27 - 00000000 ____D () C:\Users\Moonspelll\Downloads\QNTAL - QNTAL VII (2014)
2015-05-07 19:41 - 2014-10-03 07:07 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-05-07 19:40 - 2014-11-26 00:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-05-07 19:37 - 2014-10-03 23:22 - 00002084 _____ () C:\Users\Moonspelll\Desktop\PC App Store.lnk
2015-05-07 19:32 - 2014-10-03 17:04 - 00000000 ____D () C:\Program Files\TeraCopy
2015-05-07 17:37 - 2014-11-27 22:51 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-05-07 16:59 - 2014-10-03 07:08 - 00000000 ____D () C:\Windows\RaidTool
2015-05-07 16:57 - 2014-10-03 07:07 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-07 15:00 - 2014-10-03 22:58 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-05-07 14:57 - 2014-10-04 17:19 - 00000000 ____D () C:\temp
2015-05-06 02:41 - 2015-01-02 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetFxmod V3.4
2015-05-06 02:41 - 2014-10-03 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-04 20:17 - 2014-10-03 07:55 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-05-04 14:06 - 2015-04-10 18:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-04 14:06 - 2015-04-10 18:07 - 00000000 ____D () C:\Program Files\Java
2015-05-04 14:05 - 2015-04-10 18:08 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-02 19:15 - 2014-12-14 20:33 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Kalypso Media
2015-05-01 00:55 - 2015-04-22 22:54 - 00000982 _____ () C:\Users\Moonspelll\Desktop\PerformanceTest.lnk
2015-04-29 05:41 - 2014-10-03 07:57 - 00485672 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys
2015-04-29 05:41 - 2014-10-03 07:57 - 00169416 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2015-04-29 05:41 - 2014-10-03 07:57 - 00062920 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2015-04-29 05:41 - 2014-10-03 07:57 - 00062792 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex64.sys
2015-04-29 05:41 - 2014-10-03 07:57 - 00038344 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2015-04-29 05:41 - 2014-10-03 07:57 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2015-04-29 05:41 - 2014-10-03 07:57 - 00003498 _____ () C:\Windows\System32\Tasks\Baidu Antivirus Update
2015-04-29 05:41 - 2014-10-03 07:57 - 00001090 _____ () C:\Users\Public\Desktop\Baidu Antivirus.lnk

==================== Files in the root of some directories =======

2015-05-24 18:15 - 2015-05-24 18:36 - 0000115 _____ () C:\Users\Moonspelll\AppData\Roaming\LogFile.txt
2015-05-17 18:39 - 2015-05-18 18:11 - 14503936 _____ () C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb
2015-05-25 18:02 - 2015-05-25 18:02 - 1228771 _____ () C:\ProgramData\1432525954.bdinstall.bin
2014-10-04 17:20 - 2014-10-04 17:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Moonspelll\AppData\Local\Temp\nvStInst.exe
C:\Users\Moonspelll\AppData\Local\Temp\Quarantine.exe
C:\Users\Moonspelll\AppData\Local\Temp\sqlite3.dll

Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-25 23:36

==================== End of log ============================
__________________

Moonspell · May 26, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Moonspelll at 2015-05-26 08:28:14
Running from E:\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2407973311-3509357600-1588227675-500 - Administrator - Disabled)
Guest (S-1-5-21-2407973311-3509357600-1588227675-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2407973311-3509357600-1588227675-1002 - Limited - Enabled)
Moonspelll (S-1-5-21-2407973311-3509357600-1588227675-1000 - Administrator - Enabled) => C:\Users\Moonspelll

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
3DMark (HKLM-x32\...\{f5aa1c48-f2dc-4f4f-a71d-65bd7d0dc5c5}) (Version: 1.5.893.0 - Futuremark)
3DMark (Version: 1.5.893.0 - Futuremark) Hidden
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed Rogue (HKLM-x32\...\Uplay Install 895) (Version: - Ubisoft)
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Badoo Desktop (HKLM-x32\...\{D91D71FB-C52E-440D-8A78-5E5E05487DA0}) (Version: 1.6.58.1220 - Badoo)
Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 5.4.3.122701 - Baidu, Inc.)
Baidu Browser (HKLM-x32\...\Spark) (Version: 33.11 Preview - Baidu Inc.)
Baidu PC Faster (HKLM-x32\...\Baidu PC Faster 5.1.0.0) (Version: 5.1.3.126764 - Baidu, Inc.) <==== ATTENTION
Borland Database Engine Setup (HKLM-x32\...\Borland Database Engine Setup) (Version: - )
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor Pro 1.23 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
DriverEasy 4.9.1 (HKLM\...\DriverEasy_is1) (Version: 4.9.1.0 - Easeware)
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EXPERTool 7.9 (HKLM-x32\...\MySSID_is1) (Version: - Gainward Co., Ltd)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Foxit Reader (HKLM-x32\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
Google Chrome (HKLM-x32\...\{A83C558F-C5CA-3A3A-B338-B166FDDA09C9}) (Version: 66.3.32892 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hotspot Shield 4.15.2 (HKLM-x32\...\HotspotShield) (Version: 4.15.2 - AnchorFree Inc.)
IEG PATCH V2 AIO (HKLM-x32\...\IEG PATCH V2 AIO2) (Version: 2 - Iranian Editor Groups)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Infix PDF Editor version 6.3.7.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.3.7.0 - Iceni Technology)
Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
LangOver 5 (HKLM-x32\...\LangOver 5) (Version: 5.0 - LangOver.com)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version: - SQUARE ENIX)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.3 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52742 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}) (Version: 2.0.50728 - Microsoft Corporation)
MKVToolNix 5.8.0 (HKLM-x32\...\MKVToolNix) (Version: 5.8.0 - Moritz Bunkus)
Mortal Kombat X (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0042}) (Version: 6.0 - Black Box)
Mortal Kombat X (HKLM-x32\...\TW9ydGFsS29tYmF0WA==_is1) (Version: 1 - )
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PC App Store (HKLM-x32\...\PC App Store 5.0.1.8490) (Version: 5.0.1.8490 - Baidu, Inc.)
PerfectRegistry (HKLM-x32\...\PerfectRegistry_is1) (Version: 2.0 - Raxco Software Inc)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1034.0 - Passmark Software)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Communications Corp.)
Pro Evolution Soccer 2015 DataPack v4.0 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SiSoftware Sandra Business 2015i (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.12.2015.1 - SiSoftware)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
Viber (HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
ZirYab 3 (HKLM-x32\...\ZirYab 3) (Version: 3 - abasi.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

25-05-2015 02:00:15 Automatic creation
26-05-2015 03

54 Automatic creation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:04 - 2015-02-25 01:39 - 00001682 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 anchorfree.net
127.0.0.1 rss2search.com
127.0.0.1 techbrowsing.com
127.0.0.1 box.anchorfree.net
127.0.0.1 MeFeedia
127.0.0.3 Anchorfree
127.0.0.2 mefeedia.com
127.0.0.1 anchorfree.us
127.0.0.1 a433.com
127.0.0.1 rpt.anchorfree.net
127.0.0.1 delivery.anchorfree.us/land.php
127.0.0.1 hsselite.com
127.0.0.1 www.hsselite.com
127.0.0.1 onhax.net
127.0.0.1 On HAX
127.0.0.1 https://forum.onhax.net
127.0.0.1 labs.onhax.net
127.0.0.1 do2dear.net
127.0.0.1 p30world.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0684227C-A1B6-4F86-A4DE-ACB6F5CC10CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {0BD089E2-0111-421C-8620-9639BE3707C1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2407973311-3509357600-1588227675-1000
Task: {15FDFCFE-B82A-4984-AAEC-77FAC337ED5C} - System32\Tasks\Baidu PC Faster Update => C:\Program Files (x86)\PC Faster\5.1.0.0\Updater.exe [2015-05-14] (Baidu, Inc.)
Task: {2D710062-EFC9-4866-B596-4AABB4A327BA} - System32\Tasks\Baidu Antivirus Update => C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BavUpdater.exe [2015-04-29] (Baidu, Inc.)
Task: {3DA40C9C-325A-470B-8D6C-4AEB1F8EE0AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {45C01C60-7D60-43A7-9614-41E79887C251} - System32\Tasks\PerfectRegistry_DEFAULT => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe [2014-01-24] (Raxco Software, Inc.)
Task: {54523004-881C-4B45-BFDF-BEFE3FD5CBE9} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATTENTION
Task: {5727F9C6-9A06-4C90-83BE-C6D1198314B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {5A4AB6C9-CB39-4E0B-8FCE-34A66636A008} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: {5C017AE6-AF8B-4F68-BB50-5891DB58CFB2} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {65782BCB-DD27-40F1-AB59-62509FF0B15E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6A8B2D1B-81AB-4ADF-9629-20F074C07641} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {6F10DCB7-B069-452D-957C-8235A03F70FE} - System32\Tasks\PerfectRegistry_UPDATES => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe [2014-01-24] (Raxco Software, Inc.)
Task: {7499D185-85B0-43F5-B7BA-37595C196798} - System32\Tasks\SparkSafeUpdater => C:\Program Files (x86)\baidu\SparkSafe\SparkUpdate.exe
Task: {831558BB-BAC9-4886-A07C-E484162759DF} - System32\Tasks\SpyHunter4Startup => E:\Downloads\Programs\SpyHunter.4.18.9.4384.Portable\SpyHunter\SpyHunter4.exe
Task: {8888DB5C-CEF6-437F-BF5A-7F7C3C02490A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9C2BD7A2-A05A-4EA8-AEEB-94155524AC13} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {A415D395-D4FE-4291-9BAC-3156BCBE798C} - System32\Tasks\SparkUpdater => C:\Program Files (x86)\baidu\Spark\SparkUpdate.exe
Task: {A4CDB927-FE62-4C1D-8186-5AF36C750BB5} - System32\Tasks\RegCure Pro_sch_22C02BE9-021B-11E5-9D20-1C6F65345FAE => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: {AB030D79-E96E-424E-A7F7-BC3B0E1D8086} - System32\Tasks\Baidu PC Faster Service => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [2015-05-14] (Baidu, Inc.)
Task: {B3BF04A1-1D65-4E07-AE72-FBB4F8224524} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {C9DA10D9-0F4B-4B14-87C5-31827ADF3675} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {F376CB2D-D944-4CE8-8719-BD6BD0EDD326} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {FCDE582B-E27A-403D-9F5A-07843BED8154} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: C:\Windows\Tasks\PerfectRegistry_DEFAULT.job => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe
Task: C:\Windows\Tasks\PerfectRegistry_UPDATES.job => C:\Program Files (x86)\Raxco\PerfectRegistry\PerfectRegistry.exe
Task: C:\Windows\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_22C02BE9-021B-11E5-9D20-1C6F65345FAE.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-05-26 02:16 - 2015-05-12 08:00 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-03 07:11 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2015-05-19 05:31 - 2015-05-19 05:31 - 00589608 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2014-10-03 07:08 - 2010-01-19 07:01 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-05-16 03:11 - 2015-05-05 07:49 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-16 03:11 - 2015-05-05 07:49 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2014-10-03 08:09 - 2014-03-17 03:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
2015-05-26 02:32 - 2015-05-01 21:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-29 05:41 - 2015-04-29 05:41 - 00297968 _____ () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\HipsLogger.dll
2015-04-29 05:41 - 2015-04-20 15:35 - 00198128 _____ () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\dark.dll
2015-04-29 05:41 - 2015-04-29 05:41 - 00540656 _____ () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\sqlite.dll
2014-04-15 14:21 - 2015-04-01 08:26 - 00595824 _____ () C:\Program Files (x86)\PC Faster\5.1.0.0\sqlite.dll
2015-04-29 05:41 - 2015-04-29 05:41 - 00370672 _____ () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.77147\Baidu Antivirus\5.4.3.122701.0\BNetOp.dll
2014-10-03 07:11 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2015-05-19 05:30 - 2015-05-19 05:30 - 01749288 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-10-17 14:48 - 2014-10-17 14:48 - 02257952 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3351\skiax.dll
2014-10-17 14:48 - 2014-10-17 14:48 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.3351\zlib1.dll
2015-05-11 08:40 - 2015-05-11 08:40 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A
AlternateDataStreams: C:\ProgramData\TEMP:58D8F144

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C436C24B-C529-4622-B795-AFF16AC82388}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{348C8E6D-DD94-42E3-811F-75B28B42E934}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [Daum PotPlayer(PotPlayerMini64.exe)] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{148D0035-42C9-424C-AC7B-836BF8DC9928}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{943B0808-221B-4612-A396-DC6F7C4C5BCB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B13A5236-A516-456E-B50D-AA3354CD2571}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79FAF5DB-30FF-42CC-8842-5BB872AE7164}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{26577899-8E12-46A4-9132-E0D934280338}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{CA5E6646-9590-43A8-B98F-F299495D1532}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF0A3563-6080-47FA-89BC-F9636A1809A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{30D3DB86-5C69-496A-819D-64D117CD7C4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19EBB11B-A119-4EC6-A46B-DC7BA9DABEF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09B72D61-EC54-4B47-ABD4-A228C831190C}] => (Allow) C:\Users\Moonspelll\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF11A0AA-1295-4492-ACCE-7A788919284D}] => (Allow) C:\Users\Moonspelll\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02EDCF49-72C0-4578-A703-C5E2B385942B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81455CE0-ACC2-4D90-B268-F79110F4BDFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{22981682-1358-4F4A-B2C7-91E29AC52336}] => (Allow) E:\Games\The Lord Of The Rings Battle For Middle Earth 2\game.dat
FirewallRules: [{4C153E34-9E70-4BED-81FF-D1F0D43DAC15}] => (Allow) E:\Games\The Lord Of The Rings Battle For Middle Earth 2\game.dat
FirewallRules: [{102F93E8-F758-4141-A70B-E38F5A7BAB80}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BEACFF8E-0A82-4406-A7BC-608667B17101}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9F59F667-B730-455C-9560-CD93A3242999}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7151A7DB-C5AF-4071-8F90-3807D4771068}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5C3D4682-E3A2-4687-BF18-BE4496155797}E:\games\far cry 4\bin\farcry4.exe] => (Allow) E:\games\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{70D27AEA-7F77-4D60-9BB6-ACFE8115BAAD}E:\games\far cry 4\bin\farcry4.exe] => (Allow) E:\games\far cry 4\bin\farcry4.exe
FirewallRules: [{FCE7044C-74FC-4281-BC9B-B17737A0BBAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AF891CEB-51C9-4C7A-940C-BA2AF08C4203}E:\games\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{2C6E9C69-4D23-4B54-9080-14E63790C81A}E:\games\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dyinglightgame.exe
FirewallRules: [{4CE97224-DD23-4C61-B8B3-3989D6541D27}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{AFCF8853-9A2A-49E9-AD64-8DFD008EC24D}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\RpcAgentSrv.exe
FirewallRules: [{646CF1A5-B3CA-4862-AFD2-98FE262E80BC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2E25C32F-7857-409A-B0B1-D0940061DFAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2015 03

53 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6b96b89a-1b12-487c-a8d5-da3d874d2708}

Error: (05/26/2015 02:37:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2015 02:37:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 02:37:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/26/2015 02:37:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/26/2015 02:37:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/26/2015 02:37:15 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 02:31:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 02:31:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/26/2015 02:15:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/26/2015 02:37:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/26/2015 02:37:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/26/2015 02:37:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/26/2015 02:37:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/26/2015 02:37:55 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/26/2015 02:37:55 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/26/2015 02:37:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/26/2015 02:37:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/26/2015 02:37:45 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/26/2015 02:37:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
%%5

Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 21%
Total physical RAM: 16375.49 MB
Available physical RAM: 12795.39 MB
Total Pagefile: 32749.19 MB
Available Pagefile: 28926.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Windows & Programs) (Fixed) (Total:99.9 GB) (Free:24.16 GB) NTFS
Drive d: (Setups) (Fixed) (Total:931.51 GB) (Free:515.58 GB) NTFS
Drive e: (Games & Downloads) (Fixed) (Total:831.51 GB) (Free:602.17 GB) NTFS
Drive f: (Others) (Fixed) (Total:3725.9 GB) (Free:2758.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1C5E16D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 7AE1B87B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================
__________________

Broni · May 26, 2015

Baidu Antivirus is fine with me.

Uninstall Baidu PC Faster though.
Info: http://malwaretips.com/blogs/baidu-pc-faster-virus/

Next...

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Moonspell · May 28, 2015

RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Moonspelll [Administrator]
Started from : E:\Downloads\Programs\RogueKiller.exe
Mode : Delete -- Date : 05/28/2015 08:37:54

¤¤¤ Processes : 2 ¤¤¤
[PUP] (SVC) hshld -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[7] -> Stopped
[PUP] (SVC) HssWd -- "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe" -product hss[7] -> Stopped

¤¤¤ Registry : 27 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub) | (default) : {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub) | (default) : {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) | (default) : {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder) | (default) : {16F3DD56-1AF5-4347-846D-7C10C4192619} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark) | (default) : {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssWd ("C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe" -product hss) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssWd ("C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe" -product hss) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssWd ("C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe" -product hss) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.keycode.asia/tabligh -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.keycode.asia/tabligh -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 19 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 anchorfree.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 rss2search.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 techbrowsing.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 box.anchorfree.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.mefeedia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.3 www.anchorfree.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.2 mefeedia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 anchorfree.us
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 a433.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 rpt.anchorfree.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 delivery.anchorfree.us/land.php
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 hsselite.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.hsselite.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 onhax.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.onhax.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 https://forum.onhax.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 labs.onhax.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 do2dear.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 p30world.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] nxersh2t.default : Hotspot Shield Extension [afproxy@anchorfree.com] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 938b8ee0e53409b9b47e5bf54ef079fa
[BSP] 3cbafc49fc444b11ae62c2d436e2ee17 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209717248 | Size: 851467 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST31000528AS ATA Device +++++
--- User ---
[MBR] dbd8518a3ac22982600e06d020170365
[BSP] 83e439da4240b9eef1296a5817555347 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_05282015_030928.log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/28/2015
Scan Time: 8:44:23 AM
Logfile: Malwarebytes Anti-Malware.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.28.01
Rootkit Database: v2015.05.24.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Moonspelll

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361298
Time Elapsed: 8 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

# AdwCleaner v4.205 - Logfile created 28/05/2015 at 09:13:41
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Moonspelll - MOONSPELL
# Running from : E:\Downloads\Programs\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : hshld

***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Duplicaterecord.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18631

-\\ Mozilla Firefox v38.0.1 (x86 en-US)

-\\ Google Chrome v42.0.2311.152

[C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [4637 bytes] - [24/05/2015 19:15:38]
AdwCleaner[R1].txt - [1278 bytes] - [26/05/2015 01:46:12]
AdwCleaner[R2].txt - [1545 bytes] - [28/05/2015 09:08:55]
AdwCleaner[S0].txt - [4452 bytes] - [24/05/2015 19:17:23]
AdwCleaner[S1].txt - [1262 bytes] - [26/05/2015 01:48:25]
AdwCleaner[S2].txt - [1484 bytes] - [28/05/2015 09:13:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1543 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.1 (05.27.2015:1)
OS: Windows 7 Ultimate x64
Ran by Moonspelll on Thu 05/28/2015 at 9:30:38.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}

~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Users\Moonspelll\AppData\Roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\hotspot shield.lnk
Successfully deleted: [File] C:\Users\Moonspelll\desktop\driver genius.lnk
Successfully deleted: [File] C:\users\public\desktop\hotspot shield.lnk

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\baidu security
Successfully deleted: [Folder] C:\Program Files (x86)\driver-soft
Successfully deleted: [Folder] C:\Program Files (x86)\driverupdate
Successfully deleted: [Folder] C:\ProgramData\baidu security
Successfully deleted: [Folder] C:\ProgramData\drivergenius
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driver genius
Successfully deleted: [Folder] C:\Users\Moonspelll\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Moonspelll\appdata\local\slimware utilities inc
Successfully deleted: [Folder] C:\Users\Moonspelll\AppData\Roaming\baidu security
Successfully deleted: [Folder] C:\Users\Moonspelll\AppData\Roaming\baidu

~~~ Chrome

[C:\Users\Moonspelll\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Moonspelll\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Moonspelll\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Moonspelll\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/28/2015 at 9:35:42.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · May 28, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Moonspell · May 28, 2015

ComboFix 15-05-28.01 - Moonspelll 05/28/2015 21:26:47.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.981.1033.18.16375.13854 [GMT 4.5:30]
Running from: e:\downloads\Programs\New folder\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1432525954.bdinstall.bin
c:\users\Moonspelll\AppData\Roaming\DRPSu
c:\users\Moonspelll\Desktop\Setup.exe
c:\windows\SysWow64\g
c:\windows\SysWow64\SET45B8.tmp
c:\windows\SysWow64\SET49B3.tmp
c:\windows\SysWow64\SET675B.tmp
c:\windows\SysWow64\SET6C02.tmp
c:\windows\SysWow64\SET6F05.tmp
c:\windows\SysWow64\SET75AE.tmp
c:\windows\SysWow64\SET77B7.tmp
c:\windows\SysWow64\SET9347.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-04-28 to 2015-05-28 )))))))))))))))))))))))))))))))
.
.
2015-05-28 17:07 . 2015-05-28 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-28 15:34 . 2015-05-28 15:34 -------- d-----w- c:\users\Moonspelll\AppData\Local\CrashRpt
2015-05-28 05:00 . 2015-05-28 05:00 -------- d-----w- C:\RegBackup
2015-05-27 22:17 . 2015-05-27 22:17 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-27 22:16 . 2015-05-28 04:36 -------- d-----w- c:\programdata\RogueKiller
2015-05-27 14:21 . 2015-05-27 14:21 -------- d-----w- c:\program files (x86)\ESET
2015-05-26 19:47 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1ACBC1D-D39D-4469-A296-9B5FC5594D11}\mpengine.dll
2015-05-26 14:43 . 2015-05-26 14:43 -------- d-----w- c:\users\Moonspelll\AppData\Roaming\AVAST Software
2015-05-26 14:42 . 2015-05-26 14:42 -------- d-----w- c:\windows\SysWow64\vbox
2015-05-26 14:42 . 2015-05-26 14:42 -------- d-----w- c:\windows\system32\vbox
2015-05-26 14:41 . 2015-05-26 14:41 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-05-26 14:41 . 2015-05-26 14:41 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-26 14:41 . 2015-05-26 14:41 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-26 14:41 . 2015-05-26 14:41 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-26 14:41 . 2015-05-26 14:41 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-26 14:41 . 2015-05-26 14:41 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-05-26 14:41 . 2015-05-26 14:41 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-26 14:41 . 2015-05-26 14:40 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-26 14:41 . 2015-05-26 14:41 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-26 14:41 . 2015-05-26 14:41 43112 ----a-w- c:\windows\avastSS.scr
2015-05-26 14:40 . 2015-05-26 14:40 -------- d-----w- c:\program files\AVAST Software
2015-05-26 14:34 . 2015-05-26 14:34 -------- d-----w- c:\programdata\AVAST Software
2015-05-26 03:53 . 2015-05-27 07:00 -------- d-----w- C:\FRST
2015-05-26 03:51 . 2015-05-26 03:51 -------- d-----w- c:\users\Moonspelll\AppData\Roaming\NVIDIA
2015-05-25 22:01 . 2015-05-28 15:28 -------- d-----w- c:\programdata\NVIDIA
2015-05-25 22:01 . 2015-05-12 02:34 571024 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-05-25 21:46 . 2015-05-12 03:30 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-05-25 21:46 . 2015-05-12 03:30 3490448 ----a-w- c:\windows\system32\nvsvc64.dll
2015-05-25 21:46 . 2015-05-12 03:30 937288 ----a-w- c:\windows\system32\nvvsvc.exe
2015-05-25 21:46 . 2015-05-12 03:30 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-05-25 21:46 . 2015-05-12 03:30 6872392 ----a-w- c:\windows\system32\nvcpl.dll
2015-05-25 21:46 . 2015-05-11 17:01 4391871 ----a-w- c:\windows\system32\nvcoproc.bin
2015-05-25 21:46 . 2015-05-12 03:30 385352 ----a-w- c:\windows\system32\nvmctray.dll
2015-05-25 18:36 . 2015-05-28 16:29 -------- d-----w- c:\users\Moonspelll\AppData\Local\NVIDIA
2015-05-24 14:45 . 2015-05-28 04:43 -------- d-----w- C:\AdwCleaner
2015-05-23 14:37 . 2015-05-28 15:29 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-23 14:35 . 2015-05-23 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-23 14:35 . 2015-05-23 14:35 -------- d-----w- c:\programdata\Malwarebytes
2015-05-23 14:35 . 2015-04-14 05:07 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-23 14:35 . 2015-04-14 05:07 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-23 14:35 . 2015-04-14 05:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-23 14:05 . 2015-05-23 15:00 -------- d-----w- c:\programdata\BCloudScan_exe
2015-05-22 14:25 . 2015-05-01 16:51 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-05-22 14:25 . 2015-05-01 16:50 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-05-22 14:25 . 2015-05-01 16:50 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-05-22 14:25 . 2015-05-01 16:51 1316184 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-05-22 07:00 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-05-21 14:59 . 2014-06-15 10:48 626688 ----a-w- c:\windows\SysWow64\msvcr80.dll
2015-05-21 14:59 . 2014-06-15 10:48 450560 ----a-w- c:\windows\SysWow64\mss32.dll
2015-05-21 14:59 . 2014-06-15 10:47 194048 ----a-w- c:\windows\SysWow64\IEShims.dll
2015-05-21 14:59 . 2014-06-15 10:40 176128 ----a-w- c:\windows\SysWow64\binkw32.dll
2015-05-20 18:04 . 2015-05-12 06:27 1099808 ----a-w- c:\windows\system32\SET42C3.tmp
2015-05-20 18:04 . 2015-05-12 06:27 3363224 ----a-w- c:\windows\system32\SET34E3.tmp
2015-05-20 16:51 . 2015-05-20 16:51 -------- d-----w- c:\users\Moonspelll\AppData\Local\LangOver.com
2015-05-20 16:51 . 2015-05-20 16:51 -------- d-----w- c:\users\Moonspelll\AppData\Roaming\SolidDocuments
2015-05-20 16:51 . 2015-05-20 16:51 -------- d-----w- c:\program files (x86)\LangOver
2015-05-20 16:45 . 2015-05-20 16:45 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-05-20 16:43 . 2015-05-25 16:17 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-05-20 13:57 . 2015-05-20 12:55 197616 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-05-17 14:08 . 2015-05-17 14:08 -------- d-----w- c:\program files\SiSoftware
2015-05-16 18:12 . 2015-05-16 18:12 -------- d-----w- c:\program files (x86)\Futuremark
2015-05-16 15:16 . 2015-05-16 15:16 -------- d-----w- c:\users\Moonspelll\AppData\Roaming\Iceni
2015-05-16 15:16 . 2015-05-16 15:16 -------- d-----w- c:\users\Moonspelll\AppData\Local\Iceni
2015-05-16 15:16 . 2015-05-16 15:16 -------- d-----w- c:\programdata\Iceni
2015-05-16 15:16 . 2015-05-16 15:16 -------- d-----w- c:\programdata\Aspell
2015-05-16 15:16 . 2015-05-16 15:16 -------- d-----w- c:\users\Moonspelll\AppData\Local\Aspell
2015-05-16 15:16 . 2015-05-16 15:16 -------- d-----w- c:\program files (x86)\Iceni
2015-05-15 18:36 . 2015-05-15 20:30 -------- d-----w- c:\users\Moonspelll\AppData\Roaming\thriXXX
2015-05-15 18:36 . 2015-05-15 18:36 -------- d-----w- c:\programdata\thriXXX
2015-05-15 18:36 . 2015-05-15 18:36 -------- d-----w- c:\program files (x86)\thriXXX
2015-05-14 21:00 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 21:00 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 19:47 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-14 19:47 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-14 19:47 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-14 19:47 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-14 19:44 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-05-14 19:44 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-05-14 19:44 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-05-14 19:44 . 2015-04-20 02:11 3204608 ----a-w- c:\windows\system32\win32k.sys
2015-05-14 19:39 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-12 20:15 . 2015-05-12 20:15 -------- d-----w- c:\users\Moonspelll\AppData\Local\Futuremark
2015-05-12 20:14 . 2015-05-12 20:14 -------- d-----w- c:\program files\Futuremark
2015-05-11 20:44 . 2015-05-12 11:45 -------- d-----w- c:\program files\aida64extreme520
2015-05-11 20:32 . 2015-05-11 20:32 -------- d-----w- c:\program files (x86)\FinalWire
2015-05-08 20:11 . 2015-05-08 20:11 42576 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2015-05-07 15:09 . 2015-03-10 10:04 2702040 ----a-w- c:\windows\system32\RTSnMg64.cpl
2015-05-07 15:08 . 2015-03-11 10:04 2825944 ----a-w- c:\windows\RtlExUpd.dll
2015-05-07 13:17 . 2015-05-07 13:17 -------- d-----w- c:\users\Moonspelll\AppData\Roaming\ExtremeCopy
2015-05-07 12:40 . 2015-05-07 12:40 -------- d-----w- c:\program files\Intel
2015-05-07 12:29 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difx70fc.rra
2015-05-07 12:27 . 2015-01-15 06:42 977624 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2015-05-07 12:27 . 2015-01-15 06:42 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2015-05-07 10:47 . 2015-04-09 00:58 17176128 ----a-w- c:\windows\system32\SET6CBD.tmp
2015-05-07 10:47 . 2015-04-09 00:58 1086424 ----a-w- c:\windows\system32\SET6AB9.tmp
2015-05-07 10:47 . 2015-04-09 00:58 3317344 ----a-w- c:\windows\system32\SET6004.tmp
2015-05-07 10:45 . 2015-02-19 21:48 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-05-07 10:45 . 2015-02-19 21:48 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-05-05 22:43 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxcec2.rra
2015-05-05 22:42 . 2012-09-17 10:35 123704 ----a-w- c:\windows\system32\drivers\jraid.sys
2015-05-04 09:36 . 2015-05-04 09:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-05-02 14:45 . 2015-05-02 14:45 -------- d-----w- c:\users\Moonspelll\AppData\Roaming\.mono
2015-05-02 14:45 . 2015-05-02 14:45 -------- d-----w- c:\programdata\.mono
2015-05-02 12:34 . 2015-05-02 12:34 -------- d-----w- c:\users\Moonspelll\AppData\Local\Microsoft Research
2015-05-02 12:33 . 2015-05-02 12:33 -------- d-----w- c:\program files (x86)\Microsoft Research
2015-05-01 14:32 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-01 14:32 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-01 14:32 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-01 14:32 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-01 14:32 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-01 14:32 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-01 14:32 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-01 14:30 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-01 14:30 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-28 15:28 . 2014-10-03 02:45 25640 ----a-w- c:\windows\gdrv.sys
2015-05-16 00:16 . 2014-10-03 21:09 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-12 06:27 . 2015-02-19 21:48 17540416 ----a-w- c:\windows\system32\SET443B.tmp
2015-05-11 04:10 . 2014-10-03 03:27 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-11 04:10 . 2012-02-15 12:39 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-07 10:30 . 2014-10-03 18:28 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2015-05-04 09:35 . 2015-04-10 13:38 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-27 19:04 . 2015-05-07 15:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-25 03:24 . 2015-04-14 07:03 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-14 07:03 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-14 07:03 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-14 07:03 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-14 07:03 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-14 07:03 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-14 07:03 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-14 07:03 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-14 07:03 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-14 07:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-14 07:03 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-14 07:03 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-14 07:03 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-14 07:03 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-14 07:03 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-14 07:03 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-14 07:02 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-14 07:02 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-14 07:02 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-14 07:02 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-14 07:02 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-14 07:02 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-14 07:02 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-14 07:02 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-16 21:04 . 2015-03-16 21:04 54944 ----a-w- c:\windows\system32\AdobePDF.dll
2015-03-16 21:04 . 2015-03-16 21:04 26272 ----a-w- c:\windows\system32\AdobePDFUI.dll
2015-03-14 03:21 . 2015-04-23 20:08 1632768 ----a-w- c:\windows\system32\dwmcore.dll
2015-03-14 03:21 . 2015-04-23 20:08 82944 ----a-w- c:\windows\system32\dwmapi.dll
2015-03-14 03:04 . 2015-04-23 20:08 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-03-14 03:04 . 2015-04-23 20:08 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-03-13 19:41 . 2015-04-10 13:44 2906928 ----a-w- c:\windows\SysWow64\nvapi.dll-nv16563
2015-03-13 19:41 . 2010-05-06 10:26 3303448 ----a-w- c:\windows\system32\nvapi64.dll-nv16563
2015-03-13 19:41 . 2010-05-06 10:26 14121624 ----a-w- c:\windows\SysWow64\nvd3dum.dll-nv16563
2015-03-13 16:16 . 2010-04-28 14:19 62608 ----a-w- c:\windows\system32\nvshext.dll-nv16566
2015-03-10 03:25 . 2015-04-14 19:55 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-14 19:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-14 19:55 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-14 19:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-14 19:55 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-14 19:55 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-14 19:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-14 19:55 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-01 14:32 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-01 14:32 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-14 19:55 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-01 14:32 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-01 14:32 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-01 14:32 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-02-28 19:13 . 2015-02-28 19:13 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2013-08-12 115048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-26 5515496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GalaxyService;GalaxyService;c:\program files (x86)\GalaxyClient\GalaxyService.exe;c:\program files (x86)\GalaxyClient\GalaxyService.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe -product hss;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe -product hss [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - msahci
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03 16:33]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03 16:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-26 14:41 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-04-13 13876952]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-02-03 557768]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-09-16 11877656]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-01 2685072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.keycode.asia/tabligh
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add Web Page to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppend.html
IE: Append Lin&k Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppendSelLinks.html
IE: Convert &Web Page to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECapture.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECaptureSelLinks.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Android Store 1.2.8.3351 - c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3351\Uninstall.exe
AddRemove-IEG PATCH V2 AIO2 - e:\games\Pro Evolution Soccer 2015\uninstall.exe
AddRemove-UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1 - e:\games\Pro Evolution Soccer 2015\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2407973311-3509357600-1588227675-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):80,14,05,91,d4,62,eb,07,89,ac,c7,56,cc,3d,03,72,de,9b,44,77,7a,
e1,fd,13,14,bc,22,64,df,4a,b3,4e,0d,a9,2a,51,a0,d4,1a,f3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2407973311-3509357600-1588227675-1000_Classes\Wow6432Node\CLSID\{ef3f0cb0-7da1-44fe-85bb-5fd3488dedf4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000077
"Therad"=dword:00000004
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-28 21:39:42
ComboFix-quarantined-files.txt 2015-05-28 17:09
.
Pre-Run: 19,421,900,800 bytes free
Post-Run: 19,386,957,824 bytes free
.
- - End Of File - - 3EE3F56350294B4E1509AE1F00AC3216
A36C5E4F47E84449FF07ED3517B43A31

Broni · May 28, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Moonspell · May 28, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Moonspelll at 2015-05-28 23:50:27
Running from E:\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2407973311-3509357600-1588227675-500 - Administrator - Disabled)
Guest (S-1-5-21-2407973311-3509357600-1588227675-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2407973311-3509357600-1588227675-1002 - Limited - Enabled)
Moonspelll (S-1-5-21-2407973311-3509357600-1588227675-1000 - Administrator - Enabled) => C:\Users\Moonspelll

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{f5aa1c48-f2dc-4f4f-a71d-65bd7d0dc5c5}) (Version: 1.5.893.0 - Futuremark)
3DMark (Version: 1.5.893.0 - Futuremark) Hidden
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed Rogue (HKLM-x32\...\Uplay Install 895) (Version: - Ubisoft)
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Badoo Desktop (HKLM-x32\...\{D91D71FB-C52E-440D-8A78-5E5E05487DA0}) (Version: 1.6.58.1220 - Badoo)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Borland Database Engine Setup (HKLM-x32\...\Borland Database Engine Setup) (Version: - )
Braveland (HKLM-x32\...\1207662143_is1) (Version: 2.2.0.4 - GOG.com)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor Pro 1.23 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
DriverEasy 4.9.1 (HKLM\...\DriverEasy_is1) (Version: 4.9.1.0 - Easeware)
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EXPERTool 7.9 (HKLM-x32\...\MySSID_is1) (Version: - Gainward Co., Ltd)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Folder Lock (HKLM-x32\...\Folder Lock) (Version: - New Softwares.net)
Foxit Reader (HKLM-x32\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
Google Chrome (HKLM-x32\...\{A83C558F-C5CA-3A3A-B338-B166FDDA09C9}) (Version: 66.3.32892 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hotspot Shield 4.15.2 (HKLM-x32\...\HotspotShield) (Version: 4.15.2 - AnchorFree Inc.)
IEG PATCH V2 AIO (HKLM-x32\...\IEG PATCH V2 AIO2) (Version: 2 - Iranian Editor Groups)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Infix PDF Editor version 6.3.7.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.3.7.0 - Iceni Technology)
Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
LangOver 5 (HKLM-x32\...\LangOver 5) (Version: 5.0 - LangOver.com)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.3 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52742 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}) (Version: 2.0.50728 - Microsoft Corporation)
MKVToolNix 5.8.0 (HKLM-x32\...\MKVToolNix) (Version: 5.8.0 - Moritz Bunkus)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PC App Store (HKLM-x32\...\PC App Store 5.0.1.8490) (Version: 5.0.1.8490 - Baidu, Inc.)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1034.0 - Passmark Software)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Communications Corp.)
Pro Evolution Soccer 2015 DataPack v4.0 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SiSoftware Sandra Business 2015i (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.12.2015.1 - SiSoftware)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
Viber (HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
ZirYab 3 (HKLM-x32\...\ZirYab 3) (Version: 3 - abasi.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

27-05-2015 02:00:20 Automatic creation
28-05-2015 02:00:19 Automatic creation
28-05-2015 20:29:23 Automatic creation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:04 - 2015-05-28 21:37 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0684227C-A1B6-4F86-A4DE-ACB6F5CC10CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {0BD089E2-0111-421C-8620-9639BE3707C1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2407973311-3509357600-1588227675-1000
Task: {0D586169-3487-40A3-97D0-E55F0F01CEFC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (Avast Software s.r.o.)
Task: {3DA40C9C-325A-470B-8D6C-4AEB1F8EE0AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5727F9C6-9A06-4C90-83BE-C6D1198314B7} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {65782BCB-DD27-40F1-AB59-62509FF0B15E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6A8B2D1B-81AB-4ADF-9629-20F074C07641} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {8888DB5C-CEF6-437F-BF5A-7F7C3C02490A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9C2BD7A2-A05A-4EA8-AEEB-94155524AC13} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B3BF04A1-1D65-4E07-AE72-FBB4F8224524} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {C9DA10D9-0F4B-4B14-87C5-31827ADF3675} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {D3ADBFA5-B77A-4D8D-972E-42E846D7EC33} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {F376CB2D-D944-4CE8-8719-BD6BD0EDD326} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {FCDE582B-E27A-403D-9F5A-07843BED8154} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-26 02:16 - 2015-05-12 08:00 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-03 07:11 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2014-09-17 01:32 - 2014-09-17 01:32 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-05-19 05:31 - 2015-05-19 05:31 - 00589608 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2014-10-03 07:08 - 2010-01-19 07:01 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-05-16 03:11 - 2015-05-05 07:49 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-16 03:11 - 2015-05-05 07:49 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-05-16 03:11 - 2015-05-05 07:49 - 26787144 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
2015-05-26 19:11 - 2015-05-26 19:11 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-26 19:11 - 2015-05-26 19:11 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-28 13:31 - 2015-05-28 13:31 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052800\algo.dll
2014-10-03 07:11 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2015-05-19 05:30 - 2015-05-19 05:30 - 01749288 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2015-05-26 02:32 - 2015-05-01 21:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-10-03 08:09 - 2014-03-17 03:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
2015-05-26 19:11 - 2015-05-26 19:11 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-03 17:04 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-10-03 17:04 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C436C24B-C529-4622-B795-AFF16AC82388}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{348C8E6D-DD94-42E3-811F-75B28B42E934}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [Daum PotPlayer(PotPlayerMini64.exe)] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{148D0035-42C9-424C-AC7B-836BF8DC9928}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{943B0808-221B-4612-A396-DC6F7C4C5BCB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B13A5236-A516-456E-B50D-AA3354CD2571}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79FAF5DB-30FF-42CC-8842-5BB872AE7164}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{26577899-8E12-46A4-9132-E0D934280338}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{CA5E6646-9590-43A8-B98F-F299495D1532}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF0A3563-6080-47FA-89BC-F9636A1809A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{30D3DB86-5C69-496A-819D-64D117CD7C4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19EBB11B-A119-4EC6-A46B-DC7BA9DABEF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{02EDCF49-72C0-4578-A703-C5E2B385942B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81455CE0-ACC2-4D90-B268-F79110F4BDFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{22981682-1358-4F4A-B2C7-91E29AC52336}] => (Allow) E:\Games\The Lord Of The Rings Battle For Middle Earth 2\game.dat
FirewallRules: [{4C153E34-9E70-4BED-81FF-D1F0D43DAC15}] => (Allow) E:\Games\The Lord Of The Rings Battle For Middle Earth 2\game.dat
FirewallRules: [{102F93E8-F758-4141-A70B-E38F5A7BAB80}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BEACFF8E-0A82-4406-A7BC-608667B17101}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9F59F667-B730-455C-9560-CD93A3242999}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7151A7DB-C5AF-4071-8F90-3807D4771068}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5C3D4682-E3A2-4687-BF18-BE4496155797}E:\games\far cry 4\bin\farcry4.exe] => (Allow) E:\games\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{70D27AEA-7F77-4D60-9BB6-ACFE8115BAAD}E:\games\far cry 4\bin\farcry4.exe] => (Allow) E:\games\far cry 4\bin\farcry4.exe
FirewallRules: [{FCE7044C-74FC-4281-BC9B-B17737A0BBAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AF891CEB-51C9-4C7A-940C-BA2AF08C4203}E:\games\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{2C6E9C69-4D23-4B54-9080-14E63790C81A}E:\games\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dyinglightgame.exe
FirewallRules: [{4CE97224-DD23-4C61-B8B3-3989D6541D27}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{AFCF8853-9A2A-49E9-AD64-8DFD008EC24D}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\RpcAgentSrv.exe
FirewallRules: [{646CF1A5-B3CA-4862-AFD2-98FE262E80BC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2E25C32F-7857-409A-B0B1-D0940061DFAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46F4D19C-CA44-4095-9CAE-8E42F0663501}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CC46E928-68DC-4E22-9A77-813F966D3793}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 11:49:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:47:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:46:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 09:48:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 09:43:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

System errors:
=============
Error: (05/28/2015 11:46:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The FLService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/28/2015 09:40:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/28/2015 09:39:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/28/2015 09:39:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/28/2015 09:39:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-05-28 21:37:00.240
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-28 21:37:00.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 16375.49 MB
Available physical RAM: 13397.13 MB
Total Pagefile: 32749.19 MB
Available Pagefile: 29571.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows & Programs) (Fixed) (Total:99.9 GB) (Free:18.04 GB) NTFS
Drive d: (Setups) (Fixed) (Total:931.51 GB) (Free:567.13 GB) NTFS
Drive e: (Games & Downloads) (Fixed) (Total:831.51 GB) (Free:632.85 GB) NTFS
Drive f: (Others) (Fixed) (Total:3725.9 GB) (Free:2758.98 GB) NTFS
Drive l: (SONY-B) (Removable) (Total:14.54 GB) (Free:4.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1C5E16D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 7AE1B87B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 14.6 GB) (Disk ID: 500A0DFF)
No partition Table on disk 3.

==================== End of log ============================

Moonspell · May 28, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Moonspelll (administrator) on MOONSPELL on 28-05-2015 23:49:57
Running from E:\Downloads\Programs
Loaded Profiles: Moonspelll (Available Profiles: Moonspelll)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Failed to access process -> nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
Failed to access process -> svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
Failed to access process -> DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
Failed to access process -> svchost.exe
Failed to access process -> NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> ngservice.exe
Failed to access process -> svchost.exe
Failed to access process -> AlarmClock.exe
Failed to access process -> svchost.exe
Failed to access process -> acrotray.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> iexplore.exe
Failed to access process -> iexplore.exe
Failed to access process -> idmBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
Failed to access process -> IEMonitor.exe
Failed to access process -> audiodg.exe
(PandoraTV) C:\KMPlayer\KMPlayer.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-17] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2013-08-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-26] (Avast Software s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.exe [330040 2015-05-28] ( New Softwares.net)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275768 2015-05-28] (New Softwares.net)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.keycode.asia/tabligh
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (Avast Software s.r.o.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (Avast Software s.r.o.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2407973311-3509357600-1588227675-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-11] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-10-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Extension: anonymoX - C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default\Extensions\client@anonymox.net.xpi [2014-10-19]
FF Extension: Access FreeNetI - C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default\Extensions\info@freeneti.com.xpi [2014-10-19]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26]
FF HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5 [2015-05-22]
FF HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Webpage Screenshot) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-10-03]
CHR Extension: (Google Search) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-05-20]
CHR Extension: (Google Sheets) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (AdBlock) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-03]
CHR Extension: (Avast Online Security) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03]
CHR Extension: (IDM Integration Module) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjgffenlaenblicaimjjhenpigegidh [2015-05-22]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-05-17]
CHR Extension: (Gmail) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-26] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-26] (Avast Software)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92984 2015-05-28] (New Softwares.net)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-05-06] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96688 2015-05-19] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589608 2015-05-19] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) []
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () []
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSSQLSERVER; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [X]
S4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-26] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-26] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-03] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-11-03] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
U0 msahci; No ImagePath
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2015-05-28] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-16] (Synaptics Incorporated)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S2 TBPanel; No ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-26] (Avast Software)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36472 2015-05-28] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2015-05-28] (NewSoftwares.net, Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 vsserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Moonspell · May 28, 2015

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 23:48 - 2015-05-28 23:48 - 00001213 ___SH () C:\Users\Moonspelll\AppData\Local\win_fldb_sys.dat
2015-05-28 23:48 - 2015-05-28 23:48 - 00000700 ___SH () C:\Users\Moonspelll\AppData\Local\systemFL7.dat
2015-05-28 23:48 - 2015-05-28 23:48 - 00000693 ___SH () C:\Windows\SysWOW64\win_fldb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00011781 ___SH () C:\Users\Moonspelll\AppData\Local\win_flfiles_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00003465 ___SH () C:\Windows\SysWOW64\win_stlthdb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00003465 ___SH () C:\Users\Moonspelll\AppData\Local\win_stlthdb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00002568 ___SH () C:\ProgramData\win_mpwd_sys.dat
2015-05-28 23:46 - 2015-05-28 23:46 - 00330040 _____ ( New Softwares.net) C:\Windows\SysWOW64\WinFLTrayShred.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00330040 _____ ( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00225680 _____ (NewSoftwares.net, Inc.) C:\Windows\SysWOW64\WinVDEdrv.sys
2015-05-28 23:46 - 2015-05-28 23:46 - 00197648 _____ () C:\Windows\SysWOW64\WinVDEdrv6.sys
2015-05-28 23:46 - 2015-05-28 23:46 - 00092984 _____ (New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00040960 _____ () C:\Windows\SysWOW64\nwsftUninstall.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00036472 _____ () C:\Windows\SysWOW64\WinFLAdrv.sys
2015-05-28 23:46 - 2015-05-28 23:46 - 00014024 _____ () C:\Windows\SysWOW64\WinFLMsgService.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00001157 _____ () C:\Users\Public\Desktop\Folder Lock.lnk
2015-05-28 23:46 - 2015-05-28 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Lock
2015-05-28 23:46 - 2015-05-28 23:46 - 00000000 ____D () C:\Program Files (x86)\NewSoftware's
2015-05-28 23:35 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys
2015-05-28 21:39 - 2015-05-28 21:39 - 00032059 _____ () C:\ComboFix.txt
2015-05-28 21:25 - 2011-06-26 11:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 21:25 - 2010-11-07 21:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 21:25 - 2009-04-20 09:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 21:24 - 2015-05-28 21:39 - 00000000 ____D () C:\Qoobox
2015-05-28 21:24 - 2015-05-28 21:38 - 00000000 ____D () C:\Windows\erdnt
2015-05-28 20:40 - 2015-05-28 20:40 - 00000978 _____ () C:\Users\Public\Desktop\The Witcher 3 - Wild Hunt.lnk
2015-05-28 20:40 - 2015-05-28 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 Wild Hunt
2015-05-28 20:04 - 2015-05-28 20:04 - 00000749 _____ () C:\Users\Public\Desktop\Braveland.lnk
2015-05-28 20:04 - 2015-05-28 20:04 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\CrashRpt
2015-05-28 20:04 - 2015-05-28 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-28 09:35 - 2015-05-28 09:35 - 00002641 _____ () C:\Users\Moonspelll\Desktop\JRT.txt
2015-05-28 09:30 - 2015-05-28 09:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOONSPELL-Windows-7-Ultimate-(64-bit).dat
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 ____D () C:\RegBackup
2015-05-28 09:26 - 2015-05-27 15:11 - 02946603 _____ (Thisisu) C:\Users\Moonspelll\Desktop\JRT_NEW.exe
2015-05-28 09:21 - 2015-05-28 09:21 - 681302358 _____ () C:\Windows\MEMORY.DMP
2015-05-28 09:21 - 2015-05-28 09:21 - 00351432 _____ () C:\Windows\Minidump\052815-19156-01.dmp
2015-05-28 09:21 - 2015-05-28 09:21 - 00000000 ____D () C:\Windows\Minidump
2015-05-28 09:08 - 2015-05-28 17:25 - 00014165 _____ () C:\Users\Moonspelll\Desktop\11111.txt
2015-05-28 09:05 - 2015-05-28 09:05 - 00001081 _____ () C:\Users\Moonspelll\Desktop\Malwarebytes Anti-Malware.txt
2015-05-28 02:47 - 2015-05-28 02:47 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-28 02:46 - 2015-05-28 09:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-28 00:35 - 2015-05-28 00:35 - 00008403 _____ () C:\Users\Moonspelll\Desktop\eset.txt
2015-05-27 20:03 - 2015-05-28 02:14 - 00000000 ____D () C:\Users\Moonspelll\Downloads\Attachments_2015527
2015-05-27 18:51 - 2015-05-27 18:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-27 00:36 - 2015-05-28 19:59 - 00000896 _____ () C:\Windows\setupact.log
2015-05-27 00:36 - 2015-05-27 00:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-26 19:13 - 2015-05-26 19:13 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\AVAST Software
2015-05-26 19:12 - 2015-05-26 19:12 - 00001940 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-26 19:12 - 2015-05-26 19:12 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-26 19:12 - 2015-05-26 19:12 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-26 19:12 - 2015-05-26 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-26 19:11 - 2015-05-28 20:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-26 19:11 - 2015-05-26 19:11 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-26 19:11 - 2015-05-26 19:11 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-26 19:11 - 2015-05-26 19:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-26 19:11 - 2015-05-26 19:10 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-26 19:10 - 2015-05-26 19:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-26 19:09 - 2015-05-26 19:09 - 00000000 ____D () C:\Users\Public\Documents\PC Faster
2015-05-26 19:04 - 2015-05-26 19:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 16:37 - 2015-05-26 16:37 - 00000000 ____D () C:\Users\Moonspelll\Downloads\Pnny-Drdfl-S02E04_IMDB-DL
2015-05-26 16:37 - 2015-05-26 16:37 - 00000000 ____D () C:\Users\Moonspelll\Downloads\Gm-Of-Thrns-S05E07_IMDB-DL
2015-05-26 08:23 - 2015-05-28 23:49 - 00000000 ____D () C:\FRST
2015-05-26 08:21 - 2015-05-26 08:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\NVIDIA
2015-05-26 02:32 - 2015-05-26 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-26 02:31 - 2015-05-28 19:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 02:31 - 2015-05-12 07:04 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-26 02:29 - 2015-05-13 11:22 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-26 02:29 - 2015-05-13 11:22 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-26 02:29 - 2015-05-13 11:22 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-26 02:29 - 2015-05-12 10:57 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-26 02:29 - 2014-11-22 15:16 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-26 02:29 - 2014-11-22 15:16 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-05-26 02:29 - 2014-11-22 15:16 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-26 02:16 - 2015-05-12 08:00 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-26 02:16 - 2015-05-11 21:31 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-26 01:10 - 2015-05-28 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-26 01:00 - 2015-05-26 01:07 - 00000000 ____D () C:\Users\Moonspelll\Desktop\program data
2015-05-26 00:53 - 2015-05-26 00:54 - 00000000 ____D () C:\Users\Moonspelll\Desktop\dungeon
2015-05-25 23:06 - 2015-05-28 20:59 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\NVIDIA
2015-05-25 21:31 - 2015-05-25 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 20:11 - 2015-05-27 00:36 - 00017676 _____ () C:\Windows\PFRO.log
2015-05-24 23:48 - 2015-05-24 23:48 - 00000319 _____ () C:\Users\Moonspelll\Downloads\bra.rar
2015-05-24 22:07 - 2015-05-21 00:33 - 00000000 ___RD () C:\Users\Moonspelll\Downloads\The.Witcher.3.Wild.Hunt
2015-05-24 22:06 - 2015-05-24 22:07 - 02379756 _____ () C:\Users\Moonspelll\Downloads\The.Witcher.3.Wild.Hunt.7z
2015-05-24 21:51 - 2015-05-20 10:13 - 02097664 _____ (LinGon) C:\Users\Moonspelll\Downloads\TheWitcher3_WH+14Tr-LNG_v1.02.exe
2015-05-24 21:51 - 2015-04-18 16:40 - 00006351 _____ () C:\Users\Moonspelll\Downloads\TheWitcher3_WH+14Tr-LNG_v1.02 - INFO.txt
2015-05-24 21:49 - 2015-05-24 21:50 - 01871390 _____ () C:\Users\Moonspelll\Downloads\TheWitcher3-WH-14Tr.rar
2015-05-24 21:38 - 2015-05-24 21:49 - 00000000 ____D () C:\Users\Moonspelll\Downloads\The Witcher 3 - Wild Hunt 1.03 +19 Trainer
2015-05-24 20:12 - 2015-05-28 23:09 - 00252227 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 19:15 - 2015-05-28 09:13 - 00000000 ____D () C:\AdwCleaner
2015-05-24 19:14 - 2015-05-24 19:15 - 02223104 _____ () C:\Users\Moonspelll\Downloads\adwcleaner_4.205.exe
2015-05-23 19:07 - 2015-05-28 22:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 19:05 - 2015-05-23 19:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 19:05 - 2015-05-23 19:05 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 19:05 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 19:05 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 19:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 18:35 - 2015-05-23 19:30 - 00000000 ____D () C:\ProgramData\BCloudScan_exe
2015-05-23 00:46 - 2015-05-23 00:46 - 00000212 _____ () C:\Users\Moonspelll\Desktop\fffffhhf.txt
2015-05-22 19:04 - 2015-05-22 19:04 - 00000984 _____ () C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk
2015-05-22 18:55 - 2015-05-01 21:21 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-22 18:55 - 2015-05-01 21:21 - 01316000 _____ () C:\Windows\SysWOW64\nvspbridge.dll
2015-05-22 18:55 - 2015-05-01 21:20 - 01756424 _____ () C:\Windows\system32\nvspbridge64.dll
2015-05-22 18:55 - 2015-05-01 21:20 - 01570672 _____ () C:\Windows\system32\nvspcap64.dll
2015-05-22 11:30 - 2015-04-11 07:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-22 10:51 - 2015-05-28 21:45 - 00000000 ____D () C:\Users\Moonspelll\Documents\The Witcher 3
2015-05-22 10:51 - 2015-05-24 08:32 - 00000000 ____D () C:\Users\Moonspelll\Desktop\The Witcher 3
2015-05-21 19:31 - 2015-05-22 19:06 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-05-21 19:29 - 2014-06-15 15:18 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2015-05-21 19:29 - 2014-06-15 15:18 - 00450560 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\mss32.dll
2015-05-21 19:29 - 2014-06-15 15:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEShims.dll
2015-05-21 19:29 - 2014-06-15 15:10 - 00176128 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw32.dll
2015-05-20 22:34 - 2015-05-12 10:57 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\SET34E3.tmp
2015-05-20 22:34 - 2015-05-12 10:57 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\SET42C3.tmp
2015-05-20 22:19 - 2015-05-22 10:41 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nvidia GeForce Game Ready Driver
2015-05-20 21:21 - 2015-05-20 21:21 - 00001059 _____ () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LangOver 5.lnk
2015-05-20 21:21 - 2015-05-20 21:21 - 00001029 _____ () C:\Users\Moonspelll\Desktop\LangOver.lnk
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LangOver 5
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\LangOver.com
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Program Files (x86)\LangOver
2015-05-20 21:18 - 2015-05-20 21:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-20 21:15 - 2015-05-20 21:15 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-05-20 21:14 - 2015-05-20 21:14 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-05-20 21:14 - 2015-05-20 21:14 - 00002055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-05-20 21:14 - 2015-05-20 21:14 - 00002032 _____ () C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-05-20 21:13 - 2015-05-20 21:20 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-20 21:13 - 2015-05-20 21:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-20 18:27 - 2015-05-20 17:25 - 00197616 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-05-19 22:38 - 2015-05-27 20:37 - 00000020 _____ () C:\Users\Moonspelll\Desktop\nngcngcngc.txt
2015-05-17 18:39 - 2015-05-18 18:11 - 14503936 _____ () C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb
2015-05-17 18:38 - 2015-05-17 18:38 - 00001197 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Business 2015i.lnk
2015-05-17 18:38 - 2015-05-17 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2015-05-17 18:38 - 2015-05-17 18:38 - 00000000 ____D () C:\Program Files\SiSoftware
2015-05-17 08:56 - 2015-05-17 08:56 - 00002321 _____ () C:\Users\Moonspelll\Desktop\Chrome App Launcher.lnk
2015-05-17 08:56 - 2015-05-17 08:56 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-17 00:06 - 2015-05-17 00:06 - 00000000 ____D () C:\Users\Moonspelll\Documents\3DMarkFarandole
2015-05-16 22:42 - 2015-05-16 22:42 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-05-16 19:46 - 2015-05-16 19:46 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor.lnk
2015-05-16 19:46 - 2015-05-16 19:46 - 00001100 _____ () C:\Users\Public\Desktop\Infix PDF Editor.lnk
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Aspell
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor 6
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Aspell
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Program Files (x86)\Iceni
2015-05-15 23:06 - 2015-05-25 20:29 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2015-05-15 23:06 - 2015-05-16 01:00 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\thriXXX
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D () C:\ProgramData\thriXXX
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D () C:\Program Files (x86)\thriXXX
2015-05-15 01:30 - 2015-05-01 17:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 01:30 - 2015-05-01 17:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:17 - 2015-05-05 05:59 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 00:17 - 2015-05-05 05:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-15 00:17 - 2015-04-18 07:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-15 00:17 - 2015-04-18 07:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-15 00:14 - 2015-04-20 07:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 00:14 - 2015-04-20 07:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 00:14 - 2015-04-20 07:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-15 00:14 - 2015-04-20 06:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 00:09 - 2015-04-13 07:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 00:07 - 2015-04-08 07:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 00:07 - 2015-04-08 07:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-15 00:07 - 2015-04-08 07:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 00:47 - 2015-05-18 20:19 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-05-13 00:45 - 2015-05-18 20:21 - 00000000 ____D () C:\Users\Moonspelll\Documents\3DMark
2015-05-13 00:45 - 2015-05-13 00:45 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Futuremark
2015-05-13 00:44 - 2015-05-13 00:44 - 00001210 _____ () C:\Users\Public\Desktop\3DMark.lnk
2015-05-13 00:44 - 2015-05-13 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-05-13 00:44 - 2015-05-13 00:44 - 00000000 ____D () C:\Program Files\Futuremark
2015-05-12 16:42 - 2015-05-28 19:58 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-12 01:15 - 2015-05-12 01:15 - 00001458 _____ () C:\Users\Moonspelll\Desktop\aida64.exe - Shortcut.lnk
2015-05-12 01:14 - 2015-05-12 16:15 - 00000000 ____D () C:\Program Files\aida64extreme520
2015-05-12 01:02 - 2015-05-12 01:02 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2015-05-10 23:26 - 2015-05-10 23:26 - 04221101 _____ () C:\Users\Moonspelll\Desktop\Desktop.7z
2015-05-10 02:21 - 2015-05-12 17:30 - 00000104 _____ () C:\Users\Moonspelll\Desktop\t6e.txt
2015-05-09 00:41 - 2015-05-09 00:41 - 00042576 _____ (DeskSoft) C:\Windows\system32\Drivers\dsnpfd.sys
2015-05-07 19:59 - 2015-05-22 21:29 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-05-07 19:59 - 2015-04-27 23:58 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-07 19:59 - 2015-04-27 23:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-07 19:59 - 2015-04-27 23:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-07 19:59 - 2015-04-27 23:56 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-07 19:59 - 2015-04-27 23:52 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-07 19:59 - 2015-04-27 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-07 19:59 - 2015-04-27 23:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-07 19:59 - 2015-04-27 23:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:41 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-07 19:59 - 2015-04-27 23:41 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-07 19:59 - 2015-04-27 23:38 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-07 19:59 - 2015-04-27 23:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-07 19:59 - 2015-04-27 23:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-07 19:59 - 2015-04-27 23:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-07 19:59 - 2015-04-27 23:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-07 19:59 - 2015-04-27 22:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-07 19:59 - 2015-04-27 22:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-07 19:59 - 2015-04-27 22:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-07 19:39 - 2015-04-14 16:08 - 04664792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-05-07 19:39 - 2015-04-14 15:38 - 01736408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-05-07 19:39 - 2015-04-14 13:10 - 01303256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-05-07 19:39 - 2015-04-14 11:05 - 01990874 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-05-07 19:39 - 2015-04-13 15:44 - 00168816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-05-07 19:39 - 2015-04-09 13:30 - 02846936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-05-07 19:39 - 2015-03-19 09:50 - 02907864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-05-07 19:39 - 2015-03-10 14:34 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-05-07 19:39 - 2015-01-19 14:40 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-05-07 19:39 - 2014-12-02 15:12 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-05-07 19:39 - 2014-11-11 10:14 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-05-07 19:39 - 2014-05-22 12:54 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-05-07 19:39 - 2013-06-21 07:31 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-05-07 19:39 - 2012-08-31 15:48 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-05-07 19:39 - 2011-12-20 12:02 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-05-07 19:39 - 2011-11-22 12:58 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-05-07 19:38 - 2015-03-11 14:34 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-05-07 19:32 - 2015-05-07 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2015-05-07 17:47 - 2015-05-07 17:47 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\ExtremeCopy
2015-05-07 17:10 - 2015-05-07 17:10 - 00000000 ____D () C:\Program Files\Intel
2015-05-07 16:59 - 2015-05-07 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp
2015-05-07 16:59 - 2009-07-14 05:45 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difx70fc.rra
2015-05-07 16:57 - 2015-01-15 11:12 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-07 16:57 - 2015-01-15 11:12 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-05-07 15:17 - 2015-04-09 05:28 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\SET6CBD.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\SET6004.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\SET6AB9.tmp
2015-05-07 15:15 - 2015-02-20 02:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-07 15:15 - 2015-02-20 02:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-07 15:10 - 2010-05-06 14:56 - 00023693 _____ () C:\Windows\system32\deleteme.txt-nv16563
2015-05-06 03:13 - 2009-07-14 05:45 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difxcec2.rra
2015-05-06 03:12 - 2012-09-17 15:05 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2015-05-06 02:54 - 2015-05-06 02:54 - 00000967 _____ () C:\Users\Public\Desktop\DriverEasy.lnk
2015-05-06 02:54 - 2015-05-06 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-05-04 20:04 - 2015-05-04 20:04 - 00000199 _____ () C:\Users\Moonspelll\Desktop\4242.txt
2015-05-02 19:15 - 2015-05-02 19:15 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\.mono
2015-05-02 19:15 - 2015-05-02 19:15 - 00000000 ____D () C:\ProgramData\.mono
2015-05-02 17:04 - 2015-05-02 17:04 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Microsoft Research
2015-05-02 17:03 - 2015-05-02 17:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Research
2015-05-01 19:02 - 2015-03-04 09:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 19:02 - 2015-03-04 09:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 19:02 - 2015-03-04 09:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 19:02 - 2015-03-04 09:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 19:02 - 2015-03-04 08:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-01 19:02 - 2015-03-04 08:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-01 19:02 - 2015-03-04 08:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-01 19:00 - 2015-02-18 11:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-01 19:00 - 2015-02-18 11:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-30 19:20 - 2015-05-15 00:03 - 00000150 _____ () C:\Users\Moonspelll\Desktop\`111.txt
2015-04-29 05:41 - 2015-05-26 02:37 - 00003807 _____ () C:\Windows\system32\HWLook.log

Moonspell · May 28, 2015

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 23:33 - 2015-01-07 19:58 - 00000000 ____D () C:\KMPlayer
2015-05-28 21:39 - 2009-07-14 07:50 - 00000000 __RHD () C:\Users\Default
2015-05-28 21:37 - 2009-07-14 07:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 21:32 - 2014-10-03 07:56 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-28 21:24 - 2014-10-03 07:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\DMCache
2015-05-28 21:11 - 2015-03-06 21:49 - 00000000 ____D () C:\Users\Moonspelll\Desktop\New folder
2015-05-28 20:34 - 2009-07-14 09:43 - 00916036 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 20:08 - 2009-07-14 09:15 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 20:08 - 2009-07-14 09:15 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 20:05 - 2014-10-03 08:08 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\DAEMON Tools Pro
2015-05-28 19:59 - 2009-07-14 09:39 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-28 19:58 - 2014-10-03 07:15 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-28 19:58 - 2009-07-14 09:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 18:52 - 2014-10-03 07:50 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-05-28 17:37 - 2014-10-03 19:11 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-05-28 02:24 - 2014-10-03 07:54 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Last.fm
2015-05-26 19:14 - 2014-10-13 02:26 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Raxco
2015-05-26 02:32 - 2014-10-03 07:37 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-26 02:32 - 2014-10-03 07:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-26 02:32 - 2014-10-03 07:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-26 02:16 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\Help
2015-05-26 01:24 - 2014-10-16 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-25 20:27 - 2015-02-28 23:41 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-05-25 20:27 - 2015-02-28 23:41 - 00000000 ____D () C:\Program Files\Image-Line
2015-05-25 20:27 - 2015-02-28 23:35 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-05-24 23:47 - 2014-11-24 23:37 - 00000000 ____D () C:\Users\Moonspelll\Documents\Assassin's Creed Unity
2015-05-24 19:12 - 2014-11-15 08:06 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\TeamViewer
2015-05-24 19:12 - 2014-10-03 07:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 08:30 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\tracing
2015-05-23 19:34 - 2010-11-21 11:46 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-05-23 19:31 - 2014-11-09 23:31 - 00000000 ____D () C:\Program Files\BurnInTest
2015-05-23 19:31 - 2014-10-19 20:28 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-22 19:20 - 2015-02-26 15:24 - 00001031 _____ () C:\Users\Moonspelll\Desktop\Internet Download Manager.lnk
2015-05-22 19:04 - 2014-10-03 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-05-22 19:04 - 2014-10-03 07:55 - 00000000 ____D () C:\Program Files\CPUID
2015-05-22 18:56 - 2014-11-03 15:42 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\NVIDIA Corporation
2015-05-22 11:34 - 2014-10-03 06:57 - 00000000 ____D () C:\Users\Moonspelll
2015-05-22 10:51 - 2014-10-03 20:09 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 19:54 - 2014-10-03 18:05 - 00899902 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-21 19:08 - 2014-10-20 00:10 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2015-05-20 22:33 - 2015-01-18 16:29 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\ViberPC
2015-05-20 22:32 - 2015-01-18 16:45 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Viber
2015-05-20 22:26 - 2014-11-08 19:09 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Adobe
2015-05-20 22:25 - 2009-07-14 09:15 - 00413896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-20 22:19 - 2014-11-03 15:34 - 00000000 ____D () C:\Program Files\P30Day
2015-05-20 21:21 - 2015-02-08 20:16 - 00110096 _____ () C:\Users\Moonspelll\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 21:20 - 2014-10-03 07:56 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Adobe
2015-05-16 16:06 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-16 04:52 - 2014-10-04 01:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-16 04:46 - 2014-10-04 01:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 11:45 - 2010-11-21 11:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 00:44 - 2014-10-03 22:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-12 10:57 - 2015-02-20 02:18 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\SET443B.tmp
2015-05-12 10:57 - 2015-02-20 02:18 - 00031710 _____ () C:\Windows\system32\nvinfo.pb
2015-05-11 08:40 - 2014-10-03 07:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-11 08:40 - 2012-02-15 17:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-09 01:40 - 2014-11-11 01:38 - 00000000 ____D () C:\Program Files (x86)\BWMeter
2015-05-08 19:33 - 2015-02-13 17:27 - 00000000 ____D () C:\Users\Moonspelll\Downloads\QNTAL - QNTAL VII (2014)
2015-05-07 19:41 - 2014-10-03 07:07 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-05-07 19:40 - 2014-11-26 00:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-05-07 19:37 - 2014-10-03 23:22 - 00002084 _____ () C:\Users\Moonspelll\Desktop\PC App Store.lnk
2015-05-07 19:32 - 2014-10-03 17:04 - 00000000 ____D () C:\Program Files\TeraCopy
2015-05-07 17:37 - 2014-11-27 22:51 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-05-07 16:59 - 2014-10-03 07:08 - 00000000 ____D () C:\Windows\RaidTool
2015-05-07 16:57 - 2014-10-03 07:07 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-07 15:00 - 2014-10-03 22:58 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-05-07 14:57 - 2014-10-04 17:19 - 00000000 ____D () C:\temp
2015-05-06 02:41 - 2015-01-02 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetFxmod V3.4
2015-05-06 02:41 - 2014-10-03 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-04 20:17 - 2014-10-03 07:55 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-05-04 14:06 - 2015-04-10 18:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-04 14:06 - 2015-04-10 18:07 - 00000000 ____D () C:\Program Files\Java
2015-05-04 14:05 - 2015-04-10 18:08 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-02 19:15 - 2014-12-14 20:33 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Kalypso Media
2015-05-01 00:55 - 2015-04-22 22:54 - 00000982 _____ () C:\Users\Moonspelll\Desktop\PerformanceTest.lnk

==================== Files in the root of some directories =======

2015-05-24 18:15 - 2015-05-24 18:36 - 0000115 _____ () C:\Users\Moonspelll\AppData\Roaming\LogFile.txt
2015-05-17 18:39 - 2015-05-18 18:11 - 14503936 _____ () C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb
2015-05-28 23:48 - 2015-05-28 23:48 - 0000700 ___SH () C:\Users\Moonspelll\AppData\Local\systemFL7.dat
2015-05-28 23:48 - 2015-05-28 23:48 - 0001213 ___SH () C:\Users\Moonspelll\AppData\Local\win_fldb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 0011781 ___SH () C:\Users\Moonspelll\AppData\Local\win_flfiles_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 0003465 ___SH () C:\Users\Moonspelll\AppData\Local\win_stlthdb_sys.dat
2014-10-04 17:20 - 2014-10-04 17:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-28 23:47 - 2015-05-28 23:47 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat

Some files in TEMP:
====================
C:\Users\Moonspelll\AppData\Local\Temp\launcher.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-25 23:36

==================== End of log ============================

Broni · May 28, 2015

Did you run FRST as administrator?
I'm asking because in your log I see a lot of these: Failed to access process

Moonspell · May 28, 2015

Sorry

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Moonspelll (administrator) on MOONSPELL on 29-05-2015 00:34:05
Running from E:\Downloads\Programs
Loaded Profiles: Moonspelll (Available Profiles: Moonspelll)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(PandoraTV) C:\KMPlayer\KMPlayer.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 2015-04-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-17] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2013-08-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-26] (Avast Software s.r.o.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.exe [330040 2015-05-28] ( New Softwares.net)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275768 2015-05-28] (New Softwares.net)
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-26] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.keycode.asia/tabligh
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-26] (Avast Software s.r.o.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-26] (Avast Software s.r.o.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2407973311-3509357600-1588227675-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-10-25] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-10-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-11] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-10-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-10-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Extension: anonymoX - C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default\Extensions\client@anonymox.net.xpi [2014-10-19]
FF Extension: Access FreeNetI - C:\Users\Moonspelll\AppData\Roaming\Mozilla\Firefox\Profiles\nxersh2t.default\Extensions\info@freeneti.com.xpi [2014-10-19]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-03]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-26]
FF HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5 [2015-05-22]
FF HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Moonspelll\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Webpage Screenshot) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-10-03]
CHR Extension: (Google Search) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-05-20]
CHR Extension: (Google Sheets) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (AdBlock) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-03]
CHR Extension: (Avast Online Security) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-03]
CHR Extension: (IDM Integration Module) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjgffenlaenblicaimjjhenpigegidh [2015-05-22]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-05-17]
CHR Extension: (Gmail) - C:\Users\Moonspelll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-26]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

Moonspell · May 28, 2015

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-26] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-26] (Avast Software)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92984 2015-05-28] (New Softwares.net)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-05-06] (Futuremark)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96688 2015-05-19] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589608 2015-05-19] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) []
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () []
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) []
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSSQLSERVER; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [X]
S4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-26] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-26] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-26] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-26] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-26] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-26] ()
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31160 2014-04-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-03] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-11-03] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
U0 msahci; No ImagePath
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2015-05-28] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-16] (Synaptics Incorporated)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S2 TBPanel; No ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-26] (Avast Software)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36472 2015-05-28] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2015-05-28] (NewSoftwares.net, Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 vsserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 23:48 - 2015-05-28 23:48 - 00001213 ___SH () C:\Users\Moonspelll\AppData\Local\win_fldb_sys.dat
2015-05-28 23:48 - 2015-05-28 23:48 - 00000700 ___SH () C:\Users\Moonspelll\AppData\Local\systemFL7.dat
2015-05-28 23:48 - 2015-05-28 23:48 - 00000693 ___SH () C:\Windows\SysWOW64\win_fldb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00011781 ___SH () C:\Users\Moonspelll\AppData\Local\win_flfiles_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00003465 ___SH () C:\Windows\SysWOW64\win_stlthdb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00003465 ___SH () C:\Users\Moonspelll\AppData\Local\win_stlthdb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 00002568 ___SH () C:\ProgramData\win_mpwd_sys.dat
2015-05-28 23:46 - 2015-05-28 23:46 - 00330040 _____ ( New Softwares.net) C:\Windows\SysWOW64\WinFLTrayShred.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00330040 _____ ( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00225680 _____ (NewSoftwares.net, Inc.) C:\Windows\SysWOW64\WinVDEdrv.sys
2015-05-28 23:46 - 2015-05-28 23:46 - 00197648 _____ () C:\Windows\SysWOW64\WinVDEdrv6.sys
2015-05-28 23:46 - 2015-05-28 23:46 - 00092984 _____ (New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00040960 _____ () C:\Windows\SysWOW64\nwsftUninstall.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00036472 _____ () C:\Windows\SysWOW64\WinFLAdrv.sys
2015-05-28 23:46 - 2015-05-28 23:46 - 00014024 _____ () C:\Windows\SysWOW64\WinFLMsgService.exe
2015-05-28 23:46 - 2015-05-28 23:46 - 00001157 _____ () C:\Users\Public\Desktop\Folder Lock.lnk
2015-05-28 23:46 - 2015-05-28 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Lock
2015-05-28 23:46 - 2015-05-28 23:46 - 00000000 ____D () C:\Program Files (x86)\NewSoftware's
2015-05-28 23:35 - 2010-07-22 17:13 - 00054848 _____ (FSPro Labs) C:\Windows\system32\Drivers\FSPFltd.sys
2015-05-28 21:39 - 2015-05-28 21:39 - 00032059 _____ () C:\ComboFix.txt
2015-05-28 21:25 - 2011-06-26 11:15 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 21:25 - 2010-11-07 21:50 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 21:25 - 2009-04-20 09:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 21:25 - 2000-08-31 04:30 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 21:24 - 2015-05-28 21:39 - 00000000 ____D () C:\Qoobox
2015-05-28 21:24 - 2015-05-28 21:38 - 00000000 ____D () C:\Windows\erdnt
2015-05-28 20:40 - 2015-05-28 20:40 - 00000978 _____ () C:\Users\Public\Desktop\The Witcher 3 - Wild Hunt.lnk
2015-05-28 20:40 - 2015-05-28 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 Wild Hunt
2015-05-28 20:04 - 2015-05-28 20:04 - 00000749 _____ () C:\Users\Public\Desktop\Braveland.lnk
2015-05-28 20:04 - 2015-05-28 20:04 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\CrashRpt
2015-05-28 20:04 - 2015-05-28 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-28 09:35 - 2015-05-28 09:35 - 00002641 _____ () C:\Users\Moonspelll\Desktop\JRT.txt
2015-05-28 09:30 - 2015-05-28 09:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOONSPELL-Windows-7-Ultimate-(64-bit).dat
2015-05-28 09:30 - 2015-05-28 09:30 - 00000000 ____D () C:\RegBackup
2015-05-28 09:26 - 2015-05-27 15:11 - 02946603 _____ (Thisisu) C:\Users\Moonspelll\Desktop\JRT_NEW.exe
2015-05-28 09:21 - 2015-05-28 09:21 - 681302358 _____ () C:\Windows\MEMORY.DMP
2015-05-28 09:21 - 2015-05-28 09:21 - 00351432 _____ () C:\Windows\Minidump\052815-19156-01.dmp
2015-05-28 09:21 - 2015-05-28 09:21 - 00000000 ____D () C:\Windows\Minidump
2015-05-28 09:08 - 2015-05-28 17:25 - 00014165 _____ () C:\Users\Moonspelll\Desktop\11111.txt
2015-05-28 09:05 - 2015-05-28 09:05 - 00001081 _____ () C:\Users\Moonspelll\Desktop\Malwarebytes Anti-Malware.txt
2015-05-28 02:47 - 2015-05-28 02:47 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-28 02:46 - 2015-05-28 09:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-28 00:35 - 2015-05-28 00:35 - 00008403 _____ () C:\Users\Moonspelll\Desktop\eset.txt
2015-05-27 20:03 - 2015-05-28 02:14 - 00000000 ____D () C:\Users\Moonspelll\Downloads\Attachments_2015527
2015-05-27 18:51 - 2015-05-27 18:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-27 00:36 - 2015-05-28 19:59 - 00000896 _____ () C:\Windows\setupact.log
2015-05-27 00:36 - 2015-05-27 00:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-26 19:13 - 2015-05-26 19:13 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\AVAST Software
2015-05-26 19:12 - 2015-05-26 19:12 - 00001940 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-26 19:12 - 2015-05-26 19:12 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-26 19:12 - 2015-05-26 19:12 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-26 19:12 - 2015-05-26 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-26 19:11 - 2015-05-28 20:02 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-26 19:11 - 2015-05-26 19:11 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-26 19:11 - 2015-05-26 19:11 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-26 19:11 - 2015-05-26 19:11 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-26 19:11 - 2015-05-26 19:11 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-26 19:11 - 2015-05-26 19:10 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-26 19:10 - 2015-05-26 19:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-26 19:09 - 2015-05-26 19:09 - 00000000 ____D () C:\Users\Public\Documents\PC Faster
2015-05-26 19:04 - 2015-05-26 19:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 16:37 - 2015-05-26 16:37 - 00000000 ____D () C:\Users\Moonspelll\Downloads\Pnny-Drdfl-S02E04_IMDB-DL
2015-05-26 16:37 - 2015-05-26 16:37 - 00000000 ____D () C:\Users\Moonspelll\Downloads\Gm-Of-Thrns-S05E07_IMDB-DL
2015-05-26 08:23 - 2015-05-29 00:34 - 00000000 ____D () C:\FRST
2015-05-26 08:21 - 2015-05-26 08:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\NVIDIA
2015-05-26 02:32 - 2015-05-26 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-26 02:31 - 2015-05-28 19:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-26 02:31 - 2015-05-12 07:04 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-26 02:29 - 2015-05-13 11:22 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-26 02:29 - 2015-05-13 11:22 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-26 02:29 - 2015-05-13 11:22 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-26 02:29 - 2015-05-12 10:57 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00502896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-26 02:29 - 2015-05-12 10:57 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-26 02:29 - 2014-11-22 15:16 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-26 02:29 - 2014-11-22 15:16 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-05-26 02:29 - 2014-11-22 15:16 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-26 02:16 - 2015-05-12 08:00 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-26 02:16 - 2015-05-12 08:00 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-26 02:16 - 2015-05-11 21:31 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-26 01:10 - 2015-05-28 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-26 01:00 - 2015-05-26 01:07 - 00000000 ____D () C:\Users\Moonspelll\Desktop\program data
2015-05-26 00:53 - 2015-05-26 00:54 - 00000000 ____D () C:\Users\Moonspelll\Desktop\dungeon
2015-05-25 23:06 - 2015-05-28 20:59 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\NVIDIA
2015-05-25 21:31 - 2015-05-25 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-25 20:11 - 2015-05-27 00:36 - 00017676 _____ () C:\Windows\PFRO.log
2015-05-24 23:48 - 2015-05-24 23:48 - 00000319 _____ () C:\Users\Moonspelll\Downloads\bra.rar
2015-05-24 22:07 - 2015-05-21 00:33 - 00000000 ___RD () C:\Users\Moonspelll\Downloads\The.Witcher.3.Wild.Hunt
2015-05-24 22:06 - 2015-05-24 22:07 - 02379756 _____ () C:\Users\Moonspelll\Downloads\The.Witcher.3.Wild.Hunt.7z
2015-05-24 21:51 - 2015-05-20 10:13 - 02097664 _____ (LinGon) C:\Users\Moonspelll\Downloads\TheWitcher3_WH+14Tr-LNG_v1.02.exe
2015-05-24 21:51 - 2015-04-18 16:40 - 00006351 _____ () C:\Users\Moonspelll\Downloads\TheWitcher3_WH+14Tr-LNG_v1.02 - INFO.txt
2015-05-24 21:49 - 2015-05-24 21:50 - 01871390 _____ () C:\Users\Moonspelll\Downloads\TheWitcher3-WH-14Tr.rar
2015-05-24 21:38 - 2015-05-24 21:49 - 00000000 ____D () C:\Users\Moonspelll\Downloads\The Witcher 3 - Wild Hunt 1.03 +19 Trainer
2015-05-24 20:12 - 2015-05-28 23:09 - 00252227 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 19:15 - 2015-05-28 09:13 - 00000000 ____D () C:\AdwCleaner
2015-05-24 19:14 - 2015-05-24 19:15 - 02223104 _____ () C:\Users\Moonspelll\Downloads\adwcleaner_4.205.exe
2015-05-23 19:07 - 2015-05-28 22:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 19:05 - 2015-05-23 19:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 19:05 - 2015-05-23 19:05 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 19:05 - 2015-05-23 19:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 19:05 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 19:05 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 19:05 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-23 18:35 - 2015-05-23 19:30 - 00000000 ____D () C:\ProgramData\BCloudScan_exe
2015-05-23 00:46 - 2015-05-23 00:46 - 00000212 _____ () C:\Users\Moonspelll\Desktop\fffffhhf.txt
2015-05-22 19:04 - 2015-05-22 19:04 - 00000984 _____ () C:\Users\Public\Desktop\CPUID HWMonitorPro.lnk
2015-05-22 18:55 - 2015-05-01 21:21 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-22 18:55 - 2015-05-01 21:21 - 01316000 _____ () C:\Windows\SysWOW64\nvspbridge.dll
2015-05-22 18:55 - 2015-05-01 21:20 - 01756424 _____ () C:\Windows\system32\nvspbridge64.dll
2015-05-22 18:55 - 2015-05-01 21:20 - 01570672 _____ () C:\Windows\system32\nvspcap64.dll
2015-05-22 11:30 - 2015-04-11 07:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-22 10:51 - 2015-05-28 21:45 - 00000000 ____D () C:\Users\Moonspelll\Documents\The Witcher 3
2015-05-22 10:51 - 2015-05-24 08:32 - 00000000 ____D () C:\Users\Moonspelll\Desktop\The Witcher 3
2015-05-21 19:31 - 2015-05-22 19:06 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-05-21 19:29 - 2014-06-15 15:18 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2015-05-21 19:29 - 2014-06-15 15:18 - 00450560 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\mss32.dll
2015-05-21 19:29 - 2014-06-15 15:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEShims.dll
2015-05-21 19:29 - 2014-06-15 15:10 - 00176128 _____ (RAD Game Tools, Inc.) C:\Windows\SysWOW64\binkw32.dll
2015-05-20 22:34 - 2015-05-12 10:57 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\SET34E3.tmp
2015-05-20 22:34 - 2015-05-12 10:57 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\SET42C3.tmp
2015-05-20 22:19 - 2015-05-22 10:41 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nvidia GeForce Game Ready Driver
2015-05-20 21:21 - 2015-05-20 21:21 - 00001059 _____ () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LangOver 5.lnk
2015-05-20 21:21 - 2015-05-20 21:21 - 00001029 _____ () C:\Users\Moonspelll\Desktop\LangOver.lnk
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LangOver 5
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\LangOver.com
2015-05-20 21:21 - 2015-05-20 21:21 - 00000000 ____D () C:\Program Files (x86)\LangOver
2015-05-20 21:18 - 2015-05-20 21:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-20 21:15 - 2015-05-20 21:15 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-05-20 21:14 - 2015-05-20 21:14 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-05-20 21:14 - 2015-05-20 21:14 - 00002055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-05-20 21:14 - 2015-05-20 21:14 - 00002032 _____ () C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-05-20 21:13 - 2015-05-20 21:20 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-20 21:13 - 2015-05-20 21:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-20 18:27 - 2015-05-20 17:25 - 00197616 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-05-19 22:38 - 2015-05-27 20:37 - 00000020 _____ () C:\Users\Moonspelll\Desktop\nngcngcngc.txt
2015-05-17 18:39 - 2015-05-18 18:11 - 14503936 _____ () C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb
2015-05-17 18:38 - 2015-05-17 18:38 - 00001197 _____ () C:\Users\Public\Desktop\SiSoftware Sandra Business 2015i.lnk
2015-05-17 18:38 - 2015-05-17 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2015-05-17 18:38 - 2015-05-17 18:38 - 00000000 ____D () C:\Program Files\SiSoftware
2015-05-17 08:56 - 2015-05-17 08:56 - 00002321 _____ () C:\Users\Moonspelll\Desktop\Chrome App Launcher.lnk
2015-05-17 08:56 - 2015-05-17 08:56 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-17 00:06 - 2015-05-17 00:06 - 00000000 ____D () C:\Users\Moonspelll\Documents\3DMarkFarandole
2015-05-16 22:42 - 2015-05-16 22:42 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-05-16 19:46 - 2015-05-16 19:46 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor.lnk
2015-05-16 19:46 - 2015-05-16 19:46 - 00001100 _____ () C:\Users\Public\Desktop\Infix PDF Editor.lnk
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Aspell
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor 6
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Iceni
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\ProgramData\Aspell
2015-05-16 19:46 - 2015-05-16 19:46 - 00000000 ____D () C:\Program Files (x86)\Iceni
2015-05-15 23:06 - 2015-05-25 20:29 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2015-05-15 23:06 - 2015-05-16 01:00 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\thriXXX
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D () C:\ProgramData\thriXXX
2015-05-15 23:06 - 2015-05-15 23:06 - 00000000 ____D () C:\Program Files (x86)\thriXXX
2015-05-15 01:30 - 2015-05-01 17:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 01:30 - 2015-05-01 17:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:17 - 2015-05-05 05:59 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 00:17 - 2015-05-05 05:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-15 00:17 - 2015-04-18 07:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-15 00:17 - 2015-04-18 07:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-15 00:14 - 2015-04-20 07:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 00:14 - 2015-04-20 07:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 00:14 - 2015-04-20 07:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-15 00:14 - 2015-04-20 06:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 00:09 - 2015-04-13 07:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 00:07 - 2015-04-08 07:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 00:07 - 2015-04-08 07:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-15 00:07 - 2015-04-08 07:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 00:47 - 2015-05-18 20:19 - 00000022 _____ () C:\Windows\GPU-Z.INI
2015-05-13 00:45 - 2015-05-18 20:21 - 00000000 ____D () C:\Users\Moonspelll\Documents\3DMark
2015-05-13 00:45 - 2015-05-13 00:45 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Futuremark
2015-05-13 00:44 - 2015-05-13 00:44 - 00001210 _____ () C:\Users\Public\Desktop\3DMark.lnk
2015-05-13 00:44 - 2015-05-13 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-05-13 00:44 - 2015-05-13 00:44 - 00000000 ____D () C:\Program Files\Futuremark
2015-05-12 16:42 - 2015-05-28 19:58 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-12 01:15 - 2015-05-12 01:15 - 00001458 _____ () C:\Users\Moonspelll\Desktop\aida64.exe - Shortcut.lnk
2015-05-12 01:14 - 2015-05-12 16:15 - 00000000 ____D () C:\Program Files\aida64extreme520
2015-05-12 01:02 - 2015-05-12 01:02 - 00000000 ____D () C:\Program Files (x86)\FinalWire
2015-05-10 23:26 - 2015-05-10 23:26 - 04221101 _____ () C:\Users\Moonspelll\Desktop\Desktop.7z
2015-05-10 02:21 - 2015-05-12 17:30 - 00000104 _____ () C:\Users\Moonspelll\Desktop\t6e.txt
2015-05-09 00:41 - 2015-05-09 00:41 - 00042576 _____ (DeskSoft) C:\Windows\system32\Drivers\dsnpfd.sys
2015-05-07 19:59 - 2015-05-22 21:29 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-05-07 19:59 - 2015-04-27 23:58 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-07 19:59 - 2015-04-27 23:58 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-07 19:59 - 2015-04-27 23:58 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-07 19:59 - 2015-04-27 23:56 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00503808 _____ (Microsoft Corporation)

Moonspell · May 28, 2015

C:\Windows\system32\srcore.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-07 19:59 - 2015-04-27 23:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-07 19:59 - 2015-04-27 23:52 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-07 19:59 - 2015-04-27 23:52 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-07 19:59 - 2015-04-27 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-07 19:59 - 2015-04-27 23:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-07 19:59 - 2015-04-27 23:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:41 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-07 19:59 - 2015-04-27 23:41 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-07 19:59 - 2015-04-27 23:38 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-07 19:59 - 2015-04-27 23:35 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-07 19:59 - 2015-04-27 23:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-07 19:59 - 2015-04-27 23:34 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-07 19:59 - 2015-04-27 23:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-07 19:59 - 2015-04-27 23:33 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-07 19:59 - 2015-04-27 23:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-07 19:59 - 2015-04-27 23:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-07 19:59 - 2015-04-27 23:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:36 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-07 19:59 - 2015-04-27 22:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-07 19:59 - 2015-04-27 22:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-07 19:59 - 2015-04-27 22:25 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-07 19:59 - 2015-04-27 22:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-07 19:39 - 2015-04-14 16:08 - 04664792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-05-07 19:39 - 2015-04-14 15:38 - 01736408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-05-07 19:39 - 2015-04-14 13:10 - 01303256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-05-07 19:39 - 2015-04-14 11:05 - 01990874 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-05-07 19:39 - 2015-04-13 15:44 - 00168816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-05-07 19:39 - 2015-04-09 13:30 - 02846936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-05-07 19:39 - 2015-03-19 09:50 - 02907864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-05-07 19:39 - 2015-03-10 14:34 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-05-07 19:39 - 2015-01-19 14:40 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-05-07 19:39 - 2014-12-02 15:12 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-05-07 19:39 - 2014-11-11 10:14 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-05-07 19:39 - 2014-09-24 08:01 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-05-07 19:39 - 2014-05-22 12:54 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-05-07 19:39 - 2013-06-21 07:31 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-05-07 19:39 - 2012-08-31 15:48 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-05-07 19:39 - 2012-08-31 15:47 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-05-07 19:39 - 2011-12-20 12:02 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-05-07 19:39 - 2011-11-22 12:58 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-05-07 19:39 - 2011-05-31 06:12 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-05-07 19:38 - 2015-03-11 14:34 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-05-07 19:32 - 2015-05-07 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2015-05-07 17:47 - 2015-05-07 17:47 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\ExtremeCopy
2015-05-07 17:10 - 2015-05-07 17:10 - 00000000 ____D () C:\Program Files\Intel
2015-05-07 16:59 - 2015-05-07 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JMicron Technology Corp
2015-05-07 16:59 - 2009-07-14 05:45 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difx70fc.rra
2015-05-07 16:57 - 2015-01-15 11:12 - 00977624 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-07 16:57 - 2015-01-15 11:12 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-05-07 15:17 - 2015-04-09 05:28 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\SET6CBD.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\SET6004.tmp
2015-05-07 15:17 - 2015-04-09 05:28 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\SET6AB9.tmp
2015-05-07 15:15 - 2015-02-20 02:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-07 15:15 - 2015-02-20 02:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-07 15:10 - 2010-05-06 14:56 - 00023693 _____ () C:\Windows\system32\deleteme.txt-nv16563
2015-05-06 03:13 - 2009-07-14 05:45 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difxcec2.rra
2015-05-06 03:12 - 2012-09-17 15:05 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2015-05-06 02:54 - 2015-05-06 02:54 - 00000967 _____ () C:\Users\Public\Desktop\DriverEasy.lnk
2015-05-06 02:54 - 2015-05-06 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-05-04 20:04 - 2015-05-04 20:04 - 00000199 _____ () C:\Users\Moonspelll\Desktop\4242.txt
2015-05-02 19:15 - 2015-05-02 19:15 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\.mono
2015-05-02 19:15 - 2015-05-02 19:15 - 00000000 ____D () C:\ProgramData\.mono
2015-05-02 17:04 - 2015-05-02 17:04 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Microsoft Research
2015-05-02 17:03 - 2015-05-02 17:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Research
2015-05-01 19:02 - 2015-03-04 09:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 19:02 - 2015-03-04 09:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 19:02 - 2015-03-04 09:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 19:02 - 2015-03-04 09:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 19:02 - 2015-03-04 08:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-01 19:02 - 2015-03-04 08:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-01 19:02 - 2015-03-04 08:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-01 19:00 - 2015-02-18 11:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-01 19:00 - 2015-02-18 11:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-30 19:20 - 2015-05-15 00:03 - 00000150 _____ () C:\Users\Moonspelll\Desktop\`111.txt
2015-04-29 05:41 - 2015-05-26 02:37 - 00003807 _____ () C:\Windows\system32\HWLook.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 23:33 - 2015-01-07 19:58 - 00000000 ____D () C:\KMPlayer
2015-05-28 21:39 - 2009-07-14 07:50 - 00000000 __RHD () C:\Users\Default
2015-05-28 21:37 - 2009-07-14 07:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 21:32 - 2014-10-03 07:56 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-28 21:24 - 2014-10-03 07:21 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\DMCache
2015-05-28 21:11 - 2015-03-06 21:49 - 00000000 ____D () C:\Users\Moonspelll\Desktop\New folder
2015-05-28 20:34 - 2009-07-14 09:43 - 00916036 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 20:08 - 2009-07-14 09:15 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 20:08 - 2009-07-14 09:15 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 20:05 - 2014-10-03 08:08 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\DAEMON Tools Pro
2015-05-28 19:59 - 2009-07-14 09:39 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-28 19:58 - 2014-10-03 07:15 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-05-28 19:58 - 2009-07-14 09:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 18:52 - 2014-10-03 07:50 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-05-28 17:37 - 2014-10-03 19:11 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box
2015-05-28 02:24 - 2014-10-03 07:54 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Last.fm
2015-05-26 19:14 - 2014-10-13 02:26 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Raxco
2015-05-26 02:32 - 2014-10-03 07:37 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-26 02:32 - 2014-10-03 07:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-26 02:32 - 2014-10-03 07:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-26 02:16 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\Help
2015-05-26 01:24 - 2014-10-16 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-25 20:27 - 2015-02-28 23:41 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-05-25 20:27 - 2015-02-28 23:41 - 00000000 ____D () C:\Program Files\Image-Line
2015-05-25 20:27 - 2015-02-28 23:35 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2015-05-24 23:47 - 2014-11-24 23:37 - 00000000 ____D () C:\Users\Moonspelll\Documents\Assassin's Creed Unity
2015-05-24 19:12 - 2014-11-15 08:06 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\TeamViewer
2015-05-24 19:12 - 2014-10-03 07:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 08:30 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\tracing
2015-05-23 19:34 - 2010-11-21 11:46 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-05-23 19:31 - 2014-11-09 23:31 - 00000000 ____D () C:\Program Files\BurnInTest
2015-05-23 19:31 - 2014-10-19 20:28 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-22 19:20 - 2015-02-26 15:24 - 00001031 _____ () C:\Users\Moonspelll\Desktop\Internet Download Manager.lnk
2015-05-22 19:04 - 2014-10-03 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-05-22 19:04 - 2014-10-03 07:55 - 00000000 ____D () C:\Program Files\CPUID
2015-05-22 18:56 - 2014-11-03 15:42 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\NVIDIA Corporation
2015-05-22 11:34 - 2014-10-03 06:57 - 00000000 ____D () C:\Users\Moonspelll
2015-05-22 10:51 - 2014-10-03 20:09 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-21 19:54 - 2014-10-03 18:05 - 00899902 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-21 19:08 - 2014-10-20 00:10 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2015-05-20 22:33 - 2015-01-18 16:29 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\ViberPC
2015-05-20 22:32 - 2015-01-18 16:45 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Viber
2015-05-20 22:26 - 2014-11-08 19:09 - 00000000 ____D () C:\Users\Moonspelll\AppData\Local\Adobe
2015-05-20 22:25 - 2009-07-14 09:15 - 00413896 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-20 22:19 - 2014-11-03 15:34 - 00000000 ____D () C:\Program Files\P30Day
2015-05-20 21:21 - 2015-02-08 20:16 - 00110096 _____ () C:\Users\Moonspelll\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-20 21:20 - 2014-10-03 07:56 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Adobe
2015-05-16 16:06 - 2009-07-14 07:50 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-16 04:52 - 2014-10-04 01:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-16 04:46 - 2014-10-04 01:39 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 11:45 - 2010-11-21 11:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 00:44 - 2014-10-03 22:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-12 10:57 - 2015-02-20 02:18 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\SET443B.tmp
2015-05-12 10:57 - 2015-02-20 02:18 - 00031710 _____ () C:\Windows\system32\nvinfo.pb
2015-05-11 08:40 - 2014-10-03 07:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-11 08:40 - 2012-02-15 17:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-09 01:40 - 2014-11-11 01:38 - 00000000 ____D () C:\Program Files (x86)\BWMeter
2015-05-08 19:33 - 2015-02-13 17:27 - 00000000 ____D () C:\Users\Moonspelll\Downloads\QNTAL - QNTAL VII (2014)
2015-05-07 19:41 - 2014-10-03 07:07 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-05-07 19:40 - 2014-11-26 00:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-05-07 19:37 - 2014-10-03 23:22 - 00002084 _____ () C:\Users\Moonspelll\Desktop\PC App Store.lnk
2015-05-07 19:32 - 2014-10-03 17:04 - 00000000 ____D () C:\Program Files\TeraCopy
2015-05-07 17:37 - 2014-11-27 22:51 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-05-07 16:59 - 2014-10-03 07:08 - 00000000 ____D () C:\Windows\RaidTool
2015-05-07 16:57 - 2014-10-03 07:07 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-07 15:00 - 2014-10-03 22:58 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-05-07 14:57 - 2014-10-04 17:19 - 00000000 ____D () C:\temp
2015-05-06 02:41 - 2015-01-02 03:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetFxmod V3.4
2015-05-06 02:41 - 2014-10-03 07:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-04 20:17 - 2014-10-03 07:55 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-05-04 14:06 - 2015-04-10 18:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-04 14:06 - 2015-04-10 18:07 - 00000000 ____D () C:\Program Files\Java
2015-05-04 14:05 - 2015-04-10 18:08 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-02 19:15 - 2014-12-14 20:33 - 00000000 ____D () C:\Users\Moonspelll\AppData\Roaming\Kalypso Media
2015-05-01 00:55 - 2015-04-22 22:54 - 00000982 _____ () C:\Users\Moonspelll\Desktop\PerformanceTest.lnk

==================== Files in the root of some directories =======

2015-05-24 18:15 - 2015-05-24 18:36 - 0000115 _____ () C:\Users\Moonspelll\AppData\Roaming\LogFile.txt
2015-05-17 18:39 - 2015-05-18 18:11 - 14503936 _____ () C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb
2015-05-28 23:48 - 2015-05-28 23:48 - 0000700 ___SH () C:\Users\Moonspelll\AppData\Local\systemFL7.dat
2015-05-28 23:48 - 2015-05-28 23:48 - 0001213 ___SH () C:\Users\Moonspelll\AppData\Local\win_fldb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 0011781 ___SH () C:\Users\Moonspelll\AppData\Local\win_flfiles_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 0003465 ___SH () C:\Users\Moonspelll\AppData\Local\win_stlthdb_sys.dat
2014-10-04 17:20 - 2014-10-04 17:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-28 23:47 - 2015-05-28 23:47 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat

Some files in TEMP:
====================
C:\Users\Moonspelll\AppData\Local\Temp\launcher.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-25 23:36

==================== End of log ============================

Moonspell · May 28, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Moonspelll at 2015-05-29 00:34:35
Running from E:\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2407973311-3509357600-1588227675-500 - Administrator - Disabled)
Guest (S-1-5-21-2407973311-3509357600-1588227675-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2407973311-3509357600-1588227675-1002 - Limited - Enabled)
Moonspelll (S-1-5-21-2407973311-3509357600-1588227675-1000 - Administrator - Enabled) => C:\Users\Moonspelll

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM-x32\...\{f5aa1c48-f2dc-4f4f-a71d-65bd7d0dc5c5}) (Version: 1.5.893.0 - Futuremark)
3DMark (Version: 1.5.893.0 - Futuremark) Hidden
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed Rogue (HKLM-x32\...\Uplay Install 895) (Version: - Ubisoft)
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Badoo Desktop (HKLM-x32\...\{D91D71FB-C52E-440D-8A78-5E5E05487DA0}) (Version: 1.6.58.1220 - Badoo)
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Borland Database Engine Setup (HKLM-x32\...\Borland Database Engine Setup) (Version: - )
Braveland (HKLM-x32\...\1207662143_is1) (Version: 2.2.0.4 - GOG.com)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor Pro 1.23 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
DriverEasy 4.9.1 (HKLM\...\DriverEasy_is1) (Version: 4.9.1.0 - Easeware)
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EXPERTool 7.9 (HKLM-x32\...\MySSID_is1) (Version: - Gainward Co., Ltd)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Folder Lock (HKLM-x32\...\Folder Lock) (Version: - New Softwares.net)
Foxit Reader (HKLM-x32\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
Google Chrome (HKLM-x32\...\{A83C558F-C5CA-3A3A-B338-B166FDDA09C9}) (Version: 66.3.32892 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Hotspot Shield 4.15.2 (HKLM-x32\...\HotspotShield) (Version: 4.15.2 - AnchorFree Inc.)
IEG PATCH V2 AIO (HKLM-x32\...\IEG PATCH V2 AIO2) (Version: 2 - Iranian Editor Groups)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Infix PDF Editor version 6.3.7.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.3.7.0 - Iceni Technology)
Intel(R) Chipset Device Software (x32 Version: 10.0.26 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.132 - PandoraTV)
LangOver 5 (HKLM-x32\...\LangOver 5) (Version: 5.0 - LangOver.com)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.3 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.52742 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}) (Version: 2.0.50728 - Microsoft Corporation)
MKVToolNix 5.8.0 (HKLM-x32\...\MKVToolNix) (Version: 5.8.0 - Moritz Bunkus)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PC App Store (HKLM-x32\...\PC App Store 5.0.1.8490) (Version: 5.0.1.8490 - Baidu, Inc.)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1034.0 - Passmark Software)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Communications Corp.)
Pro Evolution Soccer 2015 DataPack v4.0 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7487 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SiSoftware Sandra Business 2015i (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.12.2015.1 - SiSoftware)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version: - )
Viber (HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
ZirYab 3 (HKLM-x32\...\ZirYab 3) (Version: 3 - abasi.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

27-05-2015 02:00:20 Automatic creation
28-05-2015 02:00:19 Automatic creation
28-05-2015 20:29:23 Automatic creation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:04 - 2015-05-28 21:37 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0684227C-A1B6-4F86-A4DE-ACB6F5CC10CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {0BD089E2-0111-421C-8620-9639BE3707C1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2407973311-3509357600-1588227675-1000
Task: {0D586169-3487-40A3-97D0-E55F0F01CEFC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (Avast Software s.r.o.)
Task: {3DA40C9C-325A-470B-8D6C-4AEB1F8EE0AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5727F9C6-9A06-4C90-83BE-C6D1198314B7} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {65782BCB-DD27-40F1-AB59-62509FF0B15E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {6A8B2D1B-81AB-4ADF-9629-20F074C07641} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {8888DB5C-CEF6-437F-BF5A-7F7C3C02490A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9C2BD7A2-A05A-4EA8-AEEB-94155524AC13} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B3BF04A1-1D65-4E07-AE72-FBB4F8224524} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {C9DA10D9-0F4B-4B14-87C5-31827ADF3675} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {D3ADBFA5-B77A-4D8D-972E-42E846D7EC33} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {F376CB2D-D944-4CE8-8719-BD6BD0EDD326} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {FCDE582B-E27A-403D-9F5A-07843BED8154} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-26 02:16 - 2015-05-12 08:00 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-03 07:11 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2014-09-17 01:32 - 2014-09-17 01:32 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-17 01:32 - 2014-09-17 01:32 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-05-19 05:31 - 2015-05-19 05:31 - 00589608 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2014-10-03 07:08 - 2010-01-19 07:01 - 00072304 ____R () C:\Windows\SysWOW64\XSrvSetup.exe
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-03 17:04 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-10-03 17:04 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-05-16 03:11 - 2015-05-05 07:49 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-16 03:11 - 2015-05-05 07:49 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-05-16 03:11 - 2015-05-05 07:49 - 26787144 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
2015-05-26 19:11 - 2015-05-26 19:11 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-26 19:11 - 2015-05-26 19:11 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-28 13:31 - 2015-05-28 13:31 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052800\algo.dll
2015-05-29 00:00 - 2015-05-29 00:00 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052801\algo.dll
2014-10-03 07:11 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2015-05-19 05:30 - 2015-05-19 05:30 - 01749288 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2015-05-26 02:32 - 2015-05-01 21:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-10-03 08:09 - 2014-03-17 03:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
2015-05-26 19:11 - 2015-05-26 19:11 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinFLAdrv.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Moonspelll\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C436C24B-C529-4622-B795-AFF16AC82388}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{348C8E6D-DD94-42E3-811F-75B28B42E934}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [Daum PotPlayer(PotPlayerMini64.exe)] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{148D0035-42C9-424C-AC7B-836BF8DC9928}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{943B0808-221B-4612-A396-DC6F7C4C5BCB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B13A5236-A516-456E-B50D-AA3354CD2571}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79FAF5DB-30FF-42CC-8842-5BB872AE7164}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{26577899-8E12-46A4-9132-E0D934280338}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{CA5E6646-9590-43A8-B98F-F299495D1532}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF0A3563-6080-47FA-89BC-F9636A1809A9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{30D3DB86-5C69-496A-819D-64D117CD7C4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{19EBB11B-A119-4EC6-A46B-DC7BA9DABEF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{02EDCF49-72C0-4578-A703-C5E2B385942B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81455CE0-ACC2-4D90-B268-F79110F4BDFB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{22981682-1358-4F4A-B2C7-91E29AC52336}] => (Allow) E:\Games\The Lord Of The Rings Battle For Middle Earth 2\game.dat
FirewallRules: [{4C153E34-9E70-4BED-81FF-D1F0D43DAC15}] => (Allow) E:\Games\The Lord Of The Rings Battle For Middle Earth 2\game.dat
FirewallRules: [{102F93E8-F758-4141-A70B-E38F5A7BAB80}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BEACFF8E-0A82-4406-A7BC-608667B17101}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9F59F667-B730-455C-9560-CD93A3242999}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7151A7DB-C5AF-4071-8F90-3807D4771068}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{5C3D4682-E3A2-4687-BF18-BE4496155797}E:\games\far cry 4\bin\farcry4.exe] => (Allow) E:\games\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{70D27AEA-7F77-4D60-9BB6-ACFE8115BAAD}E:\games\far cry 4\bin\farcry4.exe] => (Allow) E:\games\far cry 4\bin\farcry4.exe
FirewallRules: [{FCE7044C-74FC-4281-BC9B-B17737A0BBAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AF891CEB-51C9-4C7A-940C-BA2AF08C4203}E:\games\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{2C6E9C69-4D23-4B54-9080-14E63790C81A}E:\games\dying light\dyinglightgame.exe] => (Allow) E:\games\dying light\dyinglightgame.exe
FirewallRules: [{4CE97224-DD23-4C61-B8B3-3989D6541D27}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\WNt600x64\RpcSandraSrv.exe
FirewallRules: [{AFCF8853-9A2A-49E9-AD64-8DFD008EC24D}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Business 2015i\RpcAgentSrv.exe
FirewallRules: [{646CF1A5-B3CA-4862-AFD2-98FE262E80BC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2E25C32F-7857-409A-B0B1-D0940061DFAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46F4D19C-CA44-4095-9CAE-8E42F0663501}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CC46E928-68DC-4E22-9A77-813F966D3793}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 11:49:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:48:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:47:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 11:46:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 09:48:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (05/28/2015 09:43:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

System errors:
=============
Error: (05/28/2015 11:46:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The FLService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/28/2015 09:40:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/28/2015 09:40:36 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/28/2015 09:39:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/28/2015 09:39:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/28/2015 09:39:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-05-28 21:37:00.240
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-28 21:37:00.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 16375.49 MB
Available physical RAM: 13342.66 MB
Total Pagefile: 32749.19 MB
Available Pagefile: 29466.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Windows & Programs) (Fixed) (Total:99.9 GB) (Free:17.88 GB) NTFS
Drive d: (Setups) (Fixed) (Total:931.51 GB) (Free:567.13 GB) NTFS
Drive e: (Games & Downloads) (Fixed) (Total:831.51 GB) (Free:632.85 GB) NTFS
Drive f: (Others) (Fixed) (Total:3725.9 GB) (Free:2758.98 GB) NTFS
Drive l: (SONY-B) (Removable) (Total:14.54 GB) (Free:4.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D1C5E16D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 7AE1B87B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 14.6 GB) (Disk ID: 500A0DFF)
No partition Table on disk 3.

==================== End of log ============================

Broni · May 28, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Moonspell · May 28, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Moonspelll at 2015-05-29 01:13:39 Run:2
Running from E:\Downloads\Programs
Loaded Profiles: Moonspelll (Available Profiles: Moonspelll)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {5727F9C6-9A06-4C90-83BE-C6D1198314B7} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {D3ADBFA5-B77A-4D8D-972E-42E846D7EC33} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 MSSQLSERVER; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [X]
S4 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
U0 msahci; No ImagePath
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 vsserv; No ImagePath
2015-05-24 18:15 - 2015-05-24 18:36 - 0000115 _____ () C:\Users\Moonspelll\AppData\Roaming\LogFile.txt
2015-05-17 18:39 - 2015-05-18 18:11 - 14503936 _____ () C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb
2015-05-28 23:48 - 2015-05-28 23:48 - 0000700 ___SH () C:\Users\Moonspelll\AppData\Local\systemFL7.dat
2015-05-28 23:48 - 2015-05-28 23:48 - 0001213 ___SH () C:\Users\Moonspelll\AppData\Local\win_fldb_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 0011781 ___SH () C:\Users\Moonspelll\AppData\Local\win_flfiles_sys.dat
2015-05-28 23:47 - 2015-05-28 23:47 - 0003465 ___SH () C:\Users\Moonspelll\AppData\Local\win_stlthdb_sys.dat
2014-10-04 17:20 - 2014-10-04 17:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-28 23:47 - 2015-05-28 23:47 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat
C:\ProgramData\win_mpwd_sys.dat
C:\Users\Moonspelll\AppData\Local\Temp\launcher.exe

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5727F9C6-9A06-4C90-83BE-C6D1198314B7}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5727F9C6-9A06-4C90-83BE-C6D1198314B7}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3ADBFA5-B77A-4D8D-972E-42E846D7EC33}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3ADBFA5-B77A-4D8D-972E-42E846D7EC33}" => key Removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-2407973311-3509357600-1588227675-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
MSSQLSERVER => Service Removed successfully
MSSQLServerADHelper => Service Removed successfully
SQLBrowser => Service Removed successfully
msahci => Service Removed successfully
catchme => Service Removed successfully
vsserv => Service Removed successfully
C:\Users\Moonspelll\AppData\Roaming\LogFile.txt => Moved successfully.
C:\Users\Moonspelll\AppData\Roaming\Sandra.mdb => Moved successfully.
C:\Users\Moonspelll\AppData\Local\systemFL7.dat => Moved successfully.
C:\Users\Moonspelll\AppData\Local\win_fldb_sys.dat => Moved successfully.
C:\Users\Moonspelll\AppData\Local\win_flfiles_sys.dat => Moved successfully.
C:\Users\Moonspelll\AppData\Local\win_stlthdb_sys.dat => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\win_mpwd_sys.dat => Moved successfully.
"C:\ProgramData\win_mpwd_sys.dat" => File/Folder not found.
C:\Users\Moonspelll\AppData\Local\Temp\launcher.exe => Moved successfully.

==== End of Fixlog 01:13:40 ====

Broni · May 28, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Moonspell · May 29, 2015

I can't download [URL='https://www.techspot.com/downloads/5448-sophos-virus-removal-tool.html]Sophos Free Virus Removal Too[/URL]l from this link

Moonspell · May 29, 2015

Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.135)
Google Chrome (42.0.2311.152)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Solved Game.EXE Bad Image Error

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +516

Attachments

Posts: 25 +0

Posts: 56,041 +516

Posts: 25 +0

Posts: 25 +0

Similar threads