Solved Sluggish, etc

Ordog28 · Nov 11, 2015

Mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2015
Scan Time: 12:31
Logfile: Mal2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.11.05
Rootkit Database: v2015.11.04.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Trent

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346930
Time Elapsed: 14 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Ordog28 · Nov 11, 2015

ADW:

# AdwCleaner v5.019 - Logfile created 11/11/2015 at 15:03:35
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Trent - HELL-PC1
# Running from : C:\Users\Trent\Desktop\11102015\adwcleaner_5.019(1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [596 bytes] ##########

Ordog28 · Nov 11, 2015

JRT:

I'd note upon the program starting it said "ERROR: The system was unable to find the specified registry key or value"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by Trent on Wed 11/11/2015 at 15:09:20.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

~~~ Files

~~~ Folders

~~~ Chrome

[C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Trent\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/11/2015 at 15:22:44.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Nov 11, 2015

Not much there so far.

Re-run Combofix.

Ordog28 · Nov 11, 2015

Here's ComboFix's report.

ComboFix 15-11-09.01 - Trent 11/11/2015 20:57:45.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8149.6965 [GMT -6:00]
Running from: c:\users\Trent\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-10-12 to 2015-11-12 )))))))))))))))))))))))))))))))
.
.
2015-11-12 03:15 . 2015-11-12 03:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-11-12 03:15 . 2015-11-12 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-11 18:30 . 2015-11-11 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-11 18:30 . 2015-10-05 15:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-11 18:30 . 2015-10-05 15:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-11 00:50 . 2015-11-11 21:03 -------- d-----w- C:\AdwCleaner
2015-11-10 18:54 . 2015-11-10 18:54 -------- d-----w- c:\users\Trent\AppData\Roaming\RevTrax
2015-11-10 04:42 . 2015-11-10 05:01 -------- d-----w- c:\users\Trent\AppData\Local\NPE
2015-11-10 04:42 . 2015-11-10 04:42 -------- d-----w- c:\programdata\Norton
2015-11-10 00:48 . 2015-11-10 00:57 -------- d-----w- c:\users\Trent\Pavark
2015-11-09 23:46 . 2015-11-11 20:46 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-09 23:45 . 2015-10-05 15:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-09 23:45 . 2015-11-09 23:45 -------- d-----w- c:\users\Trent\New folder
2015-11-08 23:20 . 2015-11-09 09:48 -------- d-----w- C:\EEK
2015-11-08 01:04 . 2015-11-08 01:04 -------- d-----w- c:\programdata\OPSWAT
2015-11-08 00:24 . 2015-11-08 00:24 -------- d-----w- c:\programdata\NVIDIA
2015-11-08 00:21 . 2015-11-02 13:22 6358648 ----a-w- c:\windows\system32\nvcpl.dll
2015-11-08 00:21 . 2015-11-02 13:22 2983216 ----a-w- c:\windows\system32\nvsvc64.dll
2015-11-08 00:21 . 2015-11-02 13:22 938616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-11-08 00:21 . 2015-11-02 13:22 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-11-08 00:21 . 2015-11-02 13:22 385144 ----a-w- c:\windows\system32\nvmctray.dll
2015-11-08 00:21 . 2015-11-02 13:22 2554672 ----a-w- c:\windows\system32\nvsvcr.dll
2015-11-08 00:21 . 2015-10-29 00:31 6027430 ----a-w- c:\windows\system32\nvcoproc.bin
2015-11-08 00:21 . 2015-11-02 17:10 112760 ----a-w- c:\windows\system32\OpenCL.dll
2015-11-08 00:21 . 2015-11-02 17:10 105264 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-11-08 00:21 . 2015-11-08 00:21 -------- d-----w- c:\programdata\NVIDIA Corporation
2015-11-08 00:21 . 2015-11-08 00:21 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2015-11-08 00:18 . 2015-11-08 00:21 -------- d-----w- c:\program files\NVIDIA Corporation
2015-11-04 06:23 . 2015-11-04 06:23 10592424 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt55.dll
2015-11-04 06:23 . 2015-11-04 06:23 901288 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc55.dll
2015-11-04 06:23 . 2015-11-04 06:23 59560 ----a-w- c:\program files (x86)\Mozilla Firefox\lgpllibs.dll
2015-11-04 06:23 . 2015-11-04 06:23 1287848 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin55.dll
2015-10-31 04:09 . 2015-10-31 04:10 -------- d-----w- C:\Rem-VBSqt
2015-10-31 03:14 . 2015-09-14 19:45 3210240 ----a-w- c:\windows\system32\win32k.sys
2015-10-27 02:31 . 2015-10-27 02:31 -------- d-----w- c:\programdata\Sophos
2015-10-25 23:23 . 2015-10-20 09:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E81337FC-1C44-4B86-819D-6DA2AB29B4AB}\mpengine.dll
2015-10-24 21:42 . 2015-10-24 21:44 -------- d-----w- c:\users\Trent\AppData\Local\2Browse
2015-10-24 19:03 . 2015-10-24 19:10 -------- d-----w- c:\programdata\UVK
2015-10-24 18:08 . 2015-10-25 19:10 -------- d-----r- c:\users\Trent\Google Drive
2015-10-24 09:14 . 2015-10-24 18:05 -------- d-----w- c:\program files (x86)\Google
2015-10-24 09:14 . 2015-10-24 18:05 -------- d-----w- c:\users\Trent\AppData\Local\Google
2015-10-24 09:07 . 2015-10-24 09:39 -------- d-----w- c:\users\Trent\AppData\Local\Apple Inc
2015-10-24 08:46 . 2015-10-24 08:46 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-16 05:19 . 2015-10-16 05:20 -------- d-----w- C:\Overflow 1
2015-10-15 02:59 . 2012-08-03 05:27 2206352 ----a-w- c:\windows\system32\drivers\viahduaa.sys
2015-10-15 02:59 . 2012-08-03 05:27 681104 ----a-w- c:\windows\system32\VIASysFx.dll
2015-10-15 02:59 . 2012-08-03 05:27 2993296 ----a-w- c:\windows\system32\VIAPropPageExt.dll
2015-10-15 02:40 . 2015-10-15 02:40 -------- d-----w- C:\Auto
2015-10-13 23:40 . 2015-09-29 03:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-11 18:16 . 2015-09-03 03:57 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-11 06:06 . 2013-05-20 01:02 25640 ----a-w- c:\windows\etdrv.sys
2015-10-11 06:06 . 2013-05-20 00:14 30528 ----a-w- c:\windows\GVTDrv64.sys
2015-10-11 06:06 . 2013-05-20 00:14 25640 ----a-w- c:\windows\gdrv.sys
2015-10-02 18:09 . 2013-05-20 00:47 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-13 23:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-28 09:32 . 2013-05-20 01:33 6656 ----a-w- c:\windows\system32\lpcio.dll
2015-09-25 18:07 . 2015-10-10 08:03 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-09-25 18:07 . 2015-10-10 08:03 37888 ----a-w- c:\windows\system32\wups2.dll
2015-09-25 18:07 . 2015-10-10 08:03 36864 ----a-w- c:\windows\system32\wups.dll
2015-09-25 18:07 . 2015-10-10 08:03 3168768 ----a-w- c:\windows\system32\wucltux.dll
2015-09-25 18:07 . 2015-10-10 08:03 2607104 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-25 18:07 . 2015-10-10 08:03 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-25 18:07 . 2015-10-10 08:03 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-09-25 18:06 . 2015-10-10 08:03 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-25 18:06 . 2015-10-10 08:03 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-25 18:06 . 2015-10-10 08:03 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-09-25 18:06 . 2015-10-10 08:03 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-25 17:59 . 2015-10-10 08:03 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-09-25 17:59 . 2015-10-10 08:03 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-09-25 17:59 . 2015-10-10 08:03 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-09-25 17:59 . 2015-10-10 08:03 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-09-25 17:58 . 2015-10-10 08:03 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-09-18 19:22 . 2015-10-10 08:03 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-09-18 19:19 . 2015-10-10 08:03 700416 ----a-w- c:\windows\system32\invagent.dll
2015-09-18 19:19 . 2015-10-10 08:03 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-09-18 19:19 . 2015-10-10 08:03 503808 ----a-w- c:\windows\system32\devinv.dll
2015-09-18 19:19 . 2015-10-10 08:03 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-09-18 19:19 . 2015-10-10 08:03 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-09-18 19:09 . 2015-10-10 08:03 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 03:04 . 2015-09-10 07:03 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-10 07:03 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-10 07:03 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-10 07:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-10 07:03 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-10 07:03 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-10 07:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-10 07:03 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:47 . 2015-09-10 07:03 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-10 07:03 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-10 07:03 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-10 07:03 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-10 07:03 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-10 07:03 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-10 07:03 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-10 07:03 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-10 07:03 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-10 07:03 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MFE_RR;MFE_RR;c:\users\Trent\AppData\Local\Temp\mfe_rr.sys;c:\users\Trent\AppData\Local\Temp\mfe_rr.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R4 C7EE2EF2;C7EE2EF2;c:\windows\system32\drivers\C7EE2EF2.sys;c:\windows\SYSNATIVE\drivers\C7EE2EF2.sys [x]
R4 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R4 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R4 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
R4 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R4 SaiH0109;SaiH0109;c:\windows\system32\DRIVERS\SaiH0109.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0109.sys [x]
R4 SaiH0160;SaiH0160;c:\windows\system32\DRIVERS\SaiH0160.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0160.sys [x]
R4 SaiU0109;SaiU0109;c:\windows\system32\DRIVERS\SaiU0109.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0109.sys [x]
R4 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo64.dll;c:\windows\WiseHDInfo64.dll [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 epp64;epp64;c:\eek\bin\epp64.sys;c:\eek\bin\epp64.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-11 09:20 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 09:14]
.
2015-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 09:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-10-12 17:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-10-12 17:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-10-12 17:08 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-C7EE2EF2.sys
AddRemove-Stamps.com - c:\programdata\{C68B7C3F-FC8E-4631-A205-C857440AE0C1}\stamps.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-11-11 21:19:54
ComboFix-quarantined-files.txt 2015-11-12 03:19
.
Pre-Run: 123,100,553,216 bytes free
Post-Run: 123,301,957,632 bytes free
.
- - End Of File - - 115770490294CF1699F4FBA7B6FC5B64
A36C5E4F47E84449FF07ED3517B43A31

Broni · Nov 11, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Ordog28 · Nov 11, 2015

I have identified a Kaspersky module that loads- I've long uninstalled anything by them. It is called "C7EE2EF2.sys". It's been around since this started. If you agree, I'd like to run a Kaspersky's removal agent used for this issue. I'm not certain it is causing troubles, but I am certain it shouldn't be here.

Broni · Nov 12, 2015

Go ahead.

Ordog28 · Nov 12, 2015

The tool didn't auto detect anything; I had it remove the only products by them I'd used in the past, manually.

Here's the FRST log:

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Trent (administrator) on HELL-PC1 (12-11-2015 01:03:19)
Running from C:\Users\Trent\Downloads
Loaded Profiles: Trent (Available Profiles: Trent)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKU\S-1-5-21-3822528139-1650123135-726693888-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{53F25C74-60CF-4759-939E-9FC7D98FA93A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en

FireFox:
========
FF ProfilePath: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3822528139-1650123135-726693888-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Trent\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-3822528139-1650123135-726693888-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Trent\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\searchplugins\amazon-search-suggestions.xml [2014-06-21]
FF SearchPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\searchplugins\bookfindercom.xml [2015-11-08]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\Extensions\artur.dubovoy@gmail.com [2015-10-31]
FF Extension: Adblock Plus - C:\Users\Trent\AppData\Roaming\Mozilla\Firefox\Profiles\lrue508o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt => not found

Chrome:
=======
CHR Profile: C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
CHR Extension: (Google Docs) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Google Sheets) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-11-08] (Emsisoft GmbH)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-10-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
S4 SaiH0109; C:\Windows\System32\DRIVERS\SaiH0109.sys [171144 2007-05-01] (Saitek)
S4 SaiH0160; C:\Windows\System32\DRIVERS\SaiH0160.sys [179584 2008-11-24] (Saitek)
S4 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
S4 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S4 SaiU0109; C:\Windows\System32\DRIVERS\SaiU0109.sys [34304 2007-05-01] (Saitek)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-11] ()
S4 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-07-21] (wisecleaner.com)
S4 C7EE2EF2; system32\drivers\C7EE2EF2.sys [X]
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S3 MFE_RR; \??\C:\Users\Trent\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 01:03 - 2015-11-12 01:04 - 00013792 _____ C:\Users\Trent\Downloads\FRST.txt
2015-11-12 00:55 - 2015-11-12 01:03 - 00000000 ____D C:\FRST
2015-11-12 00:19 - 2015-11-12 00:19 - 00199871 _____ C:\Users\Trent\Desktop\kavremvr 2015-11-12 00-19-20 (pid 3716).log
2015-11-12 00:16 - 2015-11-12 00:18 - 00306263 _____ C:\Users\Trent\Desktop\kavremvr 2015-11-12 00-16-54 (pid 3056).log
2015-11-12 00:15 - 2015-11-12 00:15 - 00199871 _____ C:\Users\Trent\Desktop\kavremvr 2015-11-12 00-15-25 (pid 1384).log
2015-11-11 22:59 - 2015-11-11 22:59 - 02198528 _____ (Farbar) C:\Users\Trent\Downloads\FRST64.exe
2015-11-11 21:39 - 2015-11-11 21:39 - 07635760 _____ (Kaspersky Lab ZAO) C:\Users\Trent\Desktop\kavremover.exe
2015-11-11 21:32 - 2015-11-11 21:32 - 00001353 _____ C:\Users\Trent\Desktop\C7EE2EF2.sys_3530122329
2015-11-11 21:19 - 2015-11-11 21:19 - 00019410 _____ C:\ComboFix.txt
2015-11-11 20:55 - 2015-11-11 21:20 - 00000000 ____D C:\Qoobox
2015-11-11 20:55 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-11 20:55 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-11 20:55 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-11 20:55 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-11 20:55 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-11 20:55 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-11 20:55 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-11 20:55 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-11 20:02 - 2015-11-11 20:02 - 05638248 ____R (Swearware) C:\Users\Trent\Desktop\ComboFix.exe
2015-11-11 15:22 - 2015-11-11 15:22 - 00001171 _____ C:\Users\Trent\Desktop\JRT.txt
2015-11-11 15:11 - 2015-11-11 15:11 - 00000081 _____ C:\Users\Trent\Desktop\notes.txt
2015-11-11 15:08 - 2015-11-11 15:08 - 00000674 _____ C:\Users\Trent\Desktop\AdwCleaner[S2].txt
2015-11-11 14:59 - 2015-11-11 15:00 - 00001047 _____ C:\Users\Trent\Desktop\Mal2.txt
2015-11-11 12:30 - 2015-11-11 12:30 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-11 12:30 - 2015-11-11 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-11 12:30 - 2015-11-11 12:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-11 12:30 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-11 12:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-11 12:29 - 2015-11-11 12:29 - 00002410 _____ C:\Users\Trent\Desktop\RougueKiller1.txt
2015-11-11 11:56 - 2015-11-11 21:28 - 00000000 ____D C:\Users\Trent\Desktop\11102015
2015-11-10 20:39 - 2015-11-10 20:40 - 05490752 _____ (Secunia) C:\Users\Trent\Downloads\PSISetup(1).exe
2015-11-10 18:50 - 2015-11-11 15:03 - 00000000 ____D C:\AdwCleaner
2015-11-10 18:49 - 2015-11-10 18:49 - 01712128 _____ C:\Users\Trent\Downloads\adwcleaner_5.019.exe
2015-11-10 12:54 - 2015-11-10 12:54 - 00000000 ____D C:\Users\Trent\AppData\Roaming\RevTrax
2015-11-10 12:52 - 2015-11-10 12:52 - 01732608 _____ C:\Users\Trent\Downloads\RevTraxPrintMyCoupon.msi
2015-11-09 22:42 - 2015-11-09 23:01 - 00000000 ____D C:\Users\Trent\AppData\Local\NPE
2015-11-09 22:42 - 2015-11-09 22:42 - 00000000 ____D C:\ProgramData\Norton
2015-11-09 22:41 - 2015-11-09 22:41 - 03088296 _____ (Symantec Corporation) C:\Users\Trent\Downloads\NPE.exe
2015-11-09 21:47 - 2015-11-09 21:47 - 02747488 _____ (Symantec Corporation) C:\Users\Trent\Downloads\FixPoweliks64.exe
2015-11-09 21:17 - 2015-11-09 21:18 - 53770968 _____ (Microsoft Corporation) C:\Users\Trent\Downloads\Windows-KB890830-x64-V5.29.exe
2015-11-09 20:13 - 2015-11-11 12:15 - 00000114 _____ C:\Users\Trent\Desktop\11102015.txt
2015-11-09 18:48 - 2015-11-09 18:57 - 00000000 ____D C:\Users\Trent\Pavark
2015-11-09 17:49 - 2015-11-09 17:49 - 01410192 _____ C:\Users\Trent\Downloads\sar_15_sfx(1).exe
2015-11-09 17:46 - 2015-11-12 00:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-09 17:45 - 2015-11-09 17:45 - 00000000 ____D C:\Users\Trent\New folder
2015-11-09 17:45 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-09 17:43 - 2015-11-09 17:43 - 00000310 _____ C:\Users\Trent\Downloads\RootkitRemover_20151109_174322.log
2015-11-09 17:42 - 2015-11-09 17:44 - 48831832 _____ C:\Users\Trent\Downloads\BDPUARLauncher.exe
2015-11-08 22:24 - 2015-11-08 22:24 - 00380416 _____ C:\Users\Trent\Downloads\pj8xn9nk.exe
2015-11-08 17:20 - 2015-11-09 03:48 - 00000000 ____D C:\EEK
2015-11-08 16:34 - 2015-11-08 16:34 - 600183243 _____ C:\Windows\MEMORY.DMP
2015-11-08 16:34 - 2015-11-08 16:34 - 00338360 _____ C:\Windows\Minidump\110815-34928-01.dmp
2015-11-08 16:34 - 2015-11-08 16:34 - 00000000 ____D C:\Windows\Minidump
2015-11-08 16:07 - 2015-11-08 16:07 - 11337112 _____ (SurfRight B.V.) C:\Users\Trent\Downloads\HitmanPro_x64.exe
2015-11-07 19:46 - 2015-11-07 19:46 - 00002102 _____ C:\Users\Trent\AppData\Local\recently-used.xbel
2015-11-07 19:04 - 2015-11-07 19:16 - 00000620 _____ C:\Users\Trent\AppData\Local\multiscan.log
2015-11-07 18:38 - 2015-11-07 18:38 - 13377536 _____ C:\Users\Trent\Downloads\OPSWAT_GEARS_CLIENT_3445-7c867995737c1853977386e89a5560c5.msi
2015-11-07 18:24 - 2015-11-07 18:24 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-07 18:21 - 2015-11-07 18:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-07 18:21 - 2015-11-07 18:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-07 18:21 - 2015-11-02 11:10 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-07 18:21 - 2015-11-02 11:10 - 00105264 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-07 18:21 - 2015-11-02 07:22 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-07 18:21 - 2015-11-02 07:22 - 02983216 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-07 18:21 - 2015-11-02 07:22 - 02554672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-07 18:21 - 2015-11-02 07:22 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-07 18:21 - 2015-11-02 07:22 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-07 18:21 - 2015-11-02 07:22 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-07 18:21 - 2015-10-28 18:31 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-11-07 18:20 - 2015-11-02 11:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 37882160 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 22308472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 18361976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 17515016 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 16553376 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 15120736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 14836064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 12034440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 11130672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-07 18:20 - 2015-11-02 11:10 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 02490672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435887.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435887.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00862000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00500872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00468096 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00369456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-11-07 18:20 - 2015-11-02 11:10 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-07 18:18 - 2015-11-07 18:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-07 17:39 - 2015-11-11 11:38 - 00000000 ____D C:\Users\Trent\Desktop\New folder
2015-11-05 01:22 - 2015-11-05 01:39 - 00000000 ____D C:\Users\Trent\Documents\Baldur's Gate II - Enhanced Edition
2015-11-04 00:24 - 2015-11-04 00:24 - 00000222 _____ C:\Users\Trent\Desktop\Baldur's Gate II Enhanced Edition.url
2015-10-30 22:13 - 2015-10-30 22:13 - 01668356 _____ C:\Users\Trent\Downloads\DDU v12.9.9.2.exe
2015-10-30 22:09 - 2015-10-30 22:10 - 00000000 ____D C:\Rem-VBSqt
2015-10-30 22:08 - 2015-10-30 22:10 - 00001703 _____ C:\Rem-VBS.log
2015-10-30 21:14 - 2015-09-14 13:45 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-10-30 20:59 - 2015-10-30 20:59 - 07121390 _____ C:\Users\Trent\Downloads\CBS.log
2015-10-27 16:19 - 2015-11-10 18:49 - 00002065 _____ C:\DelFix.txt
2015-10-27 16:18 - 2015-10-27 16:18 - 05490752 _____ (Secunia) C:\Users\Trent\Downloads\PSISetup.exe
2015-10-26 23:34 - 2015-10-26 23:34 - 00584288 _____ (Oracle Corporation) C:\Users\Trent\Downloads\jre-8u65-windows-i586-iftw.exe
2015-10-26 20:31 - 2015-10-26 20:31 - 00000000 ____D C:\ProgramData\Sophos
2015-10-26 17:43 - 2015-11-12 00:56 - 00007190 _____ C:\Windows\PFRO.log
2015-10-26 16:19 - 2015-10-26 16:19 - 00010000 _____ C:\Users\Trent\Documents\Contact Information - MSU Care - Missouri State University.htm
2015-10-26 16:19 - 2015-10-26 16:19 - 00000000 ____D C:\Users\Trent\Documents\Contact Information - MSU Care - Missouri State University_files
2015-10-25 17:10 - 2015-10-25 17:10 - 00203982 _____ C:\Users\Trent\Documents\7 Actions to Take Immediately Following an EMP Strike _ Ask a Prepper.htm
2015-10-25 17:10 - 2015-10-25 17:10 - 00000000 ____D C:\Users\Trent\Documents\7 Actions to Take Immediately Following an EMP Strike _ Ask a Prepper_files
2015-10-24 18:34 - 2015-11-12 00:57 - 00005927 _____ C:\Windows\setupact.log
2015-10-24 18:34 - 2015-10-24 18:34 - 00000000 _____ C:\Windows\setuperr.log
2015-10-24 17:55 - 2015-10-24 17:55 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-24 15:42 - 2015-10-24 15:44 - 00000000 ____D C:\Users\Trent\AppData\Local\2Browse
2015-10-24 13:03 - 2015-10-24 13:10 - 00000000 ____D C:\ProgramData\UVK
2015-10-24 12:08 - 2015-10-25 13:10 - 00000000 ___RD C:\Users\Trent\Google Drive
2015-10-24 12:08 - 2015-10-24 12:08 - 00001695 _____ C:\Users\Trent\Desktop\Google Drive.lnk
2015-10-24 12:05 - 2015-10-24 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-24 03:16 - 2015-10-24 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-24 03:15 - 2015-11-12 00:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-24 03:15 - 2015-11-12 00:20 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-24 03:15 - 2015-10-24 03:15 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-24 03:15 - 2015-10-24 03:15 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-24 03:14 - 2015-10-24 12:05 - 00000000 ____D C:\Users\Trent\AppData\Local\Google
2015-10-24 03:14 - 2015-10-24 12:05 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-24 03:07 - 2015-10-24 03:39 - 00000000 ____D C:\Users\Trent\AppData\Local\Apple Inc
2015-10-24 02:46 - 2015-10-24 02:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-15 23:19 - 2015-10-15 23:20 - 00000000 ____D C:\Overflow 1
2015-10-14 21:17 - 2015-10-14 21:17 - 00001214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
2015-10-14 20:59 - 2012-08-02 23:27 - 02993296 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-10-14 20:59 - 2012-08-02 23:27 - 02206352 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-10-14 20:59 - 2012-08-02 23:27 - 00681104 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-10-14 20:40 - 2015-10-14 20:40 - 00000000 ____D C:\Auto
2015-10-13 17:41 - 2015-09-28 21:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 17:41 - 2015-09-28 21:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 17:41 - 2015-09-28 21:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 17:41 - 2015-09-28 21:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 17:41 - 2015-09-28 21:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 17:41 - 2015-09-28 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-13 17:41 - 2015-09-28 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-13 17:41 - 2015-09-28 21:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 17:41 - 2015-09-28 21:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-13 17:41 - 2015-09-28 21:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-13 17:41 - 2015-09-28 21:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

Ordog28 · Nov 12, 2015

2015-10-13 17:41 - 2015-09-28 21:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-13 17:41 - 2015-09-28 20:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-13 17:41 - 2015-09-28 20:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-13 17:41 - 2015-09-28 20:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-13 17:41 - 2015-09-28 20:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-13 17:41 - 2015-09-28 20:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-13 17:41 - 2015-09-28 20:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-13 17:41 - 2015-09-28 20:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-13 17:41 - 2015-09-28 20:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-13 17:41 - 2015-09-28 20:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-13 17:41 - 2015-09-28 20:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-13 17:41 - 2015-09-28 20:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-13 17:41 - 2015-09-28 20:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-13 17:41 - 2015-09-28 20:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 19:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 17:41 - 2015-09-28 19:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 17:41 - 2015-09-28 19:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 17:41 - 2015-09-28 19:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-13 17:41 - 2015-09-28 19:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 19:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 19:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-13 17:41 - 2015-09-28 19:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-13 17:41 - 2015-09-15 12:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 17:41 - 2015-09-15 12:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 17:41 - 2015-09-15 12:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 17:41 - 2015-09-15 12:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 17:41 - 2015-09-15 12:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 17:41 - 2015-09-15 12:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 17:41 - 2015-09-15 12:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 17:41 - 2015-09-15 12:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 17:41 - 2015-09-15 12:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 17:41 - 2015-09-15 11:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-13 17:41 - 2015-09-15 11:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-13 17:41 - 2015-09-15 11:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-13 17:41 - 2015-09-15 11:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-13 17:41 - 2015-08-06 12:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 17:41 - 2015-08-06 12:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 17:41 - 2015-08-06 11:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-13 17:41 - 2015-08-06 11:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-13 17:40 - 2015-10-01 12:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-13 17:40 - 2015-10-01 12:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-13 17:40 - 2015-10-01 12:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 17:40 - 2015-10-01 12:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 17:40 - 2015-10-01 12:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 17:40 - 2015-10-01 12:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 17:40 - 2015-10-01 12:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 17:40 - 2015-10-01 11:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-13 17:40 - 2015-10-01 11:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 17:40 - 2015-09-28 21:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 17:40 - 2015-09-28 21:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 17:40 - 2015-09-28 21:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 17:40 - 2015-09-28 21:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 17:40 - 2015-09-28 21:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-13 17:40 - 2015-09-28 20:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-13 17:40 - 2015-09-28 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-13 17:40 - 2015-09-28 20:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-13 17:40 - 2015-09-28 20:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-13 17:40 - 2015-09-28 20:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-13 17:40 - 2015-09-28 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-13 17:40 - 2015-09-18 13:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 17:40 - 2015-09-18 12:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-13 17:40 - 2015-09-15 22:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 17:40 - 2015-09-15 22:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 17:40 - 2015-09-15 22:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 17:40 - 2015-09-15 22:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 17:40 - 2015-09-15 22:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 17:40 - 2015-09-15 22:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 17:40 - 2015-09-15 22:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 17:40 - 2015-09-15 22:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 17:40 - 2015-09-15 22:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 17:40 - 2015-09-15 22:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 17:40 - 2015-09-15 22:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 17:40 - 2015-09-15 22:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 17:40 - 2015-09-15 22:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 17:40 - 2015-09-15 22:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 17:40 - 2015-09-15 22:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 17:40 - 2015-09-15 22:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 17:40 - 2015-09-15 22:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 17:40 - 2015-09-15 22:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 17:40 - 2015-09-15 21:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-13 17:40 - 2015-09-15 21:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 17:40 - 2015-09-15 21:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 17:40 - 2015-09-15 21:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 17:40 - 2015-09-15 21:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-13 17:40 - 2015-09-15 21:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 17:40 - 2015-09-15 21:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 17:40 - 2015-09-15 21:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 17:40 - 2015-09-15 21:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-13 17:40 - 2015-09-15 21:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-13 17:40 - 2015-09-15 21:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-13 17:40 - 2015-09-15 21:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-13 17:40 - 2015-09-15 21:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 17:40 - 2015-09-15 21:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-13 17:40 - 2015-09-15 21:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 17:40 - 2015-09-15 21:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 17:40 - 2015-09-15 21:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-13 17:40 - 2015-09-15 21:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 17:40 - 2015-09-15 21:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 17:40 - 2015-09-15 21:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-13 17:40 - 2015-09-15 21:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-13 17:40 - 2015-09-15 21:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-13 17:40 - 2015-09-15 21:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-13 17:40 - 2015-09-15 21:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 17:40 - 2015-09-15 21:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-13 17:40 - 2015-09-15 21:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-13 17:40 - 2015-09-15 21:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-13 17:40 - 2015-09-15 21:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 17:40 - 2015-09-15 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-13 17:40 - 2015-09-15 21:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-13 17:40 - 2015-09-15 21:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-13 17:40 - 2015-09-15 21:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-13 17:40 - 2015-09-15 21:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-13 17:40 - 2015-09-15 21:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-13 17:40 - 2015-09-15 20:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 17:40 - 2015-09-15 20:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-13 17:40 - 2015-09-15 20:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-13 17:40 - 2015-09-15 20:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-13 17:40 - 2015-09-15 20:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-13 17:40 - 2015-09-15 20:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-13 17:40 - 2015-09-15 20:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 17:40 - 2015-09-15 20:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-13 17:40 - 2015-09-15 20:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-13 17:40 - 2015-09-15 20:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 01:01 - 2015-07-21 16:46 - 01827249 _____ C:\Windows\WindowsUpdate.log
2015-11-12 00:57 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-11 21:35 - 2009-07-13 22:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-11 21:35 - 2009-07-13 22:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-11 21:16 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2015-11-11 20:55 - 2009-07-13 23:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-11 12:16 - 2015-09-02 21:57 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-11 11:20 - 2014-02-22 16:33 - 00000000 ____D C:\TV
2015-11-11 02:22 - 2013-05-19 22:56 - 00000000 ____D C:\Users\Trent\AppData\Roaming\vlc
2015-11-10 19:10 - 2009-07-13 23:13 - 00753248 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-10 18:48 - 2014-02-04 12:41 - 00000000 ____D C:\Windows\ERUNT
2015-11-10 02:09 - 2013-05-19 20:00 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-09 23:27 - 2015-02-05 16:04 - 00000000 ____D C:\Users\Trent\AppData\Local\Unity
2015-11-09 23:27 - 2013-05-20 20:15 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-11-09 21:36 - 2013-05-19 17:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-09 18:49 - 2013-05-21 23:35 - 00000000 ____D C:\Users\Trent\AppData\Local\CrashDumps
2015-11-09 18:48 - 2013-05-19 17:00 - 00000000 ____D C:\Users\Trent
2015-11-09 18:47 - 2014-03-22 03:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-09 17:46 - 2013-11-05 15:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-09 00:32 - 2014-08-28 14:37 - 00000000 ____D C:\Users\Trent\AppData\Local\Adobe
2015-11-07 20:43 - 2013-05-20 21:46 - 00000000 ____D C:\Users\Trent\.gimp-2.8
2015-11-07 18:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Help
2015-11-07 18:14 - 2013-05-19 17:16 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2015-11-06 02:17 - 2013-05-19 18:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 00:23 - 2014-07-23 13:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 14:21 - 2013-05-20 15:57 - 00000000 ____D C:\Users\Trent\AppData\Roaming\KeePass
2015-11-02 13:44 - 2013-05-20 19:11 - 00024046 _____ C:\Users\Trent\Documents\Main052013.kdbx
2015-10-31 02:40 - 2015-07-21 16:44 - 00313024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-26 00:46 - 2014-05-11 12:53 - 00000000 ____D C:\Program Files (x86)\Trillian
2015-10-25 17:18 - 2015-07-17 02:12 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-24 17:57 - 2015-07-21 15:52 - 00000000 ____D C:\Program Files\CCleaner
2015-10-24 13:16 - 2013-11-05 14:11 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Dropbox
2015-10-24 13:08 - 2014-03-14 20:48 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2015-10-24 12:59 - 2013-05-20 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-10-24 12:48 - 2015-06-02 22:47 - 00000000 ____D C:\Users\Trent\AppData\Roaming\Apple Computer
2015-10-24 12:48 - 2015-06-02 22:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-24 02:48 - 2015-06-02 22:47 - 00000000 ____D C:\Users\Trent\AppData\Local\Apple Computer
2015-10-24 02:46 - 2015-06-02 22:46 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-19 03:20 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-10-19 00:54 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-19 00:54 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-10-19 00:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-18 16:25 - 2013-11-05 23:58 - 00000000 ____D C:\Windows\pss
2015-10-14 21:17 - 2013-05-19 17:10 - 00000000 ____D C:\Program Files (x86)\VIA
2015-10-14 04:53 - 2015-04-04 22:52 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-13 17:52 - 2013-07-12 00:05 - 00000000 ____D C:\Windows\system32\MRT
2015-10-13 17:42 - 2015-04-04 22:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Files in the root of some directories =======

2015-11-07 19:04 - 2015-11-07 19:16 - 0000620 _____ () C:\Users\Trent\AppData\Local\multiscan.log
2015-11-07 19:46 - 2015-11-07 19:46 - 0002102 _____ () C:\Users\Trent\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 03:47

==================== End of FRST.txt ============================

Ordog28 · Nov 12, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Trent (2015-11-12 01:05:17)
Running from C:\Users\Trent\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-05-19 23:00:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3822528139-1650123135-726693888-500 - Administrator - Disabled)
Guest (S-1-5-21-3822528139-1650123135-726693888-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3822528139-1650123135-726693888-1003 - Limited - Enabled)
Trent (S-1-5-21-3822528139-1650123135-726693888-1000 - Administrator - Enabled) => C:\Users\Trent

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3CXPhone (HKLM-x32\...\{0DF8FA4D-299C-4250-9F09-C14E47E12224}) (Version: 4.0.26523.0 - 3CX)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version: - Beamdog)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Darkest Hour: A Hearts of Iron Game (HKLM-x32\...\Steam App 73170) (Version: - )
Data Lifeguard Diagnostic for Windows 1.28 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version: - Hidden Path Entertainment)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Endless Space (HKLM-x32\...\Steam App 208140) (Version: - Amplitude Studios)
Eudora (HKLM-x32\...\{7377A063-BCF1-40E1-86D9-312DA517776A}) (Version: 7.0 - )
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Galactic Civilizations III (HKLM-x32\...\Steam App 226860) (Version: - Stardock Entertainment)
Geneforge 5 (HKLM-x32\...\Steam App 201010) (Version: - Spiderweb Software)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Godus (HKLM-x32\...\Steam App 232810) (Version: - 22cans)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version: - Positech Games)
Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version: - )
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
KeePass Password Safe 2.22 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Kinetic Void (HKLM-x32\...\Steam App 227160) (Version: - Badland Studio)
Kohan II: Kings of War (HKLM-x32\...\Steam App 97130) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
Lost Empire - Immortals (HKLM-x32\...\{A5CA4D22-AC18-4947-9314-595366411669}) (Version: 1.0.2 - Pollux Gamelabs)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 1.0 Refresh (HKLM-x32\...\{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}) (Version: 1.1.10405.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
NAPS2 2.6.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Merge (HKLM-x32\...\{50217A00-46B2-40E3-8664-5C93BFFA03B0}) (Version: 1.0.0 - Free PDF Soulutions)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Solar 2 (HKLM-x32\...\Steam App 97000) (Version: - Murudai)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - )
Stamps.com (HKLM-x32\...\Stamps.com) (Version: - Stamps.com, Inc.)
Stamps.com (x32 Version: 10.1.1.2456 - Stamps.com, Inc.) Hidden
StarDrive (HKLM-x32\...\Steam App 220660) (Version: - Zero Sum Games)
Starion Tactics (HKLM-x32\...\Steam App 312960) (Version: - Corncrow Games)
Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version: - Little Green Men Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version: - Firefly Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Last Federation (HKLM-x32\...\Steam App 273070) (Version: - Arcen Games, LLC)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Unity of Command (HKLM-x32\...\Unity_of_Command) (Version: - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VT Hash Check 1.41 (HKLM-x32\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.31 - Boredom Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

10-11-2015 18:48:54 End of disinfection
11-11-2015 15:09:23 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-10-25 17:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C2EBD28E-6641-4524-9D26-A57BCD81E9C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {D45B3018-547E-4BD4-B0BB-AFF209310860} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {F3D3CB6A-ED3C-4109-A3FA-51A2974FEAEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {FBC60D46-CF13-486A-A499-2906BCB2BF48} - System32\Tasks\{C6400B35-216E-4B70-BE81-8CFFC624A5BC} => pcalua.exe -a C:\Users\Trent\Desktop\SETUP.EXE -d C:\Users\Trent\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-11-07 18:21 - 2015-11-02 07:22 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-14 21:17 - 2012-08-09 04:55 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-10-14 21:17 - 2012-08-09 04:55 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3822528139-1650123135-726693888-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroReaderDriverReadSpool3 => 2
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^3CXPhone for Windows.lnk => C:\Windows\pss\3CXPhone for Windows.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UV Realtime.lnk => C:\Windows\pss\UV Realtime.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Trent^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Digital Coupon Print Driver => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GUSDelayStartup => "C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe" -delayrun
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E46F67B5-F17D-42D2-A51C-08F60D2C3386}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{508CD570-56EC-4C82-B388-E8853878908C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4EDB3F82-6E28-491E-8524-964FE0072114}] => (Allow) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
FirewallRules: [{3DDD59F3-C988-4B18-9003-949C6789703C}] => (Allow) C:\Program Files (x86)\3CXPhone\3CXPhone.exe
FirewallRules: [{E3F4599F-3B73-4344-9436-DCFF4CE0C759}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kohan II\k2.exe
FirewallRules: [{8AE4A887-0A8E-48DA-B41D-1858636E80B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kohan II\k2.exe
FirewallRules: [{E82BC8DC-58F3-4C26-BDA6-AF80D6E704B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Solar 2\Solar2.exe
FirewallRules: [{E47BA479-9544-48AC-A8FF-145187672DD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Solar 2\Solar2.exe
FirewallRules: [{AE974F87-20A4-4505-A0D8-5E252013E3F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Pirates and Zombies\SpazGame.exe
FirewallRules: [{EBD9B1E1-F374-4B43-91A0-4A9F7D0E2DBC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Space Pirates and Zombies\SpazGame.exe
FirewallRules: [{A4357CCB-2499-4866-8201-D1116BD84EDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{CAEF874A-CBA0-41DC-ADEE-648ACC95AA07}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{486411FB-F3A3-4757-BCCE-69EB1120DC52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gratuitous Space Battles\GSB.exe
FirewallRules: [{CB4322EF-B3E9-470E-ADBD-6DD38FFBCF1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gratuitous Space Battles\GSB.exe
FirewallRules: [TCP Query User{3A7954DE-1F1A-4FAC-B66C-1A0FDBCF43AC}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe
FirewallRules: [UDP Query User{7C199E95-DA62-4253-B3A7-5EB02228DF1B}C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\europa universalis iv\eu4.exe
FirewallRules: [{29076443-9E06-4B34-A701-079DA38B1893}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7470F852-302D-403B-9BBE-5C877DFE4919}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9697F610-0DFC-45C5-B929-215D37ECDB98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{4E13CFF1-364A-4767-A2A1-08B0B7FDF309}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F1721A58-7004-494A-8173-7F8EA83A7CAB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{62F8649B-3036-4A2A-8344-F1AF6E82AC64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{481F0CA0-FB84-4D87-B145-F0C8EC14F4B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{258F0C20-8207-4D52-B7B8-A663EC60BF79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{C16EF4FF-2959-40F6-99B1-5378BC8741C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{E56E71A6-8965-4EAE-A947-D30917496553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{1AB7989A-36C2-4A1B-896B-49961D85D661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{961B6290-3FB0-4368-A528-940B42E8958C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kinetic Void\Kinetic Void.exe
FirewallRules: [{BB82A730-23BF-4323-A476-3343B7CCF9FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{2EBA16A3-A4D0-421D-BEC2-E1CDEAA6D232}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold3\bin\win32_release\Stronghold3.exe
FirewallRules: [{358AA6E3-A8DD-4F26-99B4-0DA958EC0A57}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe
FirewallRules: [{FD88B655-6648-42E1-BABE-65000A04FDF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darkest Hour A HOI Game\Darkest Hour Launcher.exe
FirewallRules: [{AA55F348-548D-46B9-8379-AE9E3F4DFB20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{ED65B93F-124F-461F-969E-F7C98FCE08A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{1A7DDE66-C922-4DEE-831B-A867B782A66F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
FirewallRules: [{37F6141E-BF98-4178-BA00-FF6FC98448F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DefenseGridTheAwakening\DefenseGrid.exe
FirewallRules: [TCP Query User{5AF36791-B054-48DB-947F-8EAA24C0AF76}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{2C4546C6-4BA1-496D-9360-6A2161C3DCB2}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{C908501F-3E96-4E4C-8002-3E814B88A9C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{5110C5FB-06C3-40DD-985E-E72FAAE85BFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{70F7E406-4903-4A3C-97CC-36D52EA533E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{EB4758EF-1D39-4954-B790-8D785C4227BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{8591E085-BA3A-474D-8FC6-7200CAF7C0D2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79FB84D7-EC52-47D9-B07A-A39554643EFD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BF869C9F-1C8C-4B37-B57E-E4DB3B5C27DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarDrive\StarDrive.exe
FirewallRules: [{8A809832-37E8-40C1-919F-1C0EAD145C41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\StarDrive\StarDrive.exe
FirewallRules: [{1DB84C23-2B02-4135-9DE8-9EFE61FA5BA0}] => (Allow) C:\Program Files (x86)\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe
FirewallRules: [{4FDB2F03-58CC-43B4-91C4-2FDBD19F25F0}] => (Allow) C:\Program Files (x86)\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe
FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
FirewallRules: [TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [{72052803-7B75-40BE-8D86-14BFCFD1822F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CD4E2A5-4C28-4912-BE3A-B6037E08523D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{29D49649-9CA5-4929-8C36-A486852D0325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Godus\windows\godus.exe
FirewallRules: [{9A969AFC-9998-4192-B15E-A8A1F128C09F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Godus\windows\godus.exe
FirewallRules: [{E261AF3C-A819-4DB0-AD92-DB9269AC79F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{5EE58E85-12F4-4B30-8136-005CD07BD839}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{A68E632D-8C4E-4823-9E24-079587455258}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D71F4A6-34E2-4A15-850E-EBCB32B1FAF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEEE6240-0861-4746-B967-D1AB72E72427}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E92B0B04-44DE-4C6A-928F-E7C5B4016ECC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC496D9A-8BF8-4248-894D-47CE6C8B5EAD}] => (Allow) LPort=15600
FirewallRules: [{3DC2A320-23BB-46DF-83DC-95CA93CBDC1D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Last Federation\LastFederation.exe
FirewallRules: [{4F9556FE-94AD-460C-85E6-78701FCAA251}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Last Federation\LastFederation.exe
FirewallRules: [{7CFDE7D4-1923-4D81-9FD6-D1C25C16E51D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geneforge 5\Geneforge 5.exe
FirewallRules: [{8C771004-F304-44E0-82A5-223E9FC0E845}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Geneforge 5\Geneforge 5.exe
FirewallRules: [{21ECCE07-DD71-4C3A-9C7A-8C0EF2C61119}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DB232E0B-4EEA-40FA-8C55-576CC4C468DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starion Tactics\Starion.exe
FirewallRules: [{8FD0BDCF-9271-4DC2-AEBF-24952ACA6679}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starion Tactics\Starion.exe
FirewallRules: [{DD2AF949-649B-464C-82DB-63B1A0355CF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{D301F4EB-9D28-4CC1-9DFE-BBEA25008DF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{2CC8362A-CD25-4114-82A1-E100094B8B60}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8B31B0C-0BFE-4E0A-A446-E02E8D7CC41D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA16233F-7822-45AB-97D8-235F18CCC857}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{6C5C903A-DB3E-4556-85C3-EF5B0799339A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Baldur's Gate II Enhanced Edition\Baldur.exe
FirewallRules: [{63B7BE28-FBB4-4579-97C7-D2949987F086}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: AMD IO Driver
Description: AMD IO Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD, Inc
Service: amdiox64
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2015 11:29:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
Instantiating VSS server

Error: (11/09/2015 11:29:39 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
Instantiating VSS server

Error: (11/09/2015 11:01:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (11/09/2015 11:01:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.

Operation:
Instantiating VSS server

Error: (11/09/2015 11:01:37 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]

Operation:
Instantiating VSS server

Error: (11/09/2015 10:38:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Trent\Desktop\11062015\HitmanPro_x64(1).exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (11/09/2015 10:38:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Trent\Desktop\11062015\HitmanPro_x64(1).exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (11/09/2015 06:49:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x9d4
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (11/09/2015 06:49:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xd4c
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (11/08/2015 04:31:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 3ndlfyxc.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 3ndlfyxc.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x0008d93e
Faulting process id: 0xc54
Faulting application start time: 0x3ndlfyxc.exe0
Faulting application path: 3ndlfyxc.exe1
Faulting module path: 3ndlfyxc.exe2
Report Id: 3ndlfyxc.exe3

System errors:
=============
Error: (11/12/2015 12:59:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (11/11/2015 09:20:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (11/11/2015 09:16:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/11/2015 09:07:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (11/11/2015 08:57:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (11/11/2015 05:03:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/11/2015 05:02:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (11/11/2015 03:11:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2015 03:11:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2015 03:11:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2015-11-09 23:36:30.375
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-09 23:36:30.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-08 22:55:06.977
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-08 22:55:06.804
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-08 22:55:06.639
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-08 22:55:06.482
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-08 19:27:01.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-11-08 19:27:01.284
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Trent\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-25 18:49:51.634
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-25 18:49:51.525
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 16%
Total physical RAM: 8148.68 MB
Available physical RAM: 6784.23 MB
Total Virtual: 16297.36 MB
Available Virtual: 14675.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:114.58 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Nov 12, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Ordog28 · Nov 12, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Trent (2015-11-12 21:08:43) Run:1
Running from C:\Users\Trent\Desktop
Loaded Profiles: Trent (Available Profiles: Trent)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S4 C7EE2EF2; system32\drivers\C7EE2EF2.sys [X]
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S3 MFE_RR; \??\C:\Users\Trent\AppData\Local\Temp\mfe_rr.sys [X]
2015-11-11 21:32 - 2015-11-11 21:32 - 00001353 _____ C:\Users\Trent\Desktop\C7EE2EF2.sys_3530122329
2015-11-07 19:04 - 2015-11-07 19:16 - 0000620 _____ () C:\Users\Trent\AppData\Local\multiscan.log
2015-11-07 19:46 - 2015-11-07 19:46 - 0002102 _____ () C:\Users\Trent\AppData\Local\recently-used.xbel

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3822528139-1650123135-726693888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C7EE2EF2 => service removed successfully
EtronHub3 => service removed successfully
EtronXHCI => service removed successfully
MFE_RR => service removed successfully
C:\Users\Trent\Desktop\C7EE2EF2.sys_3530122329 => moved successfully
C:\Users\Trent\AppData\Local\multiscan.log => moved successfully
C:\Users\Trent\AppData\Local\recently-used.xbel => moved successfully

==== End of Fixlog 21:08:45 ====

Broni · Nov 12, 2015

How is computer doing now?

Ordog28 · Nov 13, 2015

Not better - MBAM was doing a hyper scan for an hour I found out... wouldn't pause. Only could cancel it - but that didn't work, couldn't shut it off. yet the HDD light wasn't flashing like a scan. Seemed odd.

And the alert sound it plays when it asks for permission to run a program was odd, cut off.

There's still something amiss.

Broni · Nov 13, 2015

At this point...

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck

Ordog28 · Nov 13, 2015

Thx much. I shall do so. I think it may be a broken malware... had FireFox try to open an extra window. Never had this much trouble in my life - first computer was 1979.

Broni · Nov 13, 2015

What exactly is slow?

Ordog28 · Nov 14, 2015

For instance, the power manager. Selecting a power scheme... press the button and wait a few seconds for it to be selected. Loading Firefox - can sit back and watch the process manager add a bit to resources used. Thunderbird...

It's like I've got something running or trying to run, and taking up resources. Yet I can't find anything except on start up, long start time, too, and some resource hogging that I couldn't trace in time. I'm thinking something corrupted from malware or corrupted malware, traces. I do find it odd that I had the Kap, McAfee modules to be removed - and MSE went off using resources in extreme while not working right. I never installed McAfee products, ever as I recall. And the other day the MBAM scan went off, ran forever but it wasn't accessing the disk. Seems odd all those unusual events centered around security software.

Broni · Nov 14, 2015

There is nothing malicious on your computer at this point so it'll be a good idea to create new topic in Windows forum.

Ordog28 · Nov 14, 2015

I do notice when I start HitManPro in power mode (hold down ctrl button to disable things), my issues go away.

Broni · Nov 16, 2015

Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).
Windows 8/8.1 users. Press Windows logo key

and start typing the following:
msconfig
Press Enter.

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

Solved Sluggish, etc

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Attachments

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Similar threads