Solved Following instructions to post my FARBAR results here

blakston6286 · 2015/08/09

[Solved] Following instructions to post my FARBAR results here

My results were too long according to the limits on this forum so I am attempting to do the results in 2 consecutive posts.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by DreamChamber (administrator) on DREAMCHAMBER-PC (09-08-2015 12:55:28)
Running from C:\Users\DreamChamber\Desktop
Loaded Profiles: DreamChamber (Available Profiles: DreamChamber)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(KMiNT21 Software) C:\Program Files (x86)\Golden FTP Server\GFTP.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Razer USA Ltd.) C:\Program Files (x86)\n52te\n52teHid.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-26] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 1999-12-31] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 1999-12-31] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [Jomantha] => C:\Program Files (x86)\n52te\n52teHid.exe [159744 2008-06-13] (Razer USA Ltd.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [25600 2010-05-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065680 2015-05-29] (Carbonite, Inc.)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [cdloader] => C:\Users\DreamChamber\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2013-05-06] (magicJack L.P.)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [GoldenFTPserver] => C:\Program Files (x86)\Golden FTP Server\GFTP.exe [1710592 2012-06-05] (KMiNT21 Software)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP51
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2619349527-444009395-1191911321-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2619349527-444009395-1191911321-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{283EFCBD-9A8F-4AAC-B999-7F2525913441}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5ADBCBA9-F140-41A8-9DDA-7670F01ADF35}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\DreamChamber\AppData\Roaming\Mozilla\Firefox\Profiles\h6c98cvc.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.dogpile.com/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-07-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-07-18] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2619349527-444009395-1191911321-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DreamChamber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-07-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-24] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-24] (Alcatel-Lucent) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-22] (Enigma Software Group USA, LLC.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-07-22] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-22] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-03] (GFI Software)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [243712 2012-08-29] (Realtek Semiconductor Corp.) [File not signed]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 1999-12-31] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 1999-12-31] (Realsil Semiconductor Corporation)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RET55a64; \??\C:\Program Files (x86)\BeyondTrust\Retina 5\Scanner\RET55a64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys E58A17E945593544C707423F9772EEA0
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\System32\DRIVERS\avgdiska.sys E7C8FBDCB1C079C332F962DD1C075E5E
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 0CC611CDA005070B9F5A496352124EFF
C:\Windows\System32\DRIVERS\avgidsha.sys 54384FC2230B4469E7EDF938B7CF5FF7
C:\Windows\System32\DRIVERS\avgldx64.sys 0CFB17D66DC1D76214F50E33C41CC8B6
C:\Windows\System32\DRIVERS\avgloga.sys 7EC2B7BBA7A30691D2E0D8478F219B90
C:\Windows\System32\DRIVERS\avgmfx64.sys 39B8968350B71EEF6A0E0F9C6C2D61FD
C:\Windows\System32\DRIVERS\avgrkx64.sys 719EF00B1C5BED9CF5675274A4F774B9
C:\Windows\System32\DRIVERS\avgtdia.sys EB9606C7C31E2C90BD9A81B0BEE01C28
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys D44BA2F707838E0FEF35BCEC5CBD9D60
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\drivers\CT20XUT.SYS F2E8C13E27A0044A19BA82E5C6E8879E
C:\Windows\System32\drivers\CT20XUT.SYS F2E8C13E27A0044A19BA82E5C6E8879E
C:\Windows\System32\drivers\ctac32k.sys 15425196A518C4F0D5A5BBA524D60C4B
C:\Windows\System32\drivers\ctaud2k.sys 095F82704725DB00307A9C7193C13B3C
C:\Windows\System32\drivers\CTEXFIFX.SYS 4551FC6A89328995D87DC23E4FD1050B
C:\Windows\System32\drivers\CTEXFIFX.SYS 4551FC6A89328995D87DC23E4FD1050B
C:\Windows\System32\drivers\CTHWIUT.SYS 4EC7E207A05B974F59F477E3305CD60D
C:\Windows\System32\drivers\CTHWIUT.SYS 4EC7E207A05B974F59F477E3305CD60D
C:\Windows\System32\drivers\ctprxy2k.sys 3E4E7A4A3B2F3D0172F276A0A1A60595
C:\Windows\System32\drivers\ctsfm2k.sys 15AC0A5AA8E88FD6843C70C1738EB963
C:\Windows\System32\DRIVERS\dc3d.sys 8491CB08BD8248EAA31FBCA5135794B1
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 362CCEF305F45829316D62D3410F2062
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\System32\drivers\emupia2k.sys C8F9F86A1A078FDB304E2B6029F1E5E2
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 7AEC5E76816178BF6C543A155D8208B6
C:\Windows\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1E34B436811CCA4A2783C0BC7A0BEB2E
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\System32\drivers\ha20x2k.sys 57F6CF8C66D23B2EBD32B4A00FE82A15
C:\Windows\System32\drivers\HdAudio.sys 68E732382B32417FF61FD663259B4B09
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys FA2B7507CD49908B2260949E52F8B9FE
C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\drivers\JmtFltr.sys 112809CE3919156C484C5BBE61EEEE25
C:\Windows\System32\DRIVERS\jraid.sys C0D9BA660A41EE8A269EF804E6CD0D7B
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys AAF3F0043C09E6D2DC0D794F2C43CA65
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\mbam.sys A8D28D5B3E2A528D1EF0E338E44F2820
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8F22037D3F5A6BB676525D825A1388B9
C:\Windows\system32\drivers\mwac.sys A26EE2D2D376107A78B9576BCB464996
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys F0142D3C0505B1B6DB8591A49C005C16
C:\Windows\System32\DRIVERS\mrxsmb.sys B31DB7D6E624479EA20FEE17E712A44C
C:\Windows\System32\DRIVERS\mrxsmb10.sys 2EB4A3EDA9FBECEC53CA2BB0853E2B66
C:\Windows\System32\DRIVERS\mrxsmb20.sys 3F979D9CE02323CB3EBD15174732C8C1
C:\Windows\System32\drivers\msahci.sys AA459F2AB3AB603C357FF117CAE3D818
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\DRIVERS\nvmfdx64.sys 98350606682594521D56ECCB5D01ECF7
C:\Windows\System32\drivers\nvhda64v.sys B9E5A80F646DDFEF158773722A466EA3
C:\Windows\System32\DRIVERS\nvlddmkm.sys 45F83C99EDF3253D047F692A42C1A51A
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\System32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\System32\DRIVERS\nvstor64.sys 71B6ECD3C56FBF12FB1968DA3953B703
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\System32\drivers\ctoss2k.sys 64184884B0F505E0E8D8A48F551E13A8
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 2657F6C0B78C36D95034BE109336E382
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\Drivers\RtsUStor.sys FC009873CBC12CC6D7045D803D8E8CD3
C:\Windows\System32\DRIVERS\RTL8187.sys 1C546EA56A06B773A52EE48E0205072D
C:\Windows\System32\Drivers\RtsUer.sys 5A5B35947C6D58232011E4FE0BDD1846
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 2449316316411D65BD2C761A6FFB2CE2
C:\Windows\System32\DRIVERS\serial.sys 4B438170BE2FC8E0BD35EE87A960F84F
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\ssmirrdr.sys 1100066057FBF612B573EFD3B21383F1
C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB
C:\Windows\System32\DRIVERS\serscan.sys 14B4DB4381E4A55F570D8BB699B791D6
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\DRIVERS\taphss6.sys A3F7EAB3947ADA804D60168119306D43
C:\Windows\System32\drivers\tcpip.sys 89399663A2F0393AFFC79E8397ECA844
C:\Windows\System32\DRIVERS\tcpip.sys 89399663A2F0393AFFC79E8397ECA844
C:\Windows\System32\drivers\tcpipreg.sys A7FF25D9B9DA36797BD1EA48DB292DCE
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\drivers\usbaudio.sys A565B509000BD3E42A9B93B9FFD40D3D
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\System32\DRIVERS\usbohci.sys 396041C6EA61202991221AA6A3B16190
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys C024814884CE9E6C2E6ED76A63AC3B9A
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys B2872CBF9F47316ABD0E0C74A1ABA507
C:\Windows\System32\Drivers\usbvideo.sys BF7A051DCCBA57C95541135B29CE0FB4
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\System32\DRIVERS\vhidmini.sys 52290E2E0BFAE61D622AA8B9B3A4CB4E
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 38F55D07B1D3391065C40EC065F984E2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

=====

blakston6286 · 2015/08/09

2cnd part of Farbar Recovery Scan

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-09 12:55 - 2015-08-09 12:56 - 00040018 _____ C:\Users\DreamChamber\Desktop\FRST.txt
2015-08-09 12:54 - 2015-08-09 12:55 - 00000000 ____D C:\FRST
2015-08-09 12:54 - 2015-08-09 12:54 - 02171392 _____ (Farbar) C:\Users\DreamChamber\Desktop\FRST64.exe
2015-08-09 11:58 - 2015-08-09 12:03 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 11:58 - 2015-08-09 11:58 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-09 11:57 - 2015-08-09 12:02 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 11:57 - 2015-08-09 11:57 - 00931408 _____ (Google Inc.) C:\Users\DreamChamber\Desktop\GoogleEarthProSetup.exe
2015-08-09 11:57 - 2015-08-09 11:57 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-06 15:47 - 2015-08-06 15:47 - 00450718 ____R C:\Windows\system32\Drivers\etc\hosts.20150806-154725.backup
2015-08-06 15:47 - 2015-07-30 12:09 - 00000768 _____ C:\Windows\system32\Drivers\etc\hosts.20150806-154708.backup
2015-08-06 15:19 - 2015-08-06 15:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-03 22:47 - 2015-07-22 21:06 - 42730128 _____ C:\Windows\system32\nvcompiler.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 30487880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 22950544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 17615408 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 16151688 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 15129192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 14503880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 13268712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 11836680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 11055248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-03 22:47 - 2015-07-22 21:06 - 02933576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 02600592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-08-03 22:46 - 2015-07-22 21:06 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-03 22:46 - 2015-07-22 21:06 - 03407144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-03 22:46 - 2015-07-22 21:06 - 03008880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-01 01:53 - 2015-08-01 01:53 - 00000296 _____ C:\Windows\system32\spsys.log
2015-08-01 00:21 - 2015-08-05 14:22 - 00000872 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-30 17:33 - 2015-07-30 17:33 - 00000000 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2015-07-30 17:32 - 2015-07-30 17:32 - 00001967 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-07-30 11:51 - 2015-08-03 13:01 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-30 11:40 - 2015-07-30 11:40 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-30 11:17 - 2015-07-30 12:20 - 00000000 ____D C:\Users\DreamChamber\Desktop\Malware Cleaners
2015-07-30 11:12 - 2015-08-03 18:13 - 00000000 ____D C:\AdwCleaner
2015-07-30 11:07 - 2015-08-03 15:19 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 11:07 - 2015-07-30 11:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 11:07 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 11:07 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 11:07 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-07-27 12:39 - 2015-07-14 09:02 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-27 12:39 - 2015-07-14 08:45 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-27 12:39 - 2015-07-14 07:34 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-27 12:39 - 2015-07-14 07:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-27 12:38 - 2015-06-27 09:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-27 12:38 - 2015-06-27 09:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-27 12:38 - 2015-06-27 09:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-27 12:38 - 2015-06-27 09:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-27 12:38 - 2015-06-27 09:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-27 12:38 - 2015-06-27 08:40 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-27 12:38 - 2015-06-27 08:40 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-27 12:38 - 2015-06-27 08:40 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-27 12:38 - 2015-06-27 08:39 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-27 12:38 - 2015-06-27 07:30 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-27 12:38 - 2015-06-27 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-27 12:38 - 2015-06-12 06:13 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-27 12:38 - 2015-01-08 17:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-27 12:36 - 2015-07-03 09:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-27 12:36 - 2015-07-03 08:41 - 01916416 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-27 12:36 - 2015-06-24 20:09 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-27 12:35 - 2015-05-31 01:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-27 12:35 - 2015-05-31 00:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-27 12:34 - 2015-06-17 09:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-27 12:34 - 2015-06-17 09:23 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-27 12:34 - 2015-06-17 08:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-27 12:34 - 2015-06-17 08:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-27 12:34 - 2015-06-12 09:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-27 12:34 - 2015-06-12 08:46 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-27 12:24 - 2015-06-16 18:52 - 02343936 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-27 12:24 - 2015-06-16 18:50 - 10936320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-27 12:24 - 2015-06-16 18:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-27 12:24 - 2015-06-16 18:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-27 12:24 - 2015-06-16 18:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-27 12:24 - 2015-06-16 18:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-27 12:24 - 2015-06-16 18:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-27 12:24 - 2015-06-16 18:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-27 12:24 - 2015-06-16 18:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-27 12:24 - 2015-06-16 18:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-27 12:24 - 2015-06-16 18:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-27 12:24 - 2015-06-16 18:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-27 12:24 - 2015-06-16 18:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-27 12:24 - 2015-06-16 18:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-27 12:23 - 2015-07-02 23:18 - 17887744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-27 12:23 - 2015-07-02 23:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-27 12:23 - 2015-07-02 22:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-27 12:23 - 2015-07-02 22:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-27 12:23 - 2015-06-16 18:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-27 12:23 - 2015-06-16 18:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-27 12:23 - 2015-06-16 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-27 12:23 - 2015-06-16 18:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-22 16:36 - 2015-07-22 16:36 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-07-22 16:36 - 2015-07-22 16:36 - 00000921 _____ C:\Users\DreamChamber\Desktop\SpyHunter.lnk
2015-07-22 16:36 - 2015-07-22 16:36 - 00000000 ____D C:\Users\DreamChamber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-07-22 16:36 - 2015-07-22 16:36 - 00000000 ____D C:\Users\DreamChamber\AppData\Roaming\Enigma Software Group
2015-07-22 16:36 - 2015-07-22 16:36 - 00000000 ____D C:\sh4ldr
2015-07-22 16:02 - 2015-07-22 16:03 - 61982592 _____ (Enigma Software Group USA, LLC.) C:\Users\DreamChamber\Downloads\SpyHunter-Installer(2).exe
2015-07-21 23:45 - 2015-07-21 23:45 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\CEF
2015-07-19 17:39 - 2015-07-19 17:39 - 00000000 _____ C:\autoexec.bat
2015-07-19 17:37 - 2015-07-22 16:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-07-19 17:36 - 2015-07-19 17:36 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\DreamChamber\Downloads\SpyHunter-Installer.exe
2015-07-19 17:35 - 2015-07-19 17:35 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\DreamChamber\Downloads\SpyHunter-Installer(1).exe
2015-07-19 17:18 - 2015-07-27 13:16 - 00021687 _____ C:\Windows\iis7.log
2015-07-19 17:17 - 2015-07-19 17:17 - 00000000 ____D C:\inetpub
2015-07-19 15:24 - 2015-07-19 15:24 - 00000453 _____ C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp.bat
2015-07-19 15:24 - 2015-07-19 15:24 - 00000378 _____ C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp_r.bat
2015-07-19 15:00 - 2015-07-19 15:20 - 00000000 ____D C:\Users\DreamChamber\AppData\Roaming\TeamViewer
2015-07-12 11:29 - 2015-07-12 11:29 - 00000589 _____ C:\Users\DreamChamber\Desktop\Steam.zip
2015-07-01 15:00 - 2015-07-01 15:00 - 00636011 _____ C:\Users\DreamChamber\Downloads\HealthSummary20150701.zip
2015-06-29 15:32 - 2015-05-08 16:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-29 15:32 - 2015-05-08 16:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-29 15:31 - 2015-05-04 15:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-29 15:31 - 2015-05-04 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-29 15:31 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-29 15:31 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-29 15:31 - 2015-05-04 15:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-29 15:31 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-29 15:31 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-29 15:31 - 2015-05-04 15:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-29 15:31 - 2015-05-04 14:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-29 15:31 - 2015-05-04 14:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-29 15:30 - 2015-04-30 09:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-29 15:30 - 2015-04-30 08:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-29 15:20 - 2015-04-24 08:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-29 15:20 - 2015-04-24 08:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-27 10:38 - 2015-07-22 21:06 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-27 10:38 - 2015-06-17 02:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-27 10:38 - 2015-06-17 02:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-27 10:38 - 2015-06-17 02:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-27 10:38 - 2015-06-17 02:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-25 12:52 - 2015-06-25 13:49 - 00000000 ____D C:\Users\DreamChamber\Documents\Broken Sword 5
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-06-16 11:18 - 2015-06-16 11:18 - 00000000 ____D C:\Users\DreamChamber\Desktop\GAMES
2015-06-13 17:48 - 2015-06-13 17:43 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20150613-174829.backup
2015-06-13 13:59 - 2015-06-13 15:07 - 00000000 ____D C:\Users\DreamChamber\Desktop\Kathi's Media
2015-06-13 13:50 - 2015-06-13 14:30 - 00000000 ____D C:\Users\DreamChamber\Desktop\KathysMedicalFiles
2015-06-13 11:55 - 2015-06-13 11:56 - 00613312 _____ C:\Users\DreamChamber\Downloads\HealthSummary20150613.zip
2015-06-12 18:01 - 2015-06-12 18:01 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20150612-180133.backup
2015-06-02 20:03 - 2015-04-30 06:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-02 20:03 - 2015-04-30 06:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-02 20:03 - 2015-04-10 16:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-02 20:03 - 2015-04-10 16:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-06-02 19:55 - 2015-04-19 14:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-02 19:55 - 2015-04-19 14:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-02 19:55 - 2015-04-19 14:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-02 19:55 - 2015-04-19 14:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-02 19:55 - 2015-04-19 13:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-02 19:55 - 2015-04-19 13:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-02 19:55 - 2015-04-19 13:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-02 19:55 - 2015-04-19 13:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-02 19:55 - 2015-04-17 17:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-02 19:55 - 2015-04-17 17:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-02 19:55 - 2015-04-17 17:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-02 19:55 - 2015-04-17 17:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-02 19:55 - 2015-04-17 16:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-02 19:55 - 2015-04-17 16:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-02 19:55 - 2015-04-17 16:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-02 19:55 - 2015-04-17 16:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-02 19:55 - 2015-04-17 16:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-02 19:26 - 2015-05-28 00:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-02 19:26 - 2015-05-28 00:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-02 11:52 - 2015-06-02 11:52 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts.20150602-115259.backup
2015-05-30 19:30 - 2015-05-30 19:30 - 00106028 ____H C:\Windows\system32\mlfcache.dat
2015-05-30 19:20 - 2015-05-30 19:38 - 00000000 ____D C:\Users\DreamChamber\AppData\Roaming\Apple Computer
2015-05-30 19:20 - 2015-05-30 19:20 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\Apple Computer
2015-05-30 19:16 - 2015-05-30 19:16 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-05-30 19:16 - 2015-05-30 19:16 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\Apple
2015-05-30 19:16 - 2015-05-30 19:16 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-05-30 19:14 - 2015-05-30 19:14 - 00000000 ____D C:\Program Files\Bonjour
2015-05-30 19:14 - 2015-05-30 19:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-05-30 19:13 - 2015-07-19 15:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-05-30 14:06 - 2015-05-30 14:07 - 152362800 _____ (Apple Inc.) C:\Users\DreamChamber\Downloads\iTunes6464Setup.exe
2015-05-29 16:18 - 2015-05-29 15:54 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts.20150529-161817.backup
2015-05-20 13:30 - 2015-05-11 23:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-20 13:30 - 2015-05-11 23:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-12 14:39 - 2015-05-12 14:39 - 00281568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2015-05-12 14:36 - 2015-05-12 14:36 - 00253408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2015-05-12 01:58 - 2015-05-12 01:57 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts.20150512-015808.backup

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-09 12:15 - 2012-04-08 15:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-09 11:58 - 2010-12-17 19:07 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-09 11:44 - 2011-04-05 19:26 - 00003742 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F8DF2E1-8A53-420C-A65D-ADD16D73CDDC}
2015-08-09 11:39 - 2008-01-20 18:53 - 01243487 _____ C:\Windows\WindowsUpdate.log
2015-08-09 11:34 - 2015-03-19 13:52 - 00052620 _____ C:\Windows\PFRO.log
2015-08-09 11:34 - 2013-07-30 13:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 11:34 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 11:34 - 2006-11-02 08:22 - 00004112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 11:34 - 2006-11-02 08:22 - 00004112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 15:51 - 2012-08-19 00:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-06 15:51 - 2006-11-02 08:42 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-03 22:51 - 2010-12-01 21:20 - 00000000 ____D C:\Users\DreamChamber
2015-07-30 11:01 - 2014-10-28 11:29 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-07-30 10:40 - 2010-12-02 20:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-27 13:37 - 2010-12-01 23:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-27 13:22 - 2006-11-02 05:46 - 00800432 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 13:16 - 2006-11-02 08:21 - 00265032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-27 13:12 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-07-27 13:12 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\inetsrv
2015-07-27 12:33 - 2013-08-09 05:01 - 00000000 ____D C:\Windows\system32\MRT
2015-07-27 11:52 - 2013-05-04 19:29 - 00001584 _____ C:\Users\DreamChamber\Documents\TombRaider.log
2015-07-22 22:38 - 2014-09-30 19:51 - 00001212 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-22 21:06 - 2014-12-23 18:33 - 15892200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-22 21:06 - 2014-11-07 12:47 - 12876336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 06873744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-22 18:31 - 2012-01-04 12:46 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-22 18:31 - 2008-12-25 09:08 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-20 13:16 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2015-07-20 07:16 - 2014-05-26 18:08 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-07-19 16:09 - 2013-09-13 13:12 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\LogMeIn Rescue Applet
2015-07-19 16:09 - 2010-12-17 19:07 - 00000000 ____D C:\Program Files\Google
2015-07-19 15:33 - 2010-12-17 19:07 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\Google
2015-07-14 14:15 - 2012-04-08 15:06 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 14:15 - 2012-04-08 15:06 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 14:15 - 2011-05-18 13:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 16:35 - 2014-05-17 13:51 - 00000000 ____D C:\Program Files\REGSERVO

==================== Files in the root of some directories =======

2010-12-08 22:43 - 2010-04-02 20:53 - 2145345536 _____ () C:\Program Files\bigfile.000
2010-12-08 22:46 - 2010-04-02 21:00 - 2146330624 _____ () C:\Program Files\bigfile.002
2010-12-08 22:47 - 2010-04-02 21:01 - 857427968 _____ () C:\Program Files\bigfile.003
2010-12-08 22:48 - 2010-04-02 21:01 - 0356104 _____ () C:\Program Files\binkw32.dll
2010-12-08 22:48 - 2010-04-02 21:01 - 0330504 _____ (Firelight Technologies) C:\Program Files\fmodex.dll
2010-12-08 22:48 - 2010-04-02 21:01 - 0561736 _____ () C:\Program Files\LÃ©eme.rtf
2010-12-08 22:48 - 2010-04-02 21:01 - 0544376 _____ () C:\Program Files\readme.rtf
2010-12-08 22:48 - 2010-04-02 21:03 - 0000831 _____ () C:\Program Files\tru.lnk
2010-12-08 22:48 - 2010-04-02 21:03 - 0000618 _____ () C:\Program Files\tru.mcl
2010-12-08 22:48 - 2010-04-02 21:02 - 0129707 _____ () C:\Program Files\TruMCE.png
2010-12-08 22:48 - 2010-04-02 21:01 - 0337160 _____ (Eidos Inc.) C:\Program Files\uninst.exe
2013-09-14 12:22 - 2014-06-02 13:36 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2003-05-28 18:10 - 2003-05-28 18:10 - 0656107 _____ () C:\Program Files (x86)\msxml4.cab
2003-04-21 22:49 - 2003-04-21 22:49 - 0669184 _____ () C:\Program Files (x86)\msxml4sxs32.msm
2003-04-21 22:49 - 2003-04-21 22:49 - 0679424 _____ () C:\Program Files (x86)\msxml4sys32.msm
2015-07-30 11:05 - 2015-07-30 11:46 - 0000115 _____ () C:\Users\DreamChamber\AppData\Roaming\LogFile.txt
2012-03-17 07:43 - 2012-03-17 07:43 - 0026311 _____ () C:\Users\DreamChamber\AppData\Roaming\UserTile.png
2014-02-28 20:03 - 2014-07-19 14:05 - 0000161 _____ () C:\Users\DreamChamber\AppData\Roaming\WB.CFG
2012-03-31 08:50 - 2012-07-10 22:12 - 0000680 _____ () C:\Users\DreamChamber\AppData\Local\d3d9caps.dat
2010-12-01 21:20 - 2013-04-17 12:08 - 0001460 _____ () C:\Users\DreamChamber\AppData\Local\d3d9caps64.dat
2012-06-11 17:52 - 2015-06-07 11:16 - 0044032 _____ () C:\Users\DreamChamber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-19 01:06 - 2015-04-16 12:20 - 0744082 _____ () C:\Users\DreamChamber\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-08-19 01:06 - 2012-08-19 01:06 - 0000002 _____ () C:\Users\DreamChamber\AppData\Local\dd_dotnetfx35error.txt
2012-08-19 01:06 - 2015-04-16 12:21 - 0749340 _____ () C:\Users\DreamChamber\AppData\Local\dd_dotnetfx35install.txt
2013-08-31 00:08 - 2013-08-31 00:09 - 2973106 _____ () C:\Users\DreamChamber\AppData\Local\dd_NET_Framework35_x64_MSI391E.txt
2012-08-19 01:07 - 2012-08-19 01:08 - 2468120 _____ () C:\Users\DreamChamber\AppData\Local\dd_NET_Framework35_x64_MSI5664.txt
2014-03-22 13:08 - 2014-03-22 13:08 - 0375516 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI02E6.txt
2012-12-18 00:00 - 2012-12-18 00:00 - 0365736 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI10DC.txt
2012-10-15 22:35 - 2012-10-15 22:35 - 0363378 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI157D.txt
2013-03-16 09:31 - 2013-03-16 09:31 - 0372370 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI21D5.txt
2013-07-17 12:14 - 2013-07-17 12:14 - 0372704 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI2896.txt
2011-08-06 15:08 - 2011-08-06 15:08 - 0424688 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI2D11.txt
2014-03-27 22:27 - 2014-03-27 22:27 - 0373736 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI351D.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0386884 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI3850.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0376780 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI385D.txt
2013-07-16 11:30 - 2013-07-16 11:30 - 0372704 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI391F.txt
2014-08-02 16:39 - 2014-08-02 16:39 - 0373428 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI3C32.txt
2014-01-29 02:38 - 2014-01-29 02:38 - 0373106 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI419F.txt
2014-12-20 23:57 - 2014-12-20 23:57 - 0366102 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI45D7.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0439678 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI4E1E.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0422738 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI4E86.txt
2014-09-02 17:33 - 2014-09-02 17:34 - 0364672 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI5BFA.txt
2012-10-26 19:28 - 2012-10-26 19:28 - 0363484 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI61D4.txt
2013-08-12 13:56 - 2013-08-12 13:56 - 0385682 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI6678.txt
2013-01-27 23:06 - 2013-01-27 23:06 - 0367664 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI6AAD.txt
2014-02-24 15:18 - 2014-02-24 15:18 - 0370704 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI773F.txt
2013-04-03 17:07 - 2013-04-03 17:07 - 0370774 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI7CBD.txt
2014-03-22 13:08 - 2014-03-22 13:08 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI02E6.txt
2012-12-18 00:00 - 2012-12-18 00:00 - 0011394 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI10DC.txt
2012-10-15 22:35 - 2012-10-15 22:35 - 0011378 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI157D.txt
2013-03-16 09:31 - 2013-03-16 09:31 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI21D5.txt
2013-07-17 12:14 - 2013-07-17 12:14 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI2896.txt
2011-08-06 15:08 - 2011-08-06 15:08 - 0011674 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI2D11.txt
2014-03-27 22:27 - 2014-03-27 22:27 - 0012598 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI351D.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0011434 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI3850.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0011466 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI385D.txt
2013-07-16 11:30 - 2013-07-16 11:30 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI391F.txt
2014-08-02 16:39 - 2014-08-02 16:39 - 0011154 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI3C32.txt
2014-01-29 02:38 - 2014-01-29 02:42 - 0013188 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI419F.txt
2014-12-20 23:57 - 2014-12-20 23:57 - 0011466 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI45D7.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0011488 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI4E1E.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0011424 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI4E86.txt
2014-09-02 17:33 - 2014-09-02 17:34 - 0011402 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI5BFA.txt
2012-10-26 19:28 - 2012-10-26 19:28 - 0011370 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI61D4.txt
2013-08-12 13:56 - 2013-08-12 13:56 - 0011370 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI6678.txt
2013-01-27 23:06 - 2013-01-27 23:06 - 0011154 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI6AAD.txt
2014-02-24 15:18 - 2014-02-24 15:19 - 0012814 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI773F.txt
2013-04-03 17:07 - 2013-04-03 17:07 - 0011170 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI7CBD.txt
2015-07-19 15:24 - 2015-07-19 15:24 - 0000453 _____ () C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp.bat
2015-07-19 15:24 - 2015-07-19 15:24 - 0000378 _____ () C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp_r.bat
2012-08-19 01:06 - 2015-04-16 12:21 - 0007638 _____ () C:\Users\DreamChamber\AppData\Local\uxeventlog.txt
2014-07-04 13:05 - 2014-07-04 13:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {5a29e4eb-fdc9-11df-aaa9-8336292123d7}
nx OptIn

Resume from Hibernate
---------------------
identifier {5a29e4eb-fdc9-11df-aaa9-8336292123d7}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

LastRegBack: 2015-08-09 11:40

==================== End of log =======================

broni · 2015/08/10

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Please don't checkmark any extra check boxes while running FRST.

You're not saying what your computer issues are.

I still need Addition.txt log.

blakston6286 · 2015/08/10

Hello,
My issue is this.
I have used Spybot Search and Destroy for about 10 years now. It has always done very well helping me eliminate threats.

When I open Spybot S&D I usually get a window that states that there are a certain number of files in my temporary folder. I am given the option to clear out the temporary folders before I begin the Spybot process of searching and cleaning.
After I click on YES I usually get another message that tells me maybe 1 or 2 files could not be emptied because they are currently in use.

Now I get the message that there are 6,000 files in temporary files and do I want to empty the folder. I click on Yes and the next message I get is that there was 5,972 file that were not emptied because they are running.

That's is a huge difference from the norm that tells me there is something going wrong with my computer.
Maybe I am over reacting but I have Never had more than 5 files that were not able to be emptied because they were running.

Here is the addition.txt log you mentioned It is in 2 sections because like the FRST it is huge.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by DreamChamber (2015-08-09 12:56:57)
Running from C:\Users\DreamChamber\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2619349527-444009395-1191911321-500 - Administrator - Disabled)
DreamChamber (S-1-5-21-2619349527-444009395-1191911321-1000 - Administrator - Enabled) => C:\Users\DreamChamber
Guest (S-1-5-21-2619349527-444009395-1191911321-501 - Limited - Disabled)
IUSER_RETANON (S-1-5-21-2619349527-444009395-1191911321-1003 - Limited - Enabled)
IUSER_RETINA (S-1-5-21-2619349527-444009395-1191911321-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A New Beginning - Final Cut (HKLM-x32\...\Steam App 105000) (Version: - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{58597FDC-CDF0-4760-A57C-250DF09F4A21}) (Version: 12.0.2.122 - Adobe Systems, Inc)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version: - Spicy Horse Games)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Anachronox (HKLM-x32\...\Steam App 242940) (Version: - )
Anna (HKLM-x32\...\Steam App 217690) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atlantis - The Lost Tales (HKLM-x32\...\Atlantis - The Lost Tales_is1) (Version: - GOG.com)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )
ATT-RC Self Support Tool (HKLM-x32\...\ATT-RC) (Version: - )
AVG 2013 (Version: 13.0.3408 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Overhaul Games)
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Beneath a Steel Sky (HKLM-x32\...\GOGPACKBENEATH_is1) (Version: 2.0.0.9 - GOG.com)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broken Age (HKLM-x32\...\Steam App 232790) (Version: - Double Fine Productions)
Broken Sword 5 - the Serpent's Curse (HKLM-x32\...\Steam App 262940) (Version: - Revolution Software Ltd)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB)
Captain Morgane and the Golden Turtle (HKLM-x32\...\Steam App 264320) (Version: - WizarBox)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.6 build 4832 (May-29-2015) - Carbonite)
Child of Light (HKLM-x32\...\Steam App 256290) (Version: - Ubisoft MontrÃ©al)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Contrast (HKLM-x32\...\Steam App 224460) (Version: - Compulsion Games)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.45 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Dragonsphere (HKLM-x32\...\GOGPACKDRAGONSPHERE_is1) (Version: 2.0.0.14 - GOG.com)
Dream (HKLM-x32\...\Steam App 229580) (Version: - HyperSloth)
DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
Emerald City Confidential (HKLM-x32\...\Steam App 37260) (Version: - PlayFirst)
EVGA Precision 1.4.0 (HKLM-x32\...\Precision) (Version: - )
Evoland (HKLM-x32\...\Steam App 233470) (Version: - Shiro Games)
Express Zip (HKLM-x32\...\ExpressZip) (Version: - NCH Software)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fable III (x32 Version: 1.0.0002.131 - Microsoft Game Studios) Hidden
Faery - Legends of Avalon (HKLM-x32\...\Steam App 303790) (Version: - Spiders Studio)
Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Sick Puppies)
GOG.com Downloader version 3.5.8 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.5.8 - GOG.com)
Golden FTP Server (HKLM-x32\...\Golden FTP Server) (Version: - )
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version: - )
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version: - MadMan Theory Games)
Ipswitch WS_FTP 12 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.3 - Ipswitch)
Iron Storm (HKLM-x32\...\Iron Storm_is1) (Version: - GOG.com)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Journey of a Roach (HKLM-x32\...\Steam App 255300) (Version: - Koboldgames)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kairo (HKLM-x32\...\Steam App 233230) (Version: - )
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version: - Traveller's Tales)
Leisure Suit Larry in the Land of the Lounge Lizards: Reloaded (HKLM-x32\...\Steam App 231910) (Version: - nFusion Interactive)
Lifeless Planet (HKLM-x32\...\Steam App 261530) (Version: - Stage 2 Studios)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - )
Lure of the Temptress (HKLM-x32\...\GOGPACKLURE_is1) (Version: 2.0.0.2 - GOG.com)
Machinarium (HKLM-x32\...\Steam App 40700) (Version: - Amanita Design)
magicJack (HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\magicJack) (Version: 3.1.6970.4873 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.1 (HKLM\...\{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}) (Version: 1.10.123.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version: - )
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
n52te Editor (HKLM-x32\...\{0AC8162B-5175-41D7-B963-8307A40BD456}) (Version: 5.01 - Razer USA Ltd.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Oblivion - Horse Armor Pack (HKLM-x32\...\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Knights of the Nine (HKLM-x32\...\{14C87AA7-08E6-419F-A165-998EBE5023D7}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Mehrunes Razor (HKLM-x32\...\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Orrery (HKLM-x32\...\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Spell Tomes (HKLM-x32\...\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Thieves Den (HKLM-x32\...\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Vile Lair (HKLM-x32\...\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion - Wizard's Tower (HKLM-x32\...\{2F2E3D62-8B8C-448F-8900-451325E50948}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Post Mortem (HKLM-x32\...\Post Mortem_is1) (Version: - GOG.com)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Quest for Glory Pack (HKLM-x32\...\GOGPACKQUESTFORGLORY_is1) (Version: 2.0.0.32 - GOG.com)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
REGSERVO (HKLM\...\REGSERVO) (Version: 1.0.9.3 - Tuneup System Software Pvt Ltd.)
Return to Mysterious Island 2 (HKLM-x32\...\Steam App 277270) (Version: - Anuman)
Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes)
Robin Hood: The Legend of Sherwood (HKLM-x32\...\Robin Hood: The Legend of Sherwood_is1) (Version: - GOG.com)
Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version: - Ascaron)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.44 (10/23/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.58.01(10/20/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.17 (9/17/2014) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.10 (6/20/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.05 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Sound Blaster X-Fi (HKLM-x32\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Still Life 2 (HKLM-x32\...\Still Life 2_is1) (Version: - GOG.com)
STK02N 2.3 (HKLM-x32\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.3 - Syntek)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version: - )
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - )
The Book of Unwritten Tales: The Critter Chronicles (HKLM-x32\...\Steam App 221830) (Version: - KING Art)
The Cave (HKLM-x32\...\Steam App 221810) (Version: - Double Fine Productions)
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version: - )
The Journey Down: Chapter Two (HKLM-x32\...\Steam App 262850) (Version: - SkyGoblin)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
The Last Express Gold Edition (HKLM-x32\...\Steam App 252710) (Version: - DotEmu)
The Raven - Legacy of a Master Thief (HKLM-x32\...\Steam App 233370) (Version: - KING Art)
The Room (HKLM-x32\...\Steam App 288160) (Version: - Fireproof Games)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version: - Frogwares)
The Vanishing of Ethan Carter (HKLM-x32\...\Steam App 258520) (Version: - The Astronauts)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Tinker (HKLM-x32\...\GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}) (Version: 1.0.0000.131 - Microsoft Corporation)
Tinker (x32 Version: 1.0.0000.131 - Microsoft Corporation) Hidden
Tinker (x32 Version: 1.0.0001.131 - Microsoft Corporation) Hidden
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - )
Treasure Adventure Game (HKLM-x32\...\GOGPACKTREASUREADVENTUREGAME_is1) (Version: 2.0.0.4 - GOG.com)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Ultima 4 - Quest of the Avatar (HKLM-x32\...\GOGPACKULTIMA4FREE_is1) (Version: 2.0.0.19 - GOG.com)
Unearthed: Trail of Ibn Battuta - Episode 1 - Gold Edition (HKLM-x32\...\Steam App 263680) (Version: - Semaphore)
Unity Web Player (HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warsow (HKLM-x32\...\GOGPACKWARSOW_is1) (Version: 2.1.0.12 - GOG.com)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - NVIDIA (nvlddmkm) Display (10/02/2012 9.18.13.0697) (HKLM\...\F676611C704DA775123AEFA1ACFB365586E0A874) (Version: 10/02/2012 9.18.13.0697 - NVIDIA)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Worlds of Ultima - Martian Dreams (HKLM-x32\...\GOGPACKWORLDSOFULTIMAMARTIAN_is1) (Version: 2.0.0.17 - GOG.com)
Worlds of Ultima - The Savage Empire (HKLM-x32\...\GOGPACKWORLDSOFULTIMASAVAGE_is1) (Version: 2.0.0.26 - GOG.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

03-08-2015 22:48:16 Device Driver Package Install: NVIDIA Display adapters
03-08-2015 22:51:02 Device Driver Package Install: NVIDIA Corporation Sound, video and game controllers

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2015-08-06 15:47 - 00450718 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F7A06E2-EC81-47DC-A0A9-60C9AB1BA22E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {15AB5337-1A52-4213-BEFE-1484FA42D603} - System32\Tasks\{5ACE07E1-C925-4319-89BC-B50B69CBBB82} => pcalua.exe -a "C:\Users\DreamChamber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMRJKHAJ\Bloodmoon_v1.6.1820.exe" -d C:\Users\DreamChamber\Desktop
Task: {160EE151-CD01-417E-B53E-09FF8B72D973} - System32\Tasks\{00C78FBD-2B23-47B4-B138-E858A0B1F3AF} => pcalua.exe -a D:\setup.exe -d D:\
Task: {1D7F9A9E-F57A-42E1-83FE-51310F12E4FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2F1C57BA-AF04-43F9-AD92-E383DB58195D} - System32\Tasks\Event Viewer Tasks\System_Microsoft-Windows-WLAN-AutoConfig_4001 => delete
Task: {3211AF84-3B8D-44ED-9EEC-7E62300E12FC} - \0 -> No File <==== ATTENTION
Task: {324BA9A9-AE27-49EE-B96D-6FA7D5387D5F} - System32\Tasks\{E76CBE4F-A63D-4AF4-AA40-1AF7BE91075A} => pcalua.exe -a D:\hoae-setup.exe -d D:\
Task: {44588C2B-6CD3-4375-89D0-2E8292701321} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {522889E9-6C6F-4DF6-8304-937362443400} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {5D8ADC28-56BB-4353-A13D-493CED3E5F40} - System32\Tasks\{F935128E-D0CA-4E12-B960-C4DB2B5AEFC0} => pcalua.exe -a D:\Oblivion_v1.1FinalEnglish.exe -d D:\
Task: {76FBADBE-7D6E-483F-BE92-595F5E7D78B1} - System32\Tasks\{161BC034-A2F9-4C45-B98E-A3F9CAA2F5E5} => pcalua.exe -a "C:\Users\DreamChamber\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\76WJL2XW\msicuu2.exe" -d C:\Users\DreamChamber\Desktop
Task: {783787B0-5BA7-450C-9299-B275BFD82ADE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [1999-12-31] (Microsoft Corporation)
Task: {82872F2F-3D05-4F03-BB62-19CB1F3AD92D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - DreamChamber => C:\Program Files\Windows Calendar\wincal.exe [2008-01-20] (Microsoft Corporation)
Task: {98B124D3-F221-47AB-A768-231F8F5D5D4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {9B960591-D34D-44F1-B9D0-D522D633E224} - \SparkTrust PC Cleaner Plus Startup -> No File <==== ATTENTION
Task: {BAE552B8-4FA4-45E3-B28C-52A40155CFA3} - System32\Tasks\{C5AEF25B-68A7-472B-9F3D-2E197CD5FD9D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Motive\InstallHelper.exe" -c /UninstallVendor=ATT-RC /Dir=C:\Program Files (x86)\ATT-RC
Task: {C318B1B8-0C18-4941-81E4-EC50422D2466} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [1999-12-31] (Microsoft Corporation)
Task: {CE52D313-75C6-4EB7-865D-C1E9505B8A76} - \SparkTrust PC Cleaner Plus_sch_AF48A024-36E9-11E5-9D1B-00044B18017B -> No File <==== ATTENTION
Task: {FBDE459B-A905-4C75-98C2-377B050DE693} - System32\Tasks\{5E59136F-58AA-4374-82C2-F3AAEA122179} => pcalua.exe -a "C:\Remote Programs\Chicken Invaders 3\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=742650;name=Chicken Invaders 3;dir=C:\Remote Programs\Chicken Invaders 3\;prvid=143;cmdid=1;prvdir=Default

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-22 12:01 - 2013-05-29 05:01 - 00034304 _____ () C:\Windows\System32\ssm4mlm.dll
2014-10-22 12:23 - 2014-04-16 01:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2014-10-22 12:23 - 2014-07-24 11:54 - 01194496 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\usp01du.dll
2013-07-24 15:05 - 2010-09-28 15:56 - 06550136 _____ () C:\Program Files\ipswitch\WS_FTP 12\res0409.dll
2009-07-25 10:28 - 2009-07-25 10:28 - 00107520 _____ () C:\Program Files (x86)\Golden FTP Server\gftp.dll
2013-07-18 13:53 - 2013-07-18 13:53 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2014-09-08 14:39 - 2014-09-08 14:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 12:24 - 2013-10-03 21:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2014-10-22 12:00 - 2014-08-18 17:08 - 00087552 ____N () C:\Windows\system32\SSDEVM64.DLL
2015-04-04 15:27 - 2015-07-14 12:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2010-12-01 23:16 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2010-12-01 23:16 - 2009-03-26 14:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-05-06 00:51 - 2010-05-06 00:51 - 00002560 _____ () C:\Windows\system32\CTXFIRES.DLL
2014-05-14 09:45 - 2014-05-14 09:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-07-24 15:05 - 2010-09-28 15:53 - 00948496 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\LIBEAY32.dll
2013-07-24 15:05 - 2010-09-28 15:53 - 00153360 _____ () C:\Program Files (x86)\Ipswitch\WS_FTP 12\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\DreamChamber\Documents\Hate Campaign.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

blakston6286 · 2015/08/10

Part 3 of Addition TXT.

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2619349527-444009395-1191911321-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DreamChamber\Pictures\IMAG0071.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WMP-Out-TCP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{6C805D06-7BF1-4ED1-99E8-A5BDFDFA58FD}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{6C7E0B85-326E-4E9D-9AFD-FB6F0890BE5D}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{710102DD-B5B2-47A1-8384-0E193E95DF96}] => (Allow) C:\Program Files (x86)\Windows Media Player\wmplayer.exe
FirewallRules: [{43A51583-A549-4A22-BBAC-6DED583794E4}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{7815BD68-CCE1-48ED-97B2-18A07C36DE42}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{32252F8D-3EE3-4267-AD3B-DE9FA4544FD1}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{E723C4A0-BD99-424F-A768-5806EAFBA9B0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E6490522-1649-4ACD-92C0-A4B2604B2A8E}] => (Allow) LPort=2869
FirewallRules: [{31EC4C25-53A7-48DC-9ECD-3FC3EFD4D487}] => (Allow) LPort=1900
FirewallRules: [{E8D00341-6A0F-471F-A40A-AA0E1589DB5B}] => (Allow) LPort=80
FirewallRules: [{84A9F3EE-E34A-4D55-B87D-985A67FB7723}] => (Allow) LPort=80
FirewallRules: [{9D1BD6B0-D44B-447E-AA71-956BB918EF2E}] => (Allow) LPort=80
FirewallRules: [{63A7AECF-4779-40F2-93B7-A56D986EEABB}] => (Allow) C:\Program Files (x86)\Microsoft Corporation\Tinker\Tinker.exe
FirewallRules: [{87C4E1FC-8967-49A2-8C46-4AB83BC21369}] => (Allow) C:\Program Files (x86)\Microsoft Corporation\Tinker\Tinker.exe
FirewallRules: [{C0772168-061F-4485-8EAB-33C69C083774}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F1123A1-826E-4DBC-9A03-4835F01C4F19}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E3F87C7F-9FA6-4453-9AD5-E3595197BC99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deponia Trailer\smp.exe
FirewallRules: [{55DC6C7C-C78A-4B96-995D-F92C027918C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deponia Trailer\smp.exe
FirewallRules: [{94C217C2-A05C-4D12-8EE5-8B20DEBF9B86}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{0A0CE445-36A3-4984-81D9-CBA35003110F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Book of Unwritten Tales\bout.exe
FirewallRules: [{E5957A48-D37A-4E39-87F6-AA644F419E3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{26343B81-FF6A-4659-BE2C-490A5CC0CB8C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{53AC81F1-FCF9-4625-A66E-805795B22593}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{529BF7F5-1FD0-43B6-A31D-3FFE9B2CA480}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\Torchlight2.exe
FirewallRules: [{0E3C33AA-BCEC-4069-95B8-72D58D1E7549}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Journey Down\JourneyDown1.exe
FirewallRules: [{6EFB4A9E-7762-4689-BAA0-C1120E9A8128}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Journey Down\JourneyDown1.exe
FirewallRules: [{501D0C58-FCF7-4B9F-90A6-1854A1033381}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Emerald City Confidential\ECC.exe
FirewallRules: [{5EDC79F2-B6C7-4F58-9D35-A10E0AF5F1F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Emerald City Confidential\ECC.exe
FirewallRules: [{9F33D380-D856-4000-9A6F-B1C2423F07E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{BF741BD0-7B61-43BD-8F68-5A4B9C2F77A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Machinarium\machinarium.exe
FirewallRules: [{B7BD8765-E900-41F8-870E-64E1237C1172}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{C54B45AA-05FB-4B1D-B42E-78AF4D9D091D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Limbo\limbo.exe
FirewallRules: [{3F618135-CDAE-4943-99B0-7268634188D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{61708097-A6F2-4F74-91E2-B767B98F344F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{4EF1BC08-498C-44E1-94D9-6B2B0A0B6B4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{4E82234C-9FFB-4795-9F07-17B149FEC563}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{72268711-3952-4225-AB69-D63C119237E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{FECEFE16-F16A-4628-AB65-FBFC6D3E8DEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [TCP Query User{4D29FCA0-6E90-450A-BD6A-50DA132DF794}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{FFF3132E-95F7-45B6-BCE7-7C77AB8A5242}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{7F4363DD-7A7B-46E3-AE0B-2C8E3D146DCE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LEGO Lord of the Rings\LEGOLOTR.exe
FirewallRules: [{11D76BEE-EEEC-4656-B556-9993753ED0BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LEGO Lord of the Rings\LEGOLOTR.exe
FirewallRules: [{34EDEDD7-E071-4309-ACB2-0A956324CFF5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{86CE3F67-29A0-4D22-91C4-83CB5865C86A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E750D382-65EC-4411-B7AB-A0470CD5E727}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evoland\Evoland.exe
FirewallRules: [{E75158E2-6FBA-49AC-A1F6-3CA4AB8CDF9B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Evoland\Evoland.exe
FirewallRules: [{E67492A8-341A-49CB-B9BB-996E2CE68B22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{F28FCB23-F024-4554-A718-86B0BD7EB900}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{0A3DB786-3004-4DC3-BD69-B968907906F9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{4DFC538A-3100-4FE8-828B-0260DFB2BC52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{0829A590-BF71-4B32-8D8B-6701E3C4150C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{A15B7EC2-AE31-4549-B51D-026B2874C839}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{7C35CAED-9D36-46C5-92DB-1DB0EF6E4EA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8FEFA663-0629-4CCD-880B-DEA42D67A398}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{16B070E2-F933-40D8-A783-F7E105233CB5}] => (Allow) C:\Users\DreamChamber\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{4D1E24D5-DCDF-4B46-AEA2-138F9568F467}] => (Allow) C:\Users\DreamChamber\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{8762880A-E21E-4700-A9AB-A2EB4C072ADF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ghost Master\ghost.exe
FirewallRules: [{83D6AC2B-38C8-4DC0-8F33-A14EBC7B6A01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ghost Master\ghost.exe
FirewallRules: [{9646B5F2-A59E-4CE9-9822-47E16ADC63FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Raven\launcher\TheRavenLauncher.exe
FirewallRules: [{E04CB441-8F15-4395-B073-7B351FBC615D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Raven\launcher\TheRavenLauncher.exe
FirewallRules: [{975AA82C-2B4A-4CFE-9217-7A0CF13DC67C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{F4A60AF2-AC22-47FF-A7C7-BB4A2988DD54}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{A155D0FA-94EB-4BCD-843D-EDA566B3EB03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [{59F33DAB-2DE0-4E7C-9EC0-B28640D26F24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [TCP Query User{9C0C97B2-0B2F-46B9-97A8-A192AC8933A0}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{2D4478E8-3EE7-443F-8385-77969431C1F6}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{E1160F59-8071-465E-A357-9F61C75C5D15}C:\program files (x86)\golden ftp server\gftp.exe] => (Block) C:\program files (x86)\golden ftp server\gftp.exe
FirewallRules: [UDP Query User{855E5751-5965-40EA-A9B4-D04A2D070FF4}C:\program files (x86)\golden ftp server\gftp.exe] => (Block) C:\program files (x86)\golden ftp server\gftp.exe
FirewallRules: [TCP Query User{C12FEE73-B7F2-45C5-8840-65832A8FE63C}C:\program files (x86)\golden ftp server\gftp.exe] => (Allow) C:\program files (x86)\golden ftp server\gftp.exe
FirewallRules: [UDP Query User{9C657844-CFE8-4779-8B34-3F2115655AB1}C:\program files (x86)\golden ftp server\gftp.exe] => (Allow) C:\program files (x86)\golden ftp server\gftp.exe
FirewallRules: [{A2B89529-019B-4EA4-BCE9-20B1AA5981C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Raven\launcher\TheRavenLauncher.exe
FirewallRules: [{104042D1-5718-4EFB-8150-5849971642DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Raven\launcher\TheRavenLauncher.exe
FirewallRules: [{6139F550-4F0B-4D79-9989-591709AA9B6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [{B545B9FF-CC11-4DBF-95B8-DD931C2562DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anna\Anna.exe
FirewallRules: [{3D8B5FD6-8053-40A3-8D95-53EE9A5B2CBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{D8955A97-84F6-4B78-94E6-6AAD4FF9A889}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{4D7016D8-3351-42A9-817B-B6D3F5391516}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Memoria\memoria.exe
FirewallRules: [{A318002C-41FF-4F67-8113-EFA457280C97}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Memoria\memoria.exe
FirewallRules: [{C6E65CC0-B40E-4E31-BB45-B3486C6D282F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{EC7706CE-35C0-45F1-9D14-6C83CEBAE0F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{8E3BB1E1-3899-4D33-B53A-0E233AA4E7FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{7A7934A6-0B9B-4D1E-8FB7-224B680BF608}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{B6FB4C1B-9FEE-445B-9635-12E90572FFA7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\A New Beginning\anb.exe
FirewallRules: [{B536EC33-1D0E-422F-B915-1286AD89C56B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\A New Beginning\anb.exe
FirewallRules: [{AFAB982B-6E59-4CC4-8E69-94FA88B55018}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\A New Beginning\VisionaireConfigurationTool.exe
FirewallRules: [{AF78A47A-BE3D-4BCB-93D2-1140AA0EC337}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\A New Beginning\VisionaireConfigurationTool.exe
FirewallRules: [{E9E2FDFD-5A29-4FC5-861F-0C46C75CFB1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\hm.exe
FirewallRules: [{087FA986-46F4-42C5-955D-C281C73FE514}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\hm.exe
FirewallRules: [{886D0B37-1A89-4373-A36E-366FDB86CDC9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A0385A17-9F83-4C03-A30C-CCCB20E587B4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D93B12E4-E341-4EBA-83C2-619A638B027D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{D25E3459-3132-4C74-B6D4-431140EAFE98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{FBDB0759-BD40-4AD1-BEEE-76B04A999A8D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Leisure Suit Larry in the Land of the Lounge Lizards Reloaded\LarryReloaded.exe
FirewallRules: [{DBB12787-01A3-4BBE-A2E3-69D774A412B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Leisure Suit Larry in the Land of the Lounge Lizards Reloaded\LarryReloaded.exe
FirewallRules: [{E342A094-31FE-4F36-8B1A-5DC33AEC43E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kairo\Kairo.exe
FirewallRules: [{64934275-AFA1-4BE7-BC58-D83504A758A8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kairo\Kairo.exe
FirewallRules: [{C3C1A0B8-B841-442E-B006-531CEE670CB9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kairo\Kairo.exe
FirewallRules: [{982376E6-DAFB-403B-AC68-E62EF27C0885}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kairo\Kairo.exe
FirewallRules: [{D221E20C-5BBF-4E60-931D-C816780B1CFA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{06E1979B-8D09-4B57-B38A-444FAA6C91D7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6757E637-8DE6-4B4E-BC4F-88B2DFCB89DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Return To Mysterious Island 2\RTMI2.exe
FirewallRules: [{272E76F6-07D1-430F-B74A-F1F2638AA7BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Return To Mysterious Island 2\RTMI2.exe
FirewallRules: [{188ABF2A-A850-4C74-ADC7-71EC65687AF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Age\BrokenAge.exe
FirewallRules: [{F6FDABE2-5758-486D-B513-D9CFB0A84D48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Age\BrokenAge.exe
FirewallRules: [{89F9C6ED-FD2F-4F4B-AF43-0C8185C527F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{28F87B43-10CB-4D70-8133-E8172D2FEB00}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{05A942DF-5BEF-49AB-AEB5-90251AB2956D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{441400B2-9F65-413A-89FF-63BA0770311B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{E3A7E869-AB5F-4C09-BD29-8E41004A51D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{AD5471C9-7E48-4987-9713-50C194FFD79E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{47EBE63E-BF14-4BFF-A8E8-E48B3FB811D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{E9D4DC42-A075-428F-B9DF-03B5D595B57E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Shadowrun Returns\Shadowrun.exe
FirewallRules: [{EBCE6BA0-336B-48D5-AAD2-01D0E5A2D245}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lifeless Planet\LifelessPlanet.exe
FirewallRules: [{1F881849-C0AE-45E0-9EB1-F0C705F1B182}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lifeless Planet\LifelessPlanet.exe
FirewallRules: [{930C63F3-1D9A-43E5-8D9C-8D189F592F56}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Faery - Legends of Avalon\FaerySteam.exe
FirewallRules: [{6DAC62DB-360E-4BCE-AB11-469652575779}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Faery - Legends of Avalon\FaerySteam.exe
FirewallRules: [{5B3FADE6-39C7-4DA4-9AF9-B4617270198B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CaptainMorgane\CaptainMorgane.exe
FirewallRules: [{B118B1DE-37BD-431F-A1A7-2858017BE61C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CaptainMorgane\CaptainMorgane.exe
FirewallRules: [{FFC330E3-700A-4516-A32F-68499836179F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Journey of a Roach\JoaR.exe
FirewallRules: [{DD0F4CAC-2D07-4DE3-B445-230C71C95DA1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Journey of a Roach\JoaR.exe
FirewallRules: [{CAF32BCC-99A4-4715-B43F-06AABC9B45D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Journey of a Roach\JoaR_config.exe
FirewallRules: [{6222AB04-0882-48FF-865F-470B29673021}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Journey of a Roach\JoaR_config.exe
FirewallRules: [{859A9BE6-5C98-471A-B7CE-DCBE46B2E2EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{75FBD50E-3B7D-4E47-9262-F2843B13B787}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [TCP Query User{8ED55DB9-6C93-416B-84AF-3C9FAF2F01BF}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [UDP Query User{552C1AEA-2242-4E3C-A073-3AF5DB6CFAC8}C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sacred 2 gold\system\s2gs.exe
FirewallRules: [{60E4950B-1DD8-4BFA-BF7A-E3C5097BB8A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risen\bin\Risen.exe
FirewallRules: [{A551178D-27BF-4C17-8FE0-297B168CBDFD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risen\bin\Risen.exe
FirewallRules: [{8B0A0B0E-91A7-4709-9C2B-81DD15E79B21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LastExpress\TheLastExpressSteam.exe
FirewallRules: [{6667778F-B083-4D24-BBEE-DA63619A4FF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LastExpress\TheLastExpressSteam.exe
FirewallRules: [{7AFF8D4C-20A5-4BAE-BEF3-58C2D25C6524}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\UnearthedEpisode1\Unearthed-Episode1.exe
FirewallRules: [{A786CEC3-9A3D-482A-B0A4-FB82F04FC618}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\UnearthedEpisode1\Unearthed-Episode1.exe
FirewallRules: [{6D2AC9E1-85B6-48B9-BE46-C94B1F672C43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheRoom\TheRoom.exe
FirewallRules: [{A1442EB3-501C-43E2-AA3C-A1BBD2A9E5DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheRoom\TheRoom.exe
FirewallRules: [{70B7BA2D-08E3-47DA-8616-5A31E4BDD1E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{445B1BDE-3752-4F32-8198-65724A140122}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{890C595C-A9AD-4963-9482-96AFD117A36D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A6C4087C-4D8C-4845-9D73-2DBB721DA950}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{691AC28F-7D68-4B50-A303-AEFFE90BD0BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deponia\Deponia.exe
FirewallRules: [{56B43602-4602-4435-87FB-21A1A17EB257}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deponia\Deponia.exe
FirewallRules: [{4CA07892-E6AA-4786-967F-A223227B7FDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{CB161629-3252-420C-9E0D-08B01FE5E001}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{C57A5A44-BA89-4DF2-A220-1F37443C1E82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risen 2\system\Risen2.exe
FirewallRules: [{DA939A19-A558-43A3-807E-6235DE311C13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Risen 2\system\Risen2.exe
FirewallRules: [{698D3538-683C-4B60-AB59-F9DD2FC5204E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Journey Down Chapter Two\JourneyDown2.exe
FirewallRules: [{4D582771-C07C-4FAC-9643-03D98FC8BEAC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Journey Down Chapter Two\JourneyDown2.exe
FirewallRules: [{16AE40C5-FC00-4B06-AE81-80D3FBD7F361}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{88A3CDC1-7835-4A18-B8B3-26A962D2ED09}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{B67FE4CA-25D2-44C1-A173-CC68DD893EDE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{27632974-B315-4AD9-8EFD-FC91A99543A2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{E6FF4733-A080-4348-8109-48FF4FAFAD2F}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{4BE44172-CCE1-4670-B217-9FBDDAD3C7FB}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0E4E3CA5-F359-487B-914F-5CACC8B93EB1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{C21886FB-D31B-40AD-8E53-9E4BE8A526D2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{97062D20-CAFF-4FBB-A4BF-723FF3490486}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{BC78D06E-04DC-4E92-B1CC-D7F9285923E2}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{E06147D2-BF13-4219-A547-013D2AEF0346}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [TCP Query User{677D14F1-1014-456A-9558-B9AF15642143}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{65EE236F-0041-4CA6-A031-7525D7657EC6}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{0FDA2C04-DE4E-4513-8A51-260F241D770E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{6EBF2892-3CD6-4124-BBF6-2F5FC87F055E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{0C661DEF-ED1F-4AEC-A238-D45BECD48760}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{9E071ABB-58E6-4E02-955D-19065D339E09}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{4E806844-B872-4366-84B1-26DABE087E4C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{96EA26E2-543E-487C-A32B-1BBF18313EA3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{260F6F92-63DF-4D44-BC63-98982BBFE98B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{21604EF8-72DA-4416-975B-5B1D0FE94ABA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{F37178CD-F3D1-4D21-92F5-339695CB8ED3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{1E5921EA-AA57-4B4F-BB06-9C82B814CAAA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{EAB81D90-6120-4728-AB10-60B0F55E3D37}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{28790628-496B-4654-A8D4-768CC533F467}] => (Allow) C:\Program Files (x86)\Microsoft Games\Fable III\Fable3.exe
FirewallRules: [{A7F7767E-0004-479B-AA32-C192DBED92B8}] => (Allow) C:\Program Files (x86)\Microsoft Games\Fable III\Fable3.exe
FirewallRules: [{3C445696-82B6-475C-BB25-7017D485202B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Critter Chronicles\CritterChronicles.exe
FirewallRules: [{F9FAED49-C904-4CF0-9C79-14BFDB10E641}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Critter Chronicles\CritterChronicles.exe
FirewallRules: [{02B122B9-8F0F-4C6C-8C70-A97C307D4A2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F74858E0-A0BF-402B-A4BC-32FC0765A6AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{039F2748-AD5A-4F90-BEA2-50668B0FD119}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anachronox\anox.exe
FirewallRules: [{7B7A764F-85F1-436A-9D6D-2235C7C38469}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Anachronox\anox.exe
FirewallRules: [{CD44F53C-519A-4C5F-BCE6-5875489379EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{D9D1BD49-B037-482B-98BC-54EEDB7376F3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{999D753C-FE01-42D3-ACFF-08E9DF06918C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheCave\Cave.exe
FirewallRules: [{7917CE1A-B6E9-4A87-8AD8-C8B37B110AFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheCave\Cave.exe
FirewallRules: [{A0DD83BF-4EC7-4C92-B3A1-9A89BAB5CF72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{D594218A-FC4F-4B44-BFDF-140D5B1536D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{F862957A-B458-4219-97B4-385AE20A8E44}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{793220AC-51DF-439D-AFC3-E2DB1A34540F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{EDDA5A84-92AF-4DCE-A4CB-41A80A2FC69A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{A73575E3-32E6-48A8-A198-C93761E8199E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{D46305AE-91CC-40A6-B377-FF574DD28B99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dream\_Rift\Binaries\Win32\DreamRift.exe
FirewallRules: [{49F36C5D-4961-4BB8-B4CE-F4C5A4DDE91A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dream\_Rift\Binaries\Win32\DreamRift.exe
FirewallRules: [{3DA751A3-AD21-4A7D-AD65-F091BC3D2FE9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D155C01-F698-4F3D-BA92-854B42BE029B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C74EDDD-4A71-41EF-A8FF-C61245FE0CDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E7164EC4-2DA7-4EB4-B544-A714A50C2BD3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC808EDB-18FC-4AE8-AA36-C306E9184C1A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contrast\Binaries\Win32\ContrastGame.exe
FirewallRules: [{B8D3F327-7637-42C9-A72E-0CA3C51BE695}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Contrast\Binaries\Win32\ContrastGame.exe
FirewallRules: [{2FBC66AC-663C-4CE0-9635-E252E68EEFCC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{26CE163E-464C-40F1-B8E5-007367A59526}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fable Anniversary\Binaries\Win32\Fable Anniversary.exe
FirewallRules: [{ABF4589F-0D1E-4CD3-8EB4-FE666C490ABD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe
FirewallRules: [{318A27DA-10BF-4E67-A3BB-635DE28EDC6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Broken Sword 5\BS5.exe
FirewallRules: [{99A1D6B7-0534-4134-AD3A-D90785D88480}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{63BCA985-8DCE-45BF-9670-3A493498BACB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{EFE3A83F-1F4B-4A33-8014-F217A5BC486E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{B6368057-9622-49A0-A9F8-ADDC426E6BC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{FC800AB4-6593-419A-87E5-A2950D9954CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{D77EA657-0D6D-4B22-B5E8-921BE172287F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{5285C296-74D0-4224-A72C-68A2D09C348F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{6950BD0B-3EB1-4972-9533-534EF130ED4B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{17359272-9B70-4CEB-B1A1-1E576ED89597}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5C18EC1D-8565-4975-B230-3F7D2AB3C2AC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{20B706DE-E303-42AF-8399-097978683052}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5462B49E-8FED-4BDA-B5F3-A4AD37CED2EC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{25A03098-847F-45F4-8F61-B4E707984A61}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dream\Binaries\Win32\Dream.exe
FirewallRules: [{730A6A27-B356-43A8-8630-5C640B6E2271}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dream\Binaries\Win32\Dream.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\GOG.com\Iron Storm\IronStorm.exe] => Enabled:Iron Storm
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\GOG.com\Iron Storm\IronStorm_DS.exe] => Enabled:Iron Storm DS

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2015 11:35:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2015 11:34:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "1 ".
Dependent Assembly rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/06/2015 02:01:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 02:00:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "1 ".
Dependent Assembly rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2015 02:24:12 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1316. The specified account already exists.

Error: (08/05/2015 02:14:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2015 02:13:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "1 ".
Dependent Assembly rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/03/2015 06:15:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 12:51:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 12:50:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "1 ".
Dependent Assembly rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (08/09/2015 11:35:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
SBRE

Error: (08/09/2015 11:35:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (08/06/2015 02:01:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
SBRE

Error: (08/06/2015 02:01:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (08/05/2015 07:01:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceCarboniteService%%1056

Error: (08/05/2015 07:00:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: CarboniteService1600001Restart the service

Error: (08/05/2015 02:14:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd
SBRE

Error: (08/05/2015 02:14:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: DgiVecp%%2

Error: (08/03/2015 06:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: CarboniteService1600001Restart the service

Error: (08/03/2015 06:23:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service

Microsoft Office:
=========================
Error: (08/09/2015 11:35:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2015 11:34:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (08/06/2015 02:01:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2015 02:00:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (08/05/2015 02:24:12 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)

Error: (08/05/2015 02:14:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2015 02:13:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (08/03/2015 06:15:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 12:51:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 12:50:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

CodeIntegrity:
===================================
Date: 2015-08-09 12:56:50.090
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:49.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:49.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:49.482
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:49.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:48.951
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:48.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:48.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:48.046
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-09 12:56:47.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgmfx64.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Percentage of memory in use: 60%
Total physical RAM: 4093.64 MB
Available physical RAM: 1624.25 MB
Total Virtual: 8380.5 MB
Available Virtual: 5796.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:29.4 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Fable III) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 481862CC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================

broni · 2015/08/10

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

blakston6286 · 2015/08/10

I actually went to these instructions before starting this post because you recommended following these instructions to the letter.
I will do the process once again and then include the FRST and Addition txt files after the process is completed again?

broni · 2015/08/10

I don't need FRST logs for now.
Follow my previous reply.

blakston6286 · 2015/08/10

This is the text log for Rogue Killer.

RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : DreamChamber [Administrator]
Started from : C:\Users\DreamChamber\Desktop\Malware Cleaners\RogueKillerX64.exe
Mode : Delete -- Date : 08/10/2015 17:31:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2619349527-444009395-1191911321-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dogpile.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2619349527-444009395-1191911321-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dogpile.com/ -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] h6c98cvc.default : user_pref( "browser.startup.homepage ", "https://www.dogpile.com/ "); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST350041 0AS SCSI Disk Device +++++
--- User ---
[MBR] 75c29971fda50870c11e978187f0bb8e
[BSP] cb220c66a99f2808d4bdbfe48e5b8968 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

blakston6286 · 2015/08/10

Here is the MBAM file

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/10/2015
Scan Time: 5:37:26 PM
Logfile: MBAM SCAN LOG TEXT FILE for today August 10.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.10.06
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: DreamChamber

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 396979
Time Elapsed: 22 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.DogPile.A, HKU\S-1-5-21-2619349527-444009395-1191911321-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.dogpile.com/, Good: (www.google.com), Bad: (http://www.dogpile.com/),Replaced,[979714f36229fb3b7005271d1ee7a65a]

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.OpenCandy, C:\Users\DreamChamber\Desktop\STUFF\Various Media players\Media Player\The_KMPlayer.exe, Quarantined, [0d212ed9e0abd3639c2e7bf8d62f6b95],
PUP.Optional.DogPile.A, C:\Users\DreamChamber\AppData\Roaming\Mozilla\Firefox\Profiles\h6c98cvc.default\prefs.js, Good: (browser.startup.homepage ", "https://www.malwarebytes.org/restorebrowser/), Bad: (browser.startup.homepage ", "https://www.dogpile.com), Replaced,[1f0f26e15833d5612e58880215f0867a]

Physical Sectors: 0
(No malicious items detected)

(end)

blakston6286 · 2015/08/10

Here is the AdwCleaner Xplode logfile text

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 19:00:28
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : DreamChamber - DREAMCHAMBER-PC
# Running from : C:\Users\DreamChamber\Desktop\Malware Cleaners\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16669

-\\ Mozilla Firefox v39.0.3 (x86 en-US)

*************************

AdwCleaner[R0].txt - [16991 bytes] - [30/07/2015 11:15:32]
AdwCleaner[R1].txt - [12105 bytes] - [30/07/2015 13:10:17]
AdwCleaner[R2].txt - [1042 bytes] - [01/08/2015 01:06:58]
AdwCleaner[R3].txt - [1161 bytes] - [03/08/2015 15:23:42]
AdwCleaner[R4].txt - [1281 bytes] - [10/08/2015 18:58:52]
AdwCleaner[S0].txt - [1882 bytes] - [30/07/2015 11:19:05]
AdwCleaner[S1].txt - [11023 bytes] - [30/07/2015 13:12:30]
AdwCleaner[S2].txt - [1107 bytes] - [01/08/2015 01:51:42]
AdwCleaner[S3].txt - [1226 bytes] - [03/08/2015 18:12:57]
AdwCleaner[S4].txt - [1207 bytes] - [10/08/2015 19:00:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1266 bytes] ##########

blakston6286 · 2015/08/11

Here is the JRT logfile.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by DreamChamber on Mon 08/10/2015 at 19:06:59.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/10/2015 at 19:14:43.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

broni · 2015/08/11

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

blakston6286 · 2015/08/12

Hello,
I did have to uninstall AVG because inspite of me disabling it for the Combofix scan it just popped up wanting to delete combofix right in the middle of the process. So I also uninstalled Spybot S$D just in case it had been corrupted by this whole problem. I can always find it and reinstall it anew like AVG...

Here is the COMBO Fix log.
Since I had to shut it down because AVG kicked in interferringwith the process the first time I hope it contains all the necessary info.I just started it again and tis timeit took hardly anytime at all to complete.

ComboFix 15-08-08.01 - DreamChamber 08/12/2015 8:54.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2353 [GMT -7:00]
Running from: c:\users\DreamChamber\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\msdownld.tmp
c:\windows\SysWow64\SETDB99.tmp
c:\windows\SysWow64\SETE410.tmp
c:\windows\SysWow64\SETECA9.tmp
c:\windows\SysWow64\SETF37C.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-07-12 to 2015-08-12 )))))))))))))))))))))))))))))))
.
.
2015-08-12 16:04 . 2015-08-12 16:04 -------- d-----w- c:\users\DreamChamber\AppData\Local\temp
2015-08-12 16:04 . 2015-08-12 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-09 19:54 . 2015-08-09 19:58 -------- d-----w- C:\FRST
2015-08-04 05:46 . 2015-07-23 04:06 37748880 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-08-04 05:46 . 2015-07-23 04:06 3407144 ----a-w- c:\windows\system32\nvapi64.dll
2015-08-04 05:46 . 2015-07-23 04:06 3008880 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-07-30 18:51 . 2015-08-11 00:24 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-30 18:51 . 2015-07-30 19:19 -------- d-----w- c:\programdata\RogueKiller
2015-07-30 18:40 . 2015-07-30 18:40 -------- d-----w- c:\programdata\VIPRE
2015-07-30 18:40 . 2015-07-30 18:40 -------- d-----w- c:\program files\Common Files\AV
2015-07-30 18:12 . 2015-08-11 02:00 -------- d-----w- C:\AdwCleaner
2015-07-30 18:07 . 2015-08-11 01:50 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-30 18:07 . 2015-07-30 18:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-30 18:07 . 2015-07-30 18:07 -------- d-----w- c:\programdata\Malwarebytes
2015-07-30 18:07 . 2015-06-18 15:41 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-30 18:07 . 2015-06-18 15:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-30 18:07 . 2015-06-18 15:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-27 19:39 . 2015-07-14 16:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-27 19:39 . 2015-07-14 15:45 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-07-27 19:39 . 2015-07-14 14:34 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-07-27 19:39 . 2015-07-14 14:23 296960 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-27 19:36 . 2015-07-03 15:41 1916416 ----a-w- c:\windows\system32\ole32.dll
2015-07-27 19:36 . 2015-07-03 16:04 1316864 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-27 19:36 . 2015-06-25 03:09 2796032 ----a-w- c:\windows\system32\win32k.sys
2015-07-27 19:35 . 2015-05-31 07:54 259584 ----a-w- c:\windows\system32\cewmdm.dll
2015-07-27 19:35 . 2015-05-31 08:11 225792 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-07-27 19:34 . 2015-06-17 16:50 2264576 ----a-w- c:\windows\SysWow64\msi.dll
2015-07-27 19:34 . 2015-06-17 15:18 125440 ----a-w- c:\windows\system32\msiexec.exe
2015-07-27 19:34 . 2015-06-17 15:09 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-07-27 19:34 . 2015-06-17 16:23 3137536 ----a-w- c:\windows\system32\msi.dll
2015-07-27 19:34 . 2015-06-12 16:03 304640 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-27 19:34 . 2015-06-12 15:46 390656 ----a-w- c:\windows\system32\gdi32.dll
2015-07-27 19:23 . 2015-06-17 01:46 223744 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2015-07-27 19:23 . 2015-06-17 01:45 11264 ----a-w- c:\windows\system32\msfeedssync.exe
2015-07-27 19:23 . 2015-06-17 01:12 367616 ----a-w- c:\windows\SysWow64\html.iec
2015-07-27 19:23 . 2015-06-17 01:09 22528 ----a-w- c:\program files (x86)\Internet Explorer\ExtExport.exe
2015-07-27 19:23 . 2015-06-17 01:08 223232 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe
2015-07-27 19:23 . 2015-07-03 06:18 17887744 ----a-w- c:\windows\system32\mshtml.dll
2015-07-27 19:23 . 2015-07-03 06:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-07-27 19:23 . 2015-07-03 05:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-07-27 19:23 . 2015-07-03 06:02 490496 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2015-07-27 19:23 . 2015-07-03 05:19 474624 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2015-07-22 23:36 . 2015-07-22 23:36 -------- d-----w- c:\users\DreamChamber\AppData\Roaming\Enigma Software Group
2015-07-22 23:36 . 2015-07-22 23:36 -------- d-----w- C:\sh4ldr
2015-07-22 23:36 . 2015-07-22 23:36 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2015-07-22 06:45 . 2015-07-22 06:45 -------- d-----w- c:\users\DreamChamber\AppData\Local\CEF
2015-07-20 00:37 . 2015-07-22 23:36 -------- d-----w- c:\program files\Enigma Software Group
2015-07-20 00:17 . 2015-07-20 00:17 -------- d-----w- C:\inetpub
2015-07-19 22:24 . 2015-07-19 22:24 453 ----a-w- c:\users\DreamChamber\AppData\Local\LMIR0002.tmp.bat
2015-07-19 22:24 . 2015-07-19 22:24 378 ----a-w- c:\users\DreamChamber\AppData\Local\LMIR0002.tmp_r.bat
2015-07-19 22:00 . 2015-07-19 22:20 -------- d-----w- c:\users\DreamChamber\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 14:15 . 2012-04-08 22:06 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-12 14:15 . 2011-05-18 20:57 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-23 04:06 . 2014-12-24 01:33 15892200 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-07-23 04:06 . 2014-11-07 19:47 12876336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-07-23 01:31 . 2012-01-04 19:46 937616 ----a-w- c:\windows\system32\nvvsvc.exe
2015-07-23 01:31 . 2012-01-04 19:46 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-07-23 01:31 . 2012-01-04 19:46 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-07-23 01:31 . 2008-12-25 16:08 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-07-23 01:31 . 2012-01-04 19:46 3493008 ----a-w- c:\windows\system32\nvsvc64.dll
2015-07-23 01:31 . 2012-01-04 19:46 6873744 ----a-w- c:\windows\system32\nvcpl.dll
2015-07-20 14:16 . 2014-05-27 01:08 5121613 ----a-w- c:\windows\system32\nvcoproc.bin
2015-07-03 15:43 . 2006-11-02 12:35 130333168 ----a-w- c:\windows\system32\mrt.exe
2015-06-17 09:10 . 2015-06-27 17:38 40280 ----a-w- c:\windows\system32\nvhdap64.dll
2015-06-17 09:10 . 2015-06-27 17:38 204648 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-06-17 09:10 . 2015-06-27 17:38 1898128 ----a-w- c:\windows\system32\nvdispco6435330.dll
2015-06-17 09:10 . 2015-06-27 17:38 1557832 ----a-w- c:\windows\system32\nvdispgenco6435330.dll
2015-06-17 09:10 . 2015-01-25 10:05 1567576 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-05-28 07:04 . 2015-06-03 02:26 1898312 ----a-w- c:\windows\system32\nvdispco6435306.dll
2015-05-28 07:04 . 2015-06-03 02:26 1557832 ----a-w- c:\windows\system32\nvdispgenco6435306.dll
2015-05-18 11:57 . 2015-06-14 21:11 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B975F9C-DF82-4613-803A-C33BA7DAB775}\mpengine.dll
2010-04-03 04:01 . 2010-12-09 05:48 356104 ----a-w- c:\program files\binkw32.dll
2010-04-03 04:01 . 2010-12-09 05:48 337160 ----a-w- c:\program files\uninst.exe
2010-04-03 04:01 . 2010-12-09 05:48 330504 ----a-w- c:\program files\fmodex.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2015-05-29 23:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2015-05-29 23:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2015-05-29 23:35 1030864 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"cdloader "= "c:\users\DreamChamber\AppData\Roaming\mjusbsp\cdloader2.exe" [2013-05-06 51592]
"GoldenFTPserver "= "c:\program files (x86)\Golden FTP Server\GFTP.exe" [2012-06-05 1710592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel "= "c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"Jomantha "= "c:\program files (x86)\n52te\n52teHid.exe" [2008-06-13 159744]
"CTxfiHlp "= "CTXFIHLP.EXE" [2010-05-06 25600]
"Carbonite Backup "= "c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2015-05-29 1065680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2013-5-23 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdReg "=c:\windows\UpdReg.EXE
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 14:15]
.
2015-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09 18:57]
.
2015-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-09 18:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Green]
@= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2015-05-29 23:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Partial]
@= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2015-05-29 23:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ Carbonite.Yellow]
@= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2015-05-29 23:28 1304784 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat "= "c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
"NVRaidService "= "c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]
"NvBackend "= "c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-07-24 2634896]
"RTHDVCPL "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13662936]
"itype "= "c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1873256]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 2417032]
"CDAServer "= "c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2014-09-08 464608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DreamChamber\AppData\Roaming\Mozilla\Firefox\Profiles\h6c98cvc.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser//
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EEDSpeedLauncher - c:\windows\system32\eed_ec.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2015\avgui.exe
Wow6432Node-HKU-Default-Run-EEDSpeedLauncher - c:\windows\system32\eed_ec.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233} "=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F} "=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{9030D464-4C02-4ABF-8ECC-5164760863C6} "=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp "=hex:52,fd,f1,b7,2a,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.18 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@= "Shockwave Flash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=" "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@= "FlashBroker "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\FLAGS]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0\HELPDIR]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue "=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2015-08-12 09:07:38
ComboFix-quarantined-files.txt 2015-08-12 16:07
.
Pre-Run: 38,000,463,872 bytes free
Post-Run: 37,308,960,768 bytes free
.
- - End Of File - - E41F6E3E389F319F28F643AF4BCAB09E
5C616939100B85E558DA92B899A0FC36

blakston6286 · 2015/08/12

After I ran combo fix and I rebooted I ran my Premium program Spyhunter 4. As Spyhunter 4 was going thru its process a window popped up that was named.....
SpyHunter 4 -HOSTS file monitor

The category said 'C:\Windows\system32\drivers\etc\hosts' Has been modified as follows:

Within the window was a two category explanation. Column one was named Action...Column two was named Line Content.

Under the action column the word Added was typed in front of every single Line Content entry.

This list was thousands long so I suspect it was the problem I kept running into with Spybot when I initialized the process and it told me I had 6000 process running because the very first entry was this...#start of entries inserted by Spybot-search and destroy...

I wanted to erase all thes 'hosts' but I was not given that choice There were 3 buttons at the bottom of the window ...The button at the far left was...Remind me later....the two buttons over on the far right were Accept and Restore...neither of which sounded like a good idea....so I just clicked on the X to close the window..

I tried to highlight these entries and one by one delete them but the process would not let me.
I think these are the 6000 bogus processes that are running and hanging up my computer.

Can I go to C:\Windows\system32\drivers\etc\hosts thru the RUN program and eliminate these intruders? Or where can I find these and eliminate them?????

broni · 2015/08/12

I strongly recommend you uninstall SpyHunter.
See here: https://www.mywot.com/en/scorecard/enigmasoftware.com?utm_source=addon&utm_content=popup-donuts

You can reinstall AVG now.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

blakston6286 · 2015/08/12

I just paid $40 for SpyHunter4 because It was listed on this site as a recommended process.
You say uninstall spyhunter...That is not going to happen..I am far from wealthy.

I tried to reinstall AVG and my computer will not let me do it.

Here is the message I get when I try to download and install AVG now....
Source File Not found: C:\ProgramData\MFAData\pack\basea.cab....verify the file exists and that you can access it
severity Error
Error code 0xE0010013 The specified Registry key does not exist.

So know it seems I cannot reinstall AVG and that has to happen I will be twisting in the wind without it.

broni · 2015/08/12

You say uninstall spyhunter...That is not going to happen..I am far from wealthy.
Click to expand...

This is not about your wealth. This is about your computer health.
Spy Hunter is nothing by a scam and scareware.
If it's on your computer we can't continue with this topic.
Unfortunately.
Let me know what your final decision is.

blakston6286 · 2015/08/12

Well I was cruising solutions on this site before I did an inquiry and someone had Spyhunter as a recommendation..never again.....That's $40 bucks I'll never see again.

This is the first part of the new huge FRST file.....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-08-2015
Ran by DreamChamber (administrator) on DREAMCHAMBER-PC (12-08-2015 16:45:05)
Running from C:\Users\DreamChamber\Desktop
Loaded Profiles: DreamChamber (Available Profiles: DreamChamber)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(KMiNT21 Software) C:\Program Files (x86)\Golden FTP Server\GFTP.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Razer USA Ltd.) C:\Program Files (x86)\n52te\n52teHid.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\DreamChamber\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [855608 2007-09-26] (Microsoft Corporation)
HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 1999-12-31] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 1999-12-31] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [Jomantha] => C:\Program Files (x86)\n52te\n52teHid.exe [159744 2008-06-13] (Razer USA Ltd.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [25600 2010-05-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065680 2015-05-29] (Carbonite, Inc.)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [cdloader] => C:\Users\DreamChamber\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2013-05-06] (magicJack L.P.)
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\...\Run: [GoldenFTPserver] => C:\Program Files (x86)\Golden FTP Server\GFTP.exe [1710592 2012-06-05] (KMiNT21 Software)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-05-29] (Carbonite, Inc.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2619349527-444009395-1191911321-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2619349527-444009395-1191911321-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2619349527-444009395-1191911321-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{283EFCBD-9A8F-4AAC-B999-7F2525913441}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5ADBCBA9-F140-41A8-9DDA-7670F01ADF35}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\DreamChamber\AppData\Roaming\Mozilla\Firefox\Profiles\h6c98cvc.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.malwarebytes.org/restorebrowser//
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-07-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-07-18] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2619349527-444009395-1191911321-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DreamChamber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-07-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-24] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-24] (Alcatel-Lucent) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; no ImagePath
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-03] (GFI Software)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [243712 2012-08-29] (Realtek Semiconductor Corp.) [File not signed]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 1999-12-31] (Realsil Semiconductor Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [377560 1999-12-31] (Realsil Semiconductor Corporation)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-10] (Anchorfree Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CT20XUT.DLL; system32\CT20XUT.DLL [X]
S3 CTEXFIFX.DLL; system32\CTEXFIFX.DLL [X]
S3 CTHWIUT.DLL; system32\CTHWIUT.DLL [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RET55a64; \??\C:\Program Files (x86)\BeyondTrust\Retina 5\Scanner\RET55a64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys E58A17E945593544C707423F9772EEA0
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys D44BA2F707838E0FEF35BCEC5CBD9D60
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\drivers\CT20XUT.SYS F2E8C13E27A0044A19BA82E5C6E8879E
C:\Windows\System32\drivers\CT20XUT.SYS F2E8C13E27A0044A19BA82E5C6E8879E
C:\Windows\System32\drivers\ctac32k.sys 15425196A518C4F0D5A5BBA524D60C4B
C:\Windows\System32\drivers\ctaud2k.sys 095F82704725DB00307A9C7193C13B3C
C:\Windows\System32\drivers\CTEXFIFX.SYS 4551FC6A89328995D87DC23E4FD1050B
C:\Windows\System32\drivers\CTEXFIFX.SYS 4551FC6A89328995D87DC23E4FD1050B
C:\Windows\System32\drivers\CTHWIUT.SYS 4EC7E207A05B974F59F477E3305CD60D
C:\Windows\System32\drivers\CTHWIUT.SYS 4EC7E207A05B974F59F477E3305CD60D
C:\Windows\System32\drivers\ctprxy2k.sys 3E4E7A4A3B2F3D0172F276A0A1A60595
C:\Windows\System32\drivers\ctsfm2k.sys 15AC0A5AA8E88FD6843C70C1738EB963
C:\Windows\System32\DRIVERS\dc3d.sys 8491CB08BD8248EAA31FBCA5135794B1
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 362CCEF305F45829316D62D3410F2062
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\System32\drivers\emupia2k.sys C8F9F86A1A078FDB304E2B6029F1E5E2
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1E34B436811CCA4A2783C0BC7A0BEB2E
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\System32\drivers\ha20x2k.sys 57F6CF8C66D23B2EBD32B4A00FE82A15
C:\Windows\System32\drivers\HdAudio.sys 68E732382B32417FF61FD663259B4B09
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys FA2B7507CD49908B2260949E52F8B9FE
C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\drivers\JmtFltr.sys 112809CE3919156C484C5BBE61EEEE25
C:\Windows\System32\DRIVERS\jraid.sys C0D9BA660A41EE8A269EF804E6CD0D7B
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys AAF3F0043C09E6D2DC0D794F2C43CA65
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\mbam.sys A8D28D5B3E2A528D1EF0E338E44F2820
C:\Windows\system32\drivers\mwac.sys A26EE2D2D376107A78B9576BCB464996
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys F0142D3C0505B1B6DB8591A49C005C16
C:\Windows\System32\DRIVERS\mrxsmb.sys B31DB7D6E624479EA20FEE17E712A44C
C:\Windows\System32\DRIVERS\mrxsmb10.sys 2EB4A3EDA9FBECEC53CA2BB0853E2B66
C:\Windows\System32\DRIVERS\mrxsmb20.sys 3F979D9CE02323CB3EBD15174732C8C1
C:\Windows\System32\drivers\msahci.sys AA459F2AB3AB603C357FF117CAE3D818
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\System32\DRIVERS\nvmfdx64.sys 98350606682594521D56ECCB5D01ECF7
C:\Windows\System32\drivers\nvhda64v.sys B9E5A80F646DDFEF158773722A466EA3
C:\Windows\System32\DRIVERS\nvlddmkm.sys 45F83C99EDF3253D047F692A42C1A51A
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\System32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\System32\DRIVERS\nvstor64.sys 71B6ECD3C56FBF12FB1968DA3953B703
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\System32\drivers\ctoss2k.sys 64184884B0F505E0E8D8A48F551E13A8
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\System32\drivers\pciide.sys 2657F6C0B78C36D95034BE109336E382
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\point64.sys 4F0878FD62D5F7444C5F1C4C66D9D293
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\Drivers\RtsUStor.sys FC009873CBC12CC6D7045D803D8E8CD3
C:\Windows\System32\DRIVERS\RTL8187.sys 1C546EA56A06B773A52EE48E0205072D
C:\Windows\System32\Drivers\RtsUer.sys 5A5B35947C6D58232011E4FE0BDD1846
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys 2449316316411D65BD2C761A6FFB2CE2
C:\Windows\System32\DRIVERS\serial.sys 4B438170BE2FC8E0BD35EE87A960F84F
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\ssmirrdr.sys 1100066057FBF612B573EFD3B21383F1
C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB
C:\Windows\System32\DRIVERS\serscan.sys 14B4DB4381E4A55F570D8BB699B791D6
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\DRIVERS\taphss6.sys A3F7EAB3947ADA804D60168119306D43
C:\Windows\System32\drivers\tcpip.sys 89399663A2F0393AFFC79E8397ECA844
C:\Windows\System32\DRIVERS\tcpip.sys 89399663A2F0393AFFC79E8397ECA844
C:\Windows\System32\drivers\tcpipreg.sys A7FF25D9B9DA36797BD1EA48DB292DCE
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\drivers\usbaudio.sys A565B509000BD3E42A9B93B9FFD40D3D
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\System32\DRIVERS\usbohci.sys 396041C6EA61202991221AA6A3B16190
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\usbscan.sys C024814884CE9E6C2E6ED76A63AC3B9A
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys B2872CBF9F47316ABD0E0C74A1ABA507
C:\Windows\System32\Drivers\usbvideo.sys BF7A051DCCBA57C95541135B29CE0FB4
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\System32\DRIVERS\vhidmini.sys 52290E2E0BFAE61D622AA8B9B3A4CB4E
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 38F55D07B1D3391065C40EC065F984E2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixl

blakston6286 · 2015/08/12

Here ios part 2 of the new FRST file...

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-12 16:45 - 2015-08-12 16:46 - 00035883 _____ C:\Users\DreamChamber\Desktop\FRST.txt
2015-08-12 16:14 - 2015-08-12 16:14 - 195404960 _____ (Microsoft Corporation) C:\Users\DreamChamber\Desktop\msert.exe
2015-08-12 14:44 - 2015-08-12 14:44 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\Avg2015
2015-08-12 09:07 - 2015-08-12 09:07 - 00020881 _____ C:\ComboFix.txt
2015-08-12 08:28 - 2015-08-12 08:28 - 11972672 _____ (OPSWAT, Inc.) C:\Users\DreamChamber\Desktop\AppRemover.exe
2015-08-12 07:46 - 2015-08-12 09:07 - 00000000 ____D C:\Qoobox
2015-08-12 07:46 - 2015-08-12 09:05 - 00000000 ____D C:\Windows\erdnt
2015-08-12 07:46 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-12 07:46 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-12 07:46 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-12 07:46 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-12 07:46 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-12 07:46 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-12 07:46 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-12 07:46 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-12 07:45 - 2015-08-12 07:45 - 05634368 ____R (Swearware) C:\Users\DreamChamber\Desktop\ComboFix.exe
2015-08-09 12:54 - 2015-08-12 16:45 - 00000000 ____D C:\FRST
2015-08-09 12:54 - 2015-08-12 16:30 - 02173952 _____ (Farbar) C:\Users\DreamChamber\Desktop\FRST64.exe
2015-08-09 11:58 - 2015-08-12 16:03 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 11:58 - 2015-08-09 11:58 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-09 11:57 - 2015-08-12 16:43 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 11:57 - 2015-08-09 11:57 - 00931408 _____ (Google Inc.) C:\Users\DreamChamber\Desktop\GoogleEarthProSetup.exe
2015-08-09 11:57 - 2015-08-09 11:57 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-06 15:47 - 2015-08-06 15:47 - 00450718 ____R C:\Windows\system32\Drivers\etc\hosts.20150806-154725.backup
2015-08-06 15:47 - 2015-07-30 12:09 - 00000768 _____ C:\Windows\system32\Drivers\etc\hosts.20150806-154708.backup
2015-08-06 15:19 - 2015-08-06 15:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-03 22:47 - 2015-07-22 21:06 - 42730128 _____ C:\Windows\system32\nvcompiler.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 30487880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 22950544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 17615408 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 16151688 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 15129192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 14503880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 13268712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 11836680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 11055248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-03 22:47 - 2015-07-22 21:06 - 02933576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 02600592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-08-03 22:47 - 2015-07-22 21:06 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-08-03 22:46 - 2015-07-22 21:06 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-08-03 22:46 - 2015-07-22 21:06 - 03407144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-08-03 22:46 - 2015-07-22 21:06 - 03008880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-08-01 01:53 - 2015-08-01 01:53 - 00000296 _____ C:\Windows\system32\spsys.log
2015-07-30 17:33 - 2015-07-30 17:33 - 00000000 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2015-07-30 17:32 - 2015-07-30 17:32 - 00001967 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-07-30 11:51 - 2015-08-10 17:24 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-30 11:40 - 2015-07-30 11:40 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-30 11:17 - 2015-07-30 12:20 - 00000000 ____D C:\Users\DreamChamber\Desktop\Malware Cleaners
2015-07-30 11:12 - 2015-08-10 19:00 - 00000000 ____D C:\AdwCleaner
2015-07-30 11:07 - 2015-08-10 18:50 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 11:07 - 2015-07-30 11:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 11:07 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 11:07 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 11:07 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-27 12:39 - 2015-07-14 09:02 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-27 12:39 - 2015-07-14 08:45 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-27 12:39 - 2015-07-14 07:34 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-27 12:39 - 2015-07-14 07:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-27 12:38 - 2015-06-27 09:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-27 12:38 - 2015-06-27 09:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-27 12:38 - 2015-06-27 09:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-27 12:38 - 2015-06-27 09:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-27 12:38 - 2015-06-27 09:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-27 12:38 - 2015-06-27 08:40 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-27 12:38 - 2015-06-27 08:40 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-27 12:38 - 2015-06-27 08:40 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-27 12:38 - 2015-06-27 08:39 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-27 12:38 - 2015-06-27 07:30 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-27 12:38 - 2015-06-27 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-27 12:38 - 2015-06-12 06:13 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-27 12:38 - 2015-01-08 17:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-27 12:36 - 2015-07-03 09:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-27 12:36 - 2015-07-03 08:41 - 01916416 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-27 12:36 - 2015-06-24 20:09 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-27 12:35 - 2015-05-31 01:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-27 12:35 - 2015-05-31 00:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-27 12:34 - 2015-06-17 09:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-27 12:34 - 2015-06-17 09:23 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-27 12:34 - 2015-06-17 08:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-27 12:34 - 2015-06-17 08:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-27 12:34 - 2015-06-12 09:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-27 12:34 - 2015-06-12 08:46 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-27 12:24 - 2015-06-16 18:52 - 02343936 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-27 12:24 - 2015-06-16 18:50 - 10936320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-27 12:24 - 2015-06-16 18:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-27 12:24 - 2015-06-16 18:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-27 12:24 - 2015-06-16 18:47 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-27 12:24 - 2015-06-16 18:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-27 12:24 - 2015-06-16 18:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-27 12:24 - 2015-06-16 18:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-27 12:24 - 2015-06-16 18:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-27 12:24 - 2015-06-16 18:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-27 12:24 - 2015-06-16 18:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-27 12:24 - 2015-06-16 18:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-27 12:24 - 2015-06-16 18:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-27 12:24 - 2015-06-16 18:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-27 12:24 - 2015-06-16 18:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-27 12:24 - 2015-06-16 18:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-27 12:24 - 2015-06-16 18:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-27 12:23 - 2015-07-02 23:18 - 17887744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-27 12:23 - 2015-07-02 23:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-27 12:23 - 2015-07-02 22:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-27 12:23 - 2015-07-02 22:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-27 12:23 - 2015-06-16 18:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-27 12:23 - 2015-06-16 18:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-27 12:23 - 2015-06-16 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-27 12:23 - 2015-06-16 18:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-22 16:02 - 2015-07-22 16:03 - 61982592 _____ (Enigma Software Group USA, LLC.) C:\Users\DreamChamber\Downloads\SpyHunter-Installer(2).exe
2015-07-21 23:45 - 2015-07-21 23:45 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\CEF
2015-07-19 17:39 - 2015-07-19 17:39 - 00000000 _____ C:\autoexec.bat
2015-07-19 17:36 - 2015-07-19 17:36 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\DreamChamber\Downloads\SpyHunter-Installer.exe
2015-07-19 17:35 - 2015-07-19 17:35 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\DreamChamber\Downloads\SpyHunter-Installer(1).exe
2015-07-19 17:18 - 2015-07-27 13:16 - 00021687 _____ C:\Windows\iis7.log
2015-07-19 17:17 - 2015-07-19 17:17 - 00000000 ____D C:\inetpub
2015-07-19 15:24 - 2015-07-19 15:24 - 00000453 _____ C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp.bat
2015-07-19 15:24 - 2015-07-19 15:24 - 00000378 _____ C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp_r.bat
2015-07-19 15:00 - 2015-07-19 15:20 - 00000000 ____D C:\Users\DreamChamber\AppData\Roaming\TeamViewer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-12 16:43 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-12 16:43 - 2006-11-02 08:22 - 00004112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-12 16:43 - 2006-11-02 08:22 - 00004112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 16:42 - 2008-01-20 18:53 - 01274241 _____ C:\Windows\WindowsUpdate.log
2015-08-12 16:42 - 2006-11-02 08:42 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-12 16:15 - 2012-04-08 15:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-12 15:37 - 2013-09-15 08:50 - 00000000 ___RD C:\Users\DreamChamber\Desktop\SOFTWARE FOR CLEANING COMPUTER
2015-08-12 15:18 - 2015-03-19 13:52 - 00076672 _____ C:\Windows\PFRO.log
2015-08-12 14:49 - 2010-12-02 20:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-12 09:04 - 2006-11-02 05:34 - 00000215 _____ C:\Windows\system.ini
2015-08-12 08:48 - 2014-09-30 19:51 - 00001212 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-08-12 08:44 - 2010-12-02 13:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-08-12 08:36 - 2012-08-19 00:06 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-12 07:44 - 2014-10-28 11:29 - 00000099 _____ C:\Users\Public\LMDebug.log
2015-08-12 07:19 - 2011-04-05 19:26 - 00003742 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F8DF2E1-8A53-420C-A65D-ADD16D73CDDC}
2015-08-12 07:15 - 2012-04-08 15:06 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 07:15 - 2012-04-08 15:06 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 07:15 - 2011-05-18 13:57 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-09 11:58 - 2010-12-17 19:07 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-09 11:34 - 2013-07-30 13:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-03 22:51 - 2010-12-01 21:20 - 00000000 ____D C:\Users\DreamChamber
2015-07-27 13:37 - 2010-12-01 23:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-27 13:22 - 2006-11-02 05:46 - 00800432 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 13:16 - 2006-11-02 08:21 - 00265032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-27 13:12 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-07-27 13:12 - 2006-11-02 06:34 - 00000000 ____D C:\Windows\system32\inetsrv
2015-07-27 12:33 - 2013-08-09 05:01 - 00000000 ____D C:\Windows\system32\MRT
2015-07-27 11:52 - 2013-05-04 19:29 - 00001584 _____ C:\Users\DreamChamber\Documents\TombRaider.log
2015-07-22 21:06 - 2015-06-27 10:38 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-22 21:06 - 2014-12-23 18:33 - 15892200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-22 21:06 - 2014-11-07 12:47 - 12876336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 06873744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-22 18:31 - 2012-01-04 12:46 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-22 18:31 - 2012-01-04 12:46 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-22 18:31 - 2008-12-25 09:08 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-20 13:16 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2015-07-20 07:16 - 2014-05-26 18:08 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-07-19 16:09 - 2013-09-13 13:12 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\LogMeIn Rescue Applet
2015-07-19 16:09 - 2010-12-17 19:07 - 00000000 ____D C:\Program Files\Google
2015-07-19 15:36 - 2015-05-30 19:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 15:33 - 2010-12-17 19:07 - 00000000 ____D C:\Users\DreamChamber\AppData\Local\Google

==================== Files in the root of some directories =======

2010-12-08 22:43 - 2010-04-02 20:53 - 2145345536 _____ () C:\Program Files\bigfile.000
2010-12-08 22:46 - 2010-04-02 21:00 - 2146330624 _____ () C:\Program Files\bigfile.002
2010-12-08 22:47 - 2010-04-02 21:01 - 857427968 _____ () C:\Program Files\bigfile.003
2010-12-08 22:48 - 2010-04-02 21:01 - 0356104 _____ () C:\Program Files\binkw32.dll
2010-12-08 22:48 - 2010-04-02 21:01 - 0330504 _____ (Firelight Technologies) C:\Program Files\fmodex.dll
2010-12-08 22:48 - 2010-04-02 21:01 - 0561736 _____ () C:\Program Files\LÃ©eme.rtf
2010-12-08 22:48 - 2010-04-02 21:01 - 0544376 _____ () C:\Program Files\readme.rtf
2010-12-08 22:48 - 2010-04-02 21:03 - 0000831 _____ () C:\Program Files\tru.lnk
2010-12-08 22:48 - 2010-04-02 21:03 - 0000618 _____ () C:\Program Files\tru.mcl
2010-12-08 22:48 - 2010-04-02 21:02 - 0129707 _____ () C:\Program Files\TruMCE.png
2010-12-08 22:48 - 2010-04-02 21:01 - 0337160 _____ (Eidos Inc.) C:\Program Files\uninst.exe
2013-09-14 12:22 - 2014-06-02 13:36 - 0003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2003-05-28 18:10 - 2003-05-28 18:10 - 0656107 _____ () C:\Program Files (x86)\msxml4.cab
2003-04-21 22:49 - 2003-04-21 22:49 - 0669184 _____ () C:\Program Files (x86)\msxml4sxs32.msm
2003-04-21 22:49 - 2003-04-21 22:49 - 0679424 _____ () C:\Program Files (x86)\msxml4sys32.msm
2015-07-30 11:05 - 2015-07-30 11:46 - 0000115 _____ () C:\Users\DreamChamber\AppData\Roaming\LogFile.txt
2012-03-17 07:43 - 2012-03-17 07:43 - 0026311 _____ () C:\Users\DreamChamber\AppData\Roaming\UserTile.png
2014-02-28 20:03 - 2014-07-19 14:05 - 0000161 _____ () C:\Users\DreamChamber\AppData\Roaming\WB.CFG
2012-03-31 08:50 - 2012-07-10 22:12 - 0000680 _____ () C:\Users\DreamChamber\AppData\Local\d3d9caps.dat
2010-12-01 21:20 - 2013-04-17 12:08 - 0001460 _____ () C:\Users\DreamChamber\AppData\Local\d3d9caps64.dat
2012-06-11 17:52 - 2015-06-07 11:16 - 0044032 _____ () C:\Users\DreamChamber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-19 01:06 - 2015-04-16 12:20 - 0744082 _____ () C:\Users\DreamChamber\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-08-19 01:06 - 2012-08-19 01:06 - 0000002 _____ () C:\Users\DreamChamber\AppData\Local\dd_dotnetfx35error.txt
2012-08-19 01:06 - 2015-04-16 12:21 - 0749340 _____ () C:\Users\DreamChamber\AppData\Local\dd_dotnetfx35install.txt
2013-08-31 00:08 - 2013-08-31 00:09 - 2973106 _____ () C:\Users\DreamChamber\AppData\Local\dd_NET_Framework35_x64_MSI391E.txt
2012-08-19 01:07 - 2012-08-19 01:08 - 2468120 _____ () C:\Users\DreamChamber\AppData\Local\dd_NET_Framework35_x64_MSI5664.txt
2014-03-22 13:08 - 2014-03-22 13:08 - 0375516 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI02E6.txt
2012-12-18 00:00 - 2012-12-18 00:00 - 0365736 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI10DC.txt
2012-10-15 22:35 - 2012-10-15 22:35 - 0363378 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI157D.txt
2013-03-16 09:31 - 2013-03-16 09:31 - 0372370 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI21D5.txt
2013-07-17 12:14 - 2013-07-17 12:14 - 0372704 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI2896.txt
2011-08-06 15:08 - 2011-08-06 15:08 - 0424688 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI2D11.txt
2014-03-27 22:27 - 2014-03-27 22:27 - 0373736 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI351D.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0386884 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI3850.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0376780 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI385D.txt
2013-07-16 11:30 - 2013-07-16 11:30 - 0372704 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI391F.txt
2014-08-02 16:39 - 2014-08-02 16:39 - 0373428 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI3C32.txt
2014-01-29 02:38 - 2014-01-29 02:38 - 0373106 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI419F.txt
2014-12-20 23:57 - 2014-12-20 23:57 - 0366102 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI45D7.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0439678 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI4E1E.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0422738 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI4E86.txt
2014-09-02 17:33 - 2014-09-02 17:34 - 0364672 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI5BFA.txt
2012-10-26 19:28 - 2012-10-26 19:28 - 0363484 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI61D4.txt
2013-08-12 13:56 - 2013-08-12 13:56 - 0385682 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI6678.txt
2013-01-27 23:06 - 2013-01-27 23:06 - 0367664 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI6AAD.txt
2014-02-24 15:18 - 2014-02-24 15:18 - 0370704 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI773F.txt
2013-04-03 17:07 - 2013-04-03 17:07 - 0370774 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistMSI7CBD.txt
2014-03-22 13:08 - 2014-03-22 13:08 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI02E6.txt
2012-12-18 00:00 - 2012-12-18 00:00 - 0011394 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI10DC.txt
2012-10-15 22:35 - 2012-10-15 22:35 - 0011378 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI157D.txt
2013-03-16 09:31 - 2013-03-16 09:31 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI21D5.txt
2013-07-17 12:14 - 2013-07-17 12:14 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI2896.txt
2011-08-06 15:08 - 2011-08-06 15:08 - 0011674 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI2D11.txt
2014-03-27 22:27 - 2014-03-27 22:27 - 0012598 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI351D.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0011434 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI3850.txt
2013-08-31 00:07 - 2013-08-31 00:07 - 0011466 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI385D.txt
2013-07-16 11:30 - 2013-07-16 11:30 - 0011250 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI391F.txt
2014-08-02 16:39 - 2014-08-02 16:39 - 0011154 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI3C32.txt
2014-01-29 02:38 - 2014-01-29 02:42 - 0013188 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI419F.txt
2014-12-20 23:57 - 2014-12-20 23:57 - 0011466 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI45D7.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0011488 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI4E1E.txt
2013-07-24 15:05 - 2013-07-24 15:05 - 0011424 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI4E86.txt
2014-09-02 17:33 - 2014-09-02 17:34 - 0011402 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI5BFA.txt
2012-10-26 19:28 - 2012-10-26 19:28 - 0011370 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI61D4.txt
2013-08-12 13:56 - 2013-08-12 13:56 - 0011370 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI6678.txt
2013-01-27 23:06 - 2013-01-27 23:06 - 0011154 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI6AAD.txt
2014-02-24 15:18 - 2014-02-24 15:19 - 0012814 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI773F.txt
2013-04-03 17:07 - 2013-04-03 17:07 - 0011170 _____ () C:\Users\DreamChamber\AppData\Local\dd_vcredistUI7CBD.txt
2015-07-19 15:24 - 2015-07-19 15:24 - 0000453 _____ () C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp.bat
2015-07-19 15:24 - 2015-07-19 15:24 - 0000378 _____ () C:\Users\DreamChamber\AppData\Local\LMIR0002.tmp_r.bat
2012-08-19 01:06 - 2015-04-16 12:21 - 0007638 _____ () C:\Users\DreamChamber\AppData\Local\uxeventlog.txt
2014-07-04 13:05 - 2014-07-04 13:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {5a29e4eb-fdc9-11df-aaa9-8336292123d7}
nx OptIn

Resume from Hibernate
---------------------
identifier {5a29e4eb-fdc9-11df-aaa9-8336292123d7}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=C:
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

LastRegBack: 2015-08-12 15:54

==================== End of log ============================

Log in or Sign up

Solved Following instructions to post my FARBAR results here

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Following instructions to post my FARBAR results here

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

broni Moderator Malware Analyst

blakston6286 Well-Known Member Thread Starter

blakston6286 Well-Known Member Thread Starter

Share This Page

Useful Searches