Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Possibly Infected?

New 
3K views 11 replies 3 participants last post by  Cookiegal 
#1 ·
Upon boot of my PC a black window named taskeng.exe pops up and closes quickly. This just started happening yesterday. I want to make sure my PC is clean.

System Info :

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8159 Mb
Graphics Card: NVIDIA GeForce GTX 680, -2048 Mb
Hard Drives: C: Total - 114370 MB, Free - 1825 MB; D: Total - 476937 MB, Free - 235881 MB; F: Total - 141360 MB, Free - 117394 MB;
Motherboard: ASUSTeK Computer INC., P8Z68-V GEN3
Antivirus: None
 
#2 ·
Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.
Hello Matt2k16 and welcome to the Tech Support Guy Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

 
#3 ·
Please run the following scan:

FRST Scan
  • Please download FRST by Farbar, and save it to your Desktop.
    If you are not sure if your system is 32 or 64 bit download and run both. Only the correct one will run.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST.exe/FRST64.exe and select Run as administrator.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button and wait while the scan finished
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • Are there any changes in computer behavior?
 
#4 ·
I believe I have fixed the problem myself, however I just want to make sure. I have poseted the 2 logs requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-05-2016
Ran by Matt (administrator) on MATT-PC (21-05-2016 12:06:22)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 09 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{AB09AE1A-BB98-4AA3-B85F-9FC36AA5D50E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3603227820-2617303867-322315972-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3603227820-2617303867-322315972-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2015-09-22] (AgileBits)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-14] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2015-09-22] (AgileBits)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-11-07] (Wondershare)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\g0ziycpf.default
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "socks", "172.98.175.147"
FF NetworkProxy: "socks_port", 61614
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-19] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-10] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Extension: ReloadEvery - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\g0ziycpf.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2016-04-22]
FF Extension: Auto Refresh - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\g0ziycpf.default\Extensions\autorefresh@plugin.xpi [2016-05-03]
FF Extension: MEGA - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\g0ziycpf.default\Extensions\firefox@mega.co.nz.xpi [2016-05-03]
FF Extension: 1Password - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\g0ziycpf.default\Extensions\onepassword4@agilebits.com.xpi [2016-05-03]
FF Extension: Adblock Edge - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\g0ziycpf.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-05-03]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-01-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-03-13] [not signed]
FF HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-03-04]
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-05-03]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Session Manager) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-07-26]
CHR Extension: (Adguard AdBlocker) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-05-19]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-27]
CHR Extension: (OneTab) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-05-19]
CHR Extension: (Steam inventory helper) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-04-17]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LoungeDestroyer) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-05-01]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (SearchPreview) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2015-12-20]
CHR Extension: (IE Tab) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-05-03]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-12-04]
CHR Extension: (Flashcontrol) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Enhanced Steam) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-05-16]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2016-03-19]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-12] (Dropbox, Inc.)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-04-04] (Portrait Displays, Inc.)
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [235744 2015-04-26] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-04-13] (ESET)
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-10] (Intel Corporation)
S4 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-27] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-01-08] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [316120 2014-08-18] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2011-10-07] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-05-12] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-05-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-05-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-05-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-05-12] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-05-12] (ESET)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-06-28] (hxxp://libusb-win32.sourceforge.net)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\Matt\AppData\Local\Temp\GPU-Z.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-21 11:55 - 2016-05-21 11:55 - 00000000 ___RD C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-05-21 06:25 - 2016-05-21 06:25 - 31931264 _____ (Bitcoin Solutions Ltd) C:\Users\Matt\multibit-hd-windows-x64-0.3.0.exe
2016-05-21 06:25 - 2016-05-21 06:25 - 00001965 _____ C:\Users\Public\Desktop\MultiBit HD.lnk
2016-05-20 14:33 - 2016-05-20 14:33 - 00059704 _____ C:\Users\Matt\Desktop\Addition.txt
2016-05-20 14:32 - 2016-05-21 12:06 - 00028257 _____ C:\Users\Matt\Desktop\FRST.txt
2016-05-20 14:32 - 2016-05-20 14:32 - 02382336 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2016-05-20 06:43 - 2016-05-20 06:43 - 00000000 ____D C:\Users\Matt\Desktop\Data
2016-05-20 06:43 - 2016-05-11 15:16 - 23569689 _____ (VS Revo Group) C:\Users\Matt\Desktop\Revo Uninstaller Pro.exe
2016-05-19 13:36 - 2016-05-09 19:26 - 00112184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-19 13:35 - 2016-05-10 00:07 - 42923576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 31584704 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 25346616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 21372456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 20914600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 19006432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 17768992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 17362992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 17248920 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 16449616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 14129544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 12550712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-19 13:35 - 2016-05-10 00:07 - 10566520 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 08673880 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 03714144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 03286664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 03234240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 02809280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00959544 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00887744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00751552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00678704 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00473592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00391632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-19 13:35 - 2016-05-10 00:07 - 00000592 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-19 13:35 - 2016-05-10 00:07 - 00000592 _____ C:\Windows\system32\nv-vk64.json
2016-05-19 12:49 - 2016-05-19 12:49 - 00104282 _____ C:\Users\Matt\Documents\listg.txt
2016-05-19 12:45 - 2013-03-09 15:21 - 00000000 ____D C:\Users\Matt\Desktop\Nightm@r3's - Cracking
2016-05-19 11:55 - 2016-05-19 11:55 - 00002027 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2016-05-19 11:55 - 2016-05-19 11:55 - 00000000 ____D C:\Users\Matt\AppData\Local\ESET
2016-05-19 11:55 - 2016-05-19 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-05-19 11:55 - 2016-05-19 11:55 - 00000000 ____D C:\ProgramData\ESET
2016-05-19 11:54 - 2016-05-19 11:54 - 00000000 ____D C:\Program Files\ESET
2016-05-19 11:42 - 2016-05-19 11:42 - 00000000 ____D C:\Users\Matt\Downloads\backups
2016-05-19 11:29 - 2016-05-19 11:29 - 37631280 _____ (Simply Super Software ) C:\Users\Matt\Downloads\trjsetup.exe
2016-05-19 11:25 - 2016-05-19 11:25 - 00249540 _____ C:\TDSSKiller.3.1.0.9_19.05.2016_11.25.26_log.txt
2016-05-19 11:12 - 2016-05-21 12:06 - 00000000 ____D C:\FRST
2016-05-19 10:57 - 2015-08-14 06:49 - 00023040 _____ C:\Users\Matt\Desktop\RepairTasks.exe
2016-05-19 10:57 - 2015-08-13 08:31 - 00000172 _____ C:\Users\Matt\Desktop\RepairTasks.exe.config
2016-05-19 10:44 - 2016-05-19 10:44 - 00000400 _____ C:\Users\Matt\Desktop\Local Area Connection - Shortcut.lnk
2016-05-19 10:43 - 2016-05-19 11:35 - 00001945 _____ C:\Windows\epplauncher.mif
2016-05-19 09:15 - 2016-04-14 01:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-19 09:15 - 2016-04-14 01:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-19 09:15 - 2016-04-14 01:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-19 09:07 - 2016-05-21 11:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-19 09:04 - 2016-05-19 09:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-19 09:04 - 2016-05-19 09:04 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-19 09:04 - 2016-05-19 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-19 09:04 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-19 09:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-19 09:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-19 09:03 - 2016-03-20 16:57 - 00000000 ____D C:\Users\Matt\Desktop\MBMPremium 2.2.1.1043
2016-05-19 08:43 - 2016-05-19 08:43 - 00000000 ____D C:\Users\Matt\AppData\Local\SystemInfo
2016-05-19 08:42 - 2016-05-19 08:42 - 00024920 _____ C:\Users\Matt\Desktop\dds.txt
2016-05-19 08:42 - 2016-05-19 08:42 - 00021401 _____ C:\Users\Matt\Desktop\attach.txt
2016-05-19 08:38 - 2016-05-19 08:38 - 00003174 _____ C:\Users\Matt\Desktop\JRT.txt
2016-05-19 08:31 - 2016-05-19 08:33 - 00000000 ____D C:\AdwCleaner
2016-05-19 08:29 - 2016-05-19 08:29 - 00704672 _____ (Sysinternals - www.sysinternals.com) C:\Users\Matt\Desktop\autoruns.exe
2016-05-19 08:28 - 2016-05-19 08:29 - 00704672 _____ (Sysinternals - www.sysinternals.com) C:\Users\Matt\Downloads\autoruns.exe
2016-05-19 08:16 - 2016-05-19 08:16 - 00035557 _____ C:\ComboFix.txt
2016-05-19 08:11 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-19 08:11 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-19 08:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-19 08:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-19 08:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-19 08:11 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-19 08:11 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-19 08:11 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-19 08:10 - 2016-05-19 08:10 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-05-19 08:07 - 2016-02-05 08:11 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\Matt\Desktop\procexp.exe
2016-05-19 08:01 - 2016-05-19 11:15 - 00002882 _____ C:\Users\Matt\Desktop\Rkill.txt
2016-05-19 07:55 - 2016-05-19 08:16 - 00000000 ____D C:\Windows\erdnt
2016-05-19 07:55 - 2016-05-19 08:16 - 00000000 ____D C:\Qoobox
2016-05-19 07:52 - 2016-05-19 07:52 - 00240574 _____ C:\TDSSKiller.3.1.0.9_19.05.2016_07.52.08_log.txt
2016-05-19 07:52 - 2016-05-19 07:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-18 08:50 - 2016-05-18 08:50 - 00016698 _____ C:\Users\Matt\Downloads\Special Dorks.txt
2016-05-18 08:18 - 2014-03-20 18:49 - 00069632 __RSH (Microsoft Corporation) C:\Windows\SysWOW64\Fusion.exe
2016-05-18 08:18 - 2009-06-10 17:23 - 00000559 _____ C:\Windows\SysWOW64\Fusion.exe.config
2016-05-18 08:13 - 2016-05-18 08:13 - 00000000 _RSHD C:\Users\Matt\AppData\Roaming\Host
2016-05-18 08:13 - 2016-05-18 08:13 - 00000000 _RSHD C:\Program Files (x86)\Host
2016-05-18 08:07 - 2016-05-18 09:49 - 00000000 ____D C:\Users\Matt\Desktop\Sentry
2016-05-15 06:30 - 2016-05-15 06:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-12 10:48 - 2016-05-12 10:48 - 00264552 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00198096 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00186784 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00142976 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00084800 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-05-12 10:48 - 2016-05-12 10:48 - 00053384 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2016-05-11 18:09 - 2016-05-19 08:02 - 00000000 ____D C:\Users\Matt\Desktop\HitmanPro 3.7.12 Build 253 Multilingual x64
2016-05-08 06:30 - 2016-05-08 06:30 - 00000084 _____ C:\Windows\SysWOW64\prime.txt
2016-05-03 22:23 - 2016-05-03 22:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-03 22:22 - 2016-05-03 22:22 - 00130848 _____ C:\Windows\system32\vulkan-1-1-0-11-1.dll
2016-05-03 22:22 - 2016-05-03 22:22 - 00045344 _____ C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-03 22:22 - 2016-05-03 22:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-05-03 07:58 - 2016-04-27 10:35 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436510.dll
2016-05-03 07:58 - 2016-04-27 10:35 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436510.dll
2016-05-01 12:22 - 2016-05-01 12:49 - 00000143 _____ C:\Users\Matt\Desktop\walmart list.txt
2016-05-01 08:28 - 2016-05-01 08:28 - 04140144 _____ C:\Windows\PE_File.dll
2016-05-01 08:27 - 2016-05-01 08:27 - 08388608 _____ C:\Users\Matt\Documents\biosbackup.rom
2016-05-01 08:24 - 2016-05-01 08:27 - 00000000 _____ C:\Windows\Path.idx
2016-05-01 08:23 - 2016-05-08 06:51 - 04074608 _____ C:\Windows\PE_Rom.dll
2016-05-01 08:22 - 2016-05-01 08:30 - 00000000 ____D C:\ProgramData\ASUS OC Profiles
2016-05-01 08:20 - 2016-05-01 08:20 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf
2016-05-01 08:19 - 2010-11-08 14:57 - 00014464 _____ (ASUSTek Computer Inc.) C:\Windows\system32\Drivers\AiChargerPlus.sys
2016-05-01 08:19 - 2010-08-03 13:21 - 00014464 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys
2016-05-01 08:15 - 2016-05-01 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-05-01 08:15 - 2016-05-01 08:15 - 00000000 ____D C:\Program Files\ASUS
2016-05-01 08:15 - 2011-09-20 12:25 - 00046152 _____ (MCCI Corporation) C:\Windows\SysWOW64\Drivers\ASUSFILTER.sys
2016-05-01 08:15 - 2011-09-15 12:33 - 00141896 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ASUSumsc.sys
2016-05-01 08:15 - 2011-09-15 12:33 - 00024648 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ASUSstpt.sys
2016-05-01 08:15 - 2011-09-15 12:33 - 00016456 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ASUSwh.sys
2016-05-01 08:15 - 2011-09-15 12:33 - 00014920 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ASUScr.sys
2016-05-01 08:15 - 2008-12-02 20:05 - 00184320 _____ (ASUSTeK) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll
2016-05-01 08:14 - 2016-05-08 06:32 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2016-05-01 08:14 - 2016-05-01 08:14 - 00000000 ____D C:\ProgramData\ASUS
2016-05-01 08:13 - 2010-08-18 01:28 - 00026136 _____ (Intel Corporation) C:\Windows\system32\Drivers\ICCWDT.sys
2016-05-01 07:25 - 2016-05-01 08:20 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-05-01 07:25 - 2011-10-07 11:34 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2016-05-01 07:25 - 2011-10-07 11:34 - 00013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2016-05-01 07:25 - 2010-11-25 16:12 - 00011832 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2016-05-01 07:25 - 2010-11-25 16:12 - 00010216 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2016-04-28 06:46 - 2016-04-28 06:50 - 02311880 _____ C:\Users\Matt\Desktop\BenQGameProfileUpdater with Grubby and Dota2-12172013.rar
2016-04-28 06:42 - 2016-04-28 06:42 - 00001939 _____ C:\Users\Public\Desktop\Display Pilot.lnk
2016-04-28 06:42 - 2016-04-28 06:42 - 00000000 ____D C:\Users\Matt\AppData\Roaming\DisplayTune
2016-04-28 06:42 - 2016-04-28 06:42 - 00000000 ____D C:\Users\Matt\AppData\Local\DisplayTune
2016-04-28 06:42 - 2016-04-28 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BenQ
2016-04-28 06:42 - 2016-04-28 06:42 - 00000000 ____D C:\Program Files (x86)\Portrait Displays
2016-04-28 06:42 - 2007-04-04 10:30 - 00007432 _____ C:\Windows\SysWOW64\Machnm32.sys
2016-04-28 06:41 - 2016-04-28 06:41 - 00000000 ____D C:\Program Files (x86)\BenQ
2016-04-28 06:41 - 2011-02-20 00:03 - 00421200 _____ (Microsoft Corporation) C:\Windows\msvcp100.dll
2016-04-28 06:41 - 2011-02-19 01:40 - 00773968 _____ (Microsoft Corporation) C:\Windows\msvcr100.dll
2016-04-28 06:41 - 2009-07-12 01:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\mfcm80.dll
2016-04-28 06:41 - 2009-07-12 01:55 - 00632656 _____ (Microsoft Corporation) C:\Windows\msvcr80.dll
2016-04-28 06:41 - 2009-07-12 01:55 - 00554832 _____ (Microsoft Corporation) C:\Windows\msvcp80.dll
2016-04-28 06:41 - 2009-07-12 01:55 - 00479232 _____ (Microsoft Corporation) C:\Windows\msvcm80.dll
2016-04-28 06:41 - 2009-07-12 01:55 - 00057856 _____ (Microsoft Corporation) C:\Windows\mfcm80u.dll
2016-04-28 06:41 - 2009-07-11 20:46 - 01105920 _____ (Microsoft Corporation) C:\Windows\mfc80.dll
2016-04-28 06:41 - 2009-07-11 20:46 - 01093120 _____ (Microsoft Corporation) C:\Windows\mfc80u.dll
2016-04-28 06:41 - 2009-07-11 20:46 - 00002372 _____ C:\Windows\Microsoft.VC80.MFC.manifest
2016-04-28 06:41 - 2009-07-11 19:10 - 00097280 _____ (Microsoft Corporation) C:\Windows\atl80.dll
2016-04-28 06:41 - 2009-07-11 19:10 - 00001870 _____ C:\Windows\Microsoft.VC80.CRT.manifest
2016-04-28 06:41 - 2009-07-11 19:10 - 00000466 _____ C:\Windows\Microsoft.VC80.ATL.manifest
2016-04-28 06:41 - 2004-08-04 01:56 - 01392671 _____ (Microsoft Corporation) C:\Windows\msvbvm60.dll
2016-04-28 06:41 - 2002-01-05 05:48 - 00974848 _____ (Microsoft Corporation) C:\Windows\mfc70.dll
2016-04-28 06:41 - 2002-01-05 04:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\msvcp70.dll
2016-04-28 06:41 - 2002-01-05 04:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\msvcr70.dll
2016-04-28 06:41 - 2001-06-01 09:26 - 00372736 _____ (Intel Corporation) C:\Windows\ijl15.dll
2016-04-26 18:58 - 2016-04-26 18:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2016-04-26 18:58 - 2015-12-14 17:24 - 00130880 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2016-04-26 18:58 - 2015-09-22 17:36 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2016-04-24 07:06 - 2016-04-24 07:06 - 00235366 _____ C:\Users\Matt\Documents\cc_20160424_070617.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-21 12:01 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-21 12:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-21 12:00 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 12:00 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 11:55 - 2016-02-12 20:25 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-05-21 11:55 - 2015-08-27 22:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e13b456791af.job
2016-05-21 11:55 - 2015-02-22 10:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-21 11:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 07:30 - 2016-02-12 20:25 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-21 07:15 - 2015-08-27 22:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e13b457bdd4b.job
2016-05-21 07:14 - 2015-02-22 10:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 07:12 - 2015-03-18 07:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-21 06:25 - 2016-02-12 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD
2016-05-21 06:25 - 2016-02-12 20:21 - 00000000 ____D C:\Program Files\MultiBit HD
2016-05-21 06:25 - 2015-01-10 21:32 - 00000000 ____D C:\Users\Matt
2016-05-20 18:04 - 2015-01-10 22:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-20 07:12 - 2016-03-04 08:04 - 00000000 ____D C:\Program Files (x86)\GeoComply
2016-05-20 06:49 - 2015-03-04 20:11 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2016-05-20 06:45 - 2015-03-13 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-05-20 06:45 - 2015-03-13 19:01 - 00000000 ____D C:\Program Files (x86)\HP
2016-05-20 06:45 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\ShellNew
2016-05-20 06:44 - 2016-02-24 19:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\gnupg
2016-05-20 06:30 - 2015-01-10 22:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-19 13:38 - 2015-01-10 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-19 13:37 - 2009-07-14 01:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-19 13:36 - 2016-03-13 08:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-19 13:36 - 2015-01-10 22:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-19 13:36 - 2015-01-10 22:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-19 13:35 - 2015-01-10 22:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-19 13:20 - 2015-01-11 09:49 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2016-05-19 11:12 - 2015-03-18 07:43 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-19 11:12 - 2015-03-18 07:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-19 11:12 - 2015-03-18 07:43 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-19 10:58 - 2015-03-20 10:48 - 00002880 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-19 10:58 - 2015-02-22 10:55 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-19 10:58 - 2015-02-22 10:55 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-19 10:58 - 2015-01-10 22:21 - 00003782 _____ C:\Windows\System32\Tasks\klcp_update
2016-05-19 09:18 - 2015-02-22 10:55 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-19 09:18 - 2015-02-22 10:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-19 09:15 - 2015-01-28 08:50 - 00000000 ____D C:\Users\Matt\AppData\Local\NVIDIA
2016-05-19 08:15 - 2009-07-13 22:34 - 83099648 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-05-19 08:15 - 2009-07-13 22:34 - 24641536 _____ C:\Windows\system32\config\SYSTEM.bak
2016-05-19 08:15 - 2009-07-13 22:34 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2016-05-19 08:15 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-05-19 08:15 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-05-19 08:15 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-05-19 08:11 - 2015-01-14 18:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2016-05-19 08:11 - 2015-01-13 20:51 - 00002018 _____ C:\Windows\Sandboxie.ini
2016-05-19 08:10 - 2015-08-08 16:25 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-19 07:52 - 2015-03-20 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-19 07:46 - 2015-03-20 10:47 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.BackupByMBAMPortable
2016-05-18 07:28 - 2016-02-12 20:26 - 00000000 ___RD C:\Users\Matt\Dropbox
2016-05-15 06:44 - 2015-08-12 11:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-15 06:30 - 2016-02-12 20:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-11 07:13 - 2015-10-04 08:38 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1443962297
2016-05-11 07:13 - 2015-10-04 08:38 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-11 07:10 - 2015-08-27 22:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e13b457bdd4b
2016-05-11 07:10 - 2015-08-27 22:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e13b456791af
2016-05-10 00:07 - 2015-01-10 22:01 - 00037091 _____ C:\Windows\system32\nvinfo.pb
2016-05-09 19:40 - 2016-02-13 17:48 - 00532536 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-09 19:40 - 2016-02-13 17:48 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-09 19:40 - 2015-01-10 22:03 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-09 19:40 - 2015-01-10 22:03 - 02993088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-09 19:40 - 2015-01-10 22:03 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-09 19:40 - 2015-01-10 22:03 - 01201600 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-09 19:40 - 2015-01-10 22:03 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-09 19:40 - 2015-01-10 22:03 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-09 18:52 - 2015-01-10 22:15 - 00000000 ____D C:\Program Files (x86)\Razer
2016-05-06 10:02 - 2015-01-10 22:03 - 06423191 _____ C:\Windows\system32\nvcoproc.bin
2016-05-03 22:23 - 2016-03-13 08:48 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-03 22:22 - 2016-03-13 08:48 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-03 22:22 - 2016-03-13 08:48 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-03 22:22 - 2016-03-13 08:48 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-03 09:08 - 2015-10-19 11:50 - 00000000 ____D C:\Users\Matt\AppData\Local\IE Tab
2016-05-03 07:44 - 2015-12-27 12:51 - 00000000 ____D C:\Users\Matt\AppData\Local\Battle.net
2016-05-03 07:35 - 2015-12-27 12:51 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-02 01:39 - 2015-01-28 08:50 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-02 01:39 - 2015-01-28 08:50 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-02 01:38 - 2016-02-13 17:45 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-02 01:38 - 2015-01-28 08:50 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-05-02 01:38 - 2015-01-28 08:50 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-05-01 08:21 - 2015-01-10 22:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-01 08:20 - 2015-01-10 22:05 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-26 18:59 - 2015-01-10 22:15 - 00000000 ____D C:\ProgramData\Razer
2016-04-26 18:56 - 2015-01-10 22:15 - 00000000 ____D C:\Users\Matt\AppData\Local\Razer
2016-04-26 18:56 - 2015-01-10 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2016-04-24 07:05 - 2015-03-20 10:48 - 00000975 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-22 03:57 - 2010-11-20 23:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-04-07 19:13 - 2015-04-07 19:13 - 0000038 ___SH () C:\Users\Matt\AppData\Local\69ff07055291669bb2b218.72821112
2015-09-10 06:43 - 2015-09-27 09:51 - 0000600 _____ () C:\Users\Matt\AppData\Local\PUTTY.RND
2015-08-30 10:02 - 2015-08-30 10:02 - 0007605 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
2008-02-05 15:28 - 2008-02-05 15:28 - 0000051 _____ () C:\Users\Matt\AppData\Local\setup.txt
2015-03-13 19:01 - 2016-05-20 06:53 - 0003914 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Matt\08EE7E850F619A2759EFFDBE60D9CC57.dat
C:\Users\Matt\344FBB23F7D0BBB97A3F808963B3B96D.dat
C:\Users\Matt\54782AD91552134B3B943E081F5D5E96.dat
C:\Users\Matt\815415848722EF080AB796EA30FD13AC.dat
C:\Users\Matt\AEC9BA2A6AFB6A64062E6179B4A8A048.dat
C:\Users\Matt\F7AB08E1BDB53C49FAEE1DAACA0202B0.dat
C:\Users\Matt\multibit-hd-windows-x64-0.3.0.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-17 09:02

==================== End of FRST.txt ============================
 
#5 ·
Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-05-2016
Ran by Matt (2016-05-21 12:06:37)
Running from C:\Users\Matt\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-01-11 01:32:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3603227820-2617303867-322315972-500 - Administrator - Disabled)
Guest (S-1-5-21-3603227820-2617303867-322315972-501 - Limited - Disabled)
Matt (S-1-5-21-3603227820-2617303867-322315972-1000 - Administrator - Enabled) => C:\Users\Matt

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.381.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
1Password 4.6.0.586 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.15 - ASUSTeK Computer Inc.)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arora 0.10.0 (HKLM-x32\...\Arora) (Version: 0.10.0 - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
AviSynth (HKLM-x32\...\AviSynth) (Version: 2.6.0 MT - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Camtasia Studio 8 (HKLM-x32\...\{904AC0F0-F69E-467E-A719-B083940F608A}) (Version: 8.5.2.1999 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.15.008 - Portrait Displays, Inc.)
DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.35.3 - Dropbox, Inc.) Hidden
EaseUS Data Recovery Wizard 8.8 (HKLM\...\EaseUS Data Recovery Wizard 8.8_is1) (Version: - EaseUS)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 8.9 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.9 - CHENGDU YIWO Tech Development Co., Ltd)
ESET Smart Security (HKLM\...\{BA1050B5-E274-4693-8A67-CAF5576A07F1}) (Version: 9.0.381.0 - ESET, spol. s r.o.)
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
FileZilla Client 3.10.0 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0 - Tim Kosse)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.54 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation)
Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iOS Data Recovery (HKLM-x32\...\iOS Data Recovery) (Version: - Tenorshare, Inc.)
iPhone Data Recovery (HKLM-x32\...\iPhone Data Recovery) (Version: - Tenorshare, Inc.)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 10.1.10586.15 - Microsoft) Hidden
K-Lite Codec Pack 10.9.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.7.1000 - Maxthon International Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NETGEAR WNA3100 wireless USB 2.0 driver (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.0-I001 (HKLM\...\OpenVPN) (Version: 2.3.0-I001 - )
Opera Stable 37.0.2178.43 (HKLM-x32\...\Opera 37.0.2178.43) (Version: 37.0.2178.43 - Opera Software)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
Paragon Migrate OS to SSD™ 2.0 Special Edition (HKLM-x32\...\{D4378A80-C713-11DF-9399-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PhotoSync (HKLM\...\{CECDB976-FC3E-49E1-8A47-DF447D8B4DBC}) (Version: 3.0.7 - touchbyte GmbH)
Pivot Pro Plugin (x32 Version: 9.61.004 - Portrait Displays, Inc.) Hidden
Proxifier version 3.28 (HKLM-x32\...\Proxifier_is1) (Version: 3.28 - Initex)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
RAR Password Recovery v1.1 RC16 (remove only) (HKLM-x32\...\Intelore - RAR Password Recovery) (Version: - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.40.012 - Portrait Displays, Inc.) Hidden
SDK Debuggers (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.7.0 - ShareX Team)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TinyUmbrella 8.2.0.60 (HKLM\...\4851-8548-9863-1993) (Version: 8.2.0.60 - )
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 5.2.1 - Universal Media Server)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 17.0 - Ubisoft)
USB GamePad (HKLM-x32\...\{B8CDAD75-96FB-48A5-A2AE-6515DDEB7BFA}) (Version: 3.85 - My Company Name)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\Warcraft III) (Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\WinDirStat) (Version: - )
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
WinImage (HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\WinImage) (Version: - )
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Data Recovery(Build 4.3.1.6) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 4.3.1.6 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone for iOS(Build 6.7.2.2) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 6.7.2.2 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Ultimate(Build 8.0.0.10) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.0.0.10 - Wondershare Software)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA37FCF-5810-4FE7-9DB5-5DD9AF0418BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {203C3C7C-697E-4E23-B2AF-E67B3A22F7BC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e13b457bdd4b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {205971B9-0AE2-4EBD-B3EB-04E80C9A4627} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {2993E67E-8242-444E-9B63-B85C42676DA0} - System32\Tasks\ASUS\ASUS Mobilink Execute => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\ASUS Mobilink.exe [2010-11-25] (ASUSTeK Computer Inc.)
Task: {2BA7A148-6DC5-43EA-8C3E-7D42A376A002} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2011-04-13] (ASUSTeK Computer Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3B13E2C8-DEDF-4F45-A0CE-857C725B53E5} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {4459B8C2-1A58-456F-850C-FB85C01D87AD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {4A251AA8-62B5-4A4C-84F1-3A9603C02B09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {5544BE35-82E8-414E-ABD1-F5BBFC1FD5D5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {60624DC5-8242-4072-A347-A6FBD03BECDC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {790B9339-ABF9-4D0E-A8A6-AABAD7F4F58E} - System32\Tasks\Opera scheduled Autoupdate 1443962297 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-09] (Opera Software)
Task: {86B9638F-08EC-4742-B8FE-CDC8E50271CE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-12] (Dropbox, Inc.)
Task: {88BC81D7-138D-4505-B14C-E7AD63203BAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {92EF507D-0F4D-4388-89F6-C2B590C50FF1} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe [2015-11-09] (EVGA Corp.)
Task: {A347FAE1-AA1E-4F74-9155-D9390E1E9172} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AC56D4CD-9F2F-4F43-9C15-C2BCAF3B1531} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e13b456791af => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {B399252B-B480-4CAB-AD90-F15E558060C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-19] (Adobe Systems Incorporated)
Task: {CA1129FD-7E59-4317-B485-7ED0DB639B93} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-12] ()
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D270EF74-2A09-4864-98A2-0E33AAFB39FC} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {D28F443E-CCFE-4FBD-85AF-B54CB48903AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {E3E1C98A-07CB-4E00-972B-589D6B4305E2} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-08-11] (Maxthon International ltd.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e13b456791af.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e13b457bdd4b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-12 17:38 - 2015-03-28 15:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2015-01-10 22:03 - 2016-05-09 19:40 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-01 08:14 - 2011-10-29 09:59 - 00918448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2016-05-01 08:14 - 2010-12-02 11:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2016-05-01 08:14 - 2010-10-21 17:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2016-02-21 11:31 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-03 08:38 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-02-21 11:31 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-13 17:45 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-04-03 08:38 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-03 08:38 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-03 08:38 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-13 17:45 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2014-12-08 06:10 - 2014-12-08 06:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-01-30 08:49 - 2014-10-24 15:16 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-03 08:38 - 2016-05-02 01:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-03 08:38 - 2016-05-02 01:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-19 09:18 - 2016-05-17 22:15 - 31491736 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.54\PepperFlash\pepflashplayer.dll
2016-05-01 08:14 - 2016-05-21 11:55 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2016-05-01 08:14 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2015-04-15 19:35 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-05-01 08:19 - 2010-11-25 15:12 - 00086016 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll
2016-05-01 08:19 - 2010-11-25 15:12 - 00661504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll
2016-05-01 08:19 - 2010-11-25 15:12 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll
2016-05-01 08:19 - 2010-11-25 15:12 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll
2016-05-01 08:19 - 2010-11-25 16:12 - 00061440 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll
2016-05-01 08:19 - 2010-11-25 16:12 - 00661504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll
2016-05-01 08:19 - 2010-11-25 16:12 - 00703488 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll
2016-05-01 08:19 - 2010-11-25 16:12 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll
2016-05-01 08:20 - 2011-03-04 17:33 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2016-05-01 08:20 - 2009-05-21 10:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2016-05-01 08:14 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2016-05-01 08:14 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2016-05-01 08:19 - 2011-02-09 09:02 - 00873472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2016-05-01 08:19 - 2010-10-15 17:40 - 01031680 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2016-05-01 08:14 - 2011-09-20 18:11 - 00985600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2016-05-01 08:19 - 2011-01-19 21:23 - 01655296 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll
2016-05-01 08:20 - 2010-12-01 12:33 - 01244672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2016-05-01 08:20 - 2011-01-06 10:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2016-05-01 08:14 - 2011-09-29 15:12 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2016-05-01 08:15 - 2011-09-26 18:37 - 01616384 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2016-05-01 08:15 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2016-05-01 08:15 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2016-05-01 08:15 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2016-05-01 08:14 - 2010-08-23 10:17 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
2016-05-01 08:14 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2016-05-01 08:14 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2015-01-11 04:28 - 2015-01-11 04:28 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2015-01-10 22:06 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-10 22:07 - 2012-05-10 16:03 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3603227820-2617303867-322315972-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-05-19 09:04 - 00000058 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3603227820-2617303867-322315972-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DirMngr => 2
MSCONFIG\Services: EaseUS Agent => 2
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GeoComplyUpdate => 2
MSCONFIG\Services: GeoComplyUpdateM => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MaxthonUpdateSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TVersityMediaServer => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WSWNA3100 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Content Manager Assistant for PlayStation(R).lnk => C:\Windows\pss\Content Manager Assistant for PlayStation(R).lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk => C:\Windows\pss\Universal Media Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShareX.lnk => C:\Windows\pss\ShareX.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Agile1pAgent => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: ProxyCap => C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F491BC0C-B905-45EC-AA85-BD4EF44BB220}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9699345-85A3-4C5E-BEF8-CD228ECCAE6E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{83239105-E474-4742-80C7-7CBFB40C2CD9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2963BCC8-5012-48B7-9F24-FC4281B8FAB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFBD26A8-C7BE-4004-B392-467397A84815}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84C0B22D-805D-4EB7-A9D0-D83B1F6ADCAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF3B9B57-ED06-421D-9221-401AF0686574}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{680F32D4-01A3-4118-9C94-6937BB25EEFF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{82002D8E-6766-4B07-B143-3C1A2E0C3647}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5DC23DF-2DBD-4B6C-A99D-2935189C8889}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0C15AD2A-ADBD-49B5-8DBF-6941FF1D8558}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7761E03D-4C73-48AB-85CF-225A4F982E2E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{409C9547-8758-4F3B-9463-5B0E2BB9A7B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2EC6FDC-FBEB-47B6-B0F8-A72CD69DCC1D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6B1EC06F-2C34-4E4C-9340-67FF8D112CCF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B3C2674B-6694-482E-A231-06B153953AD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D05F0088-7E7B-4CC0-8A5E-C290C2E9CCC7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{40F79431-1A02-400F-B8F1-6D0C525D3173}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{196A3357-60DE-44DC-9871-6DD789BA9381}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{2D099717-0CDE-4123-8A1D-53515891677E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{9A586390-4636-4746-B73F-64A94F10BA84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BA3759D3-CAA6-459D-9BE8-CEBF9B3E3901}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{079F3398-F474-4151-B582-B97F1061DCC2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{2F9B0298-F43E-4B7C-922F-5AF9FF309A4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{A0707C1F-A1A6-440D-872E-719AE15CA4CD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{748BD868-9A2F-4FA1-8EE2-57C949BCF997}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{0A4B5F5F-7F4F-4C34-B5E0-10A9755B24E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{F9368EB7-89CB-431D-BCB9-2AD17A32CBBA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{AA0B778D-904A-4771-8403-73F44797AE33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{6AD67B88-7648-44D2-9345-0F34E05B3BB2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{16D01721-68F9-4259-9CA3-99402F14CEEC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{07EE4021-F887-4131-90D8-E77B2BC2DFE0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DD683260-F3CF-4CEC-BFDA-CD72FDF47F96}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C2DEFC85-5771-4148-93B2-65AE85DBEBE1}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{55FEDEC9-9EE6-441F-A7DE-6C7C9CF5D4FB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{4C8D6ECB-4765-41A5-8D3F-6008C1CF8516}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{7D7CE7D5-E027-4C44-BA3B-84C2EED0E094}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{7EE3C9BA-B92F-4396-8AD0-2E3A1ECAD3EC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{90615580-D05F-427D-9888-55712D91E41E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{401F0B59-AB83-4331-9B82-9BC0285A5B15}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{C17F40F0-8D0D-40F3-9158-F3F200CCDFDF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{FC23A30A-18E9-4F2A-8FF0-8018C0F1F96F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{F8F80B17-E11A-4504-9E5D-C7E7B411BE15}] => (Block) %ProgramFiles% (x86)\Wondershare\Dr.Fone for iOS\iphoneRecovery_DrFoneForiOS.exe
FirewallRules: [{3F9EF9EE-E02A-47EC-88C1-2DAF282276CC}] => (Block) %ProgramFiles% (x86)\Wondershare\Dr.Fone for iOS\iphoneRecovery_DrFoneForiOS.exe
FirewallRules: [{9FB3AF3C-0330-41EF-881C-6EBA3EF35B82}] => (Block) %ProgramFiles% (x86)\Wondershare\Dr.Fone for iOS\iphoneRecovery_DrFoneForiOS.exe
FirewallRules: [{2A922825-2C36-40A6-91F0-66D1F9595854}] => (Block) %ProgramFiles%\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe
FirewallRules: [{5D655BEA-5485-4E7F-A76F-C3FC6EAAFB1C}] => (Block) %ProgramFiles%\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe
FirewallRules: [TCP Query User{E4251403-3F1D-43D2-89E6-CB55CD2596C5}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{F69914BE-4088-4FA6-B4D1-11C48C7166C1}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [{178C51B0-856D-475B-8DEC-E73887A7C85F}] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [{6A088E5B-2419-4356-99AF-4E321C5C0F64}] => (Block) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [{2D984CB4-083D-4DCB-B702-114EFE9C2E80}] => (Allow) LPort=35722
FirewallRules: [{570FB543-70CF-4F12-AAD4-74D2C900F3DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F357D893-C58D-4785-B3F8-7C2C74B5E57A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F08B715C-5B42-4229-AE07-10E8C947DFBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{42D15D14-458F-4356-BDBB-AB4B8C4BA404}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E84D5E21-0B01-447F-8AFA-D156BFDE4DF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{98C85DB8-25CA-4247-93C0-22B51A267796}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{A43C3241-D235-4AAC-99B2-1B60CED116DF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{0C7736F2-9ED8-40E3-A3DC-646DF4823001}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AA19B41B-CF51-4AB8-9410-FAD4D2DE0A43}] => (Allow) LPort=2869
FirewallRules: [{F5B29E94-1DA2-40A2-8F49-E3FA04E06269}] => (Allow) LPort=1900
FirewallRules: [{699C540B-5EC7-417F-83F8-DD7341D145F6}] => (Allow) LPort=8317
FirewallRules: [{04A6A87F-518E-4FDD-8C23-ED78F21813D1}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D95C457F-5A48-4237-BE96-50C103BEA464}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{26DD5C87-FF8C-4EFA-AE88-36A75ECB4782}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{88812E6D-F286-4D81-A353-394BF9FCF3F2}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{E26883C8-3AC4-49C9-9E18-F8CF9A410301}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{39AD56CA-AB2B-4327-B822-43ED02E4CF03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{77F8305B-09B8-4DA6-BCB7-BB9F8E3416E2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4DDCB4C8-C70C-404D-B923-DF308AC804DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA472EAC-20B6-42C9-95D8-272D7A4AEA6C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9B480820-28B0-4094-9812-DFA08EC0EA6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{46F8BC64-A0EF-4A82-8180-B26A52E93A25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1110D50B-B702-494E-AEC8-4E7B57947843}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6302C38B-AC41-474F-A09D-9A8A2F9CBCC6}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{79E6270E-17E2-4126-B127-68F040BBEDD7}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F482F4C1-32C9-421D-96C9-B5D27C0C76A3}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63846838-A8CD-4B46-B9B8-6FB924330D10}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{64DEAC6E-087C-4747-8D57-C14131AE6110}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{93AC5B11-6E6B-4D96-926E-D180E6AB4918}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AC9C725D-2E6F-46B7-8824-4F9BF2DADE5A}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0666DF5-9F39-4EF8-9346-FFC28CED1280}] => (Block) %ProgramFiles% (x86)\iPhone Data Recovery\iPhone Data Recovery.exe
FirewallRules: [TCP Query User{BCA1FC12-D5DE-4EDD-9F5F-317B9C80B01A}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{DEF5D6C1-01A4-4D35-AF7B-88E516FB6923}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{4B486381-C37A-4FAC-965D-842457BC948F}] => (Block) %ProgramFiles% (x86)\iOS Data Recovery\iOS Data Recovery.exe
FirewallRules: [{4348FBA9-0B8D-4B52-BAE5-032CFAC4A86F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{173911E5-02BE-4194-B0D3-EBA0D7CD4F80}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{19A81CA0-566D-44DE-AFBA-90813E4A21E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5932AA18-C5A1-42C4-8BD9-8CAB8215E44C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{489C50E8-507F-43B4-B52F-8456D9AE5661}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{801E683B-626C-445A-8EC8-81860741AE49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F6D78F8F-5B00-4B3C-83A7-1A3666C3BC94}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
FirewallRules: [{AAB5B048-6153-4BCC-B840-84EE518B2382}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{81820388-68FC-4989-9DB9-07885136F381}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{FE689705-5CC8-41AD-9CAF-EA3212D96283}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2016 11:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2016 06:24:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2016 05:31:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2016 01:25:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2016 06:56:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2016 06:49:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 51.0.2704.54, time stamp: 0x573bc366
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x0000000000039e5d
Faulting process id: 0x468
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/20/2016 06:48:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 51.0.2704.54, time stamp: 0x573bc366
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x0000000000039e5d
Faulting process id: 0x344
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/20/2016 06:47:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 51.0.2704.54, time stamp: 0x573bc366
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a6a196
Exception code: 0xc0000005
Fault offset: 0x0000000000039e5d
Faulting process id: 0x16f8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/20/2016 06:32:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2016 01:39:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/20/2016 08:17:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (05/20/2016 08:17:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/20/2016 07:20:14 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/19/2016 01:19:42 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/19/2016 11:55:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/19/2016 10:41:56 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/19/2016 08:37:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/19/2016 08:33:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/19/2016 08:33:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (05/19/2016 08:33:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2016-05-19 08:14:24.791
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-05-19 08:14:24.776
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 44%
Total physical RAM: 8159.14 MB
Available physical RAM: 4509.73 MB
Total Virtual: 16316.48 MB
Available Virtual: 13114.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:5.45 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:227.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (BenQ_LCD) (CDROM) (Total:0.58 GB) (Free:0 GB) UDF
Drive f: (ACER) (Fixed) (Total:138.05 GB) (Free:114.64 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:931.48 GB) (Free:27.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E178BC0A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 186DA197)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 1C8B2F0A)
Partition 1: (Not Active) - (Size=11 GB) - (Type=12)
Partition 2: (Active) - (Size=138 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 5DAC0F74)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Attachments

#6 ·
Hello Matt2k16 :)

I believe I have fixed the problem myself, however I just want to make sure.
taskeng.exe is the Windows Task Scheduler process. There don't appear to be any malicious tasks but let's run a few more scans to make sure we're not missing anything.

Please run the following scans:

Step one...

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Step two...

MGA Diagnostic Tool
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run as adminsitrator.
  • Click on Continue to run the scan.
  • Once the scan is finished click Copy to copy the results. Paste them in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • ckfiles.txt
  • The MGA Diagnostic report
  • Are there any changes in computer behavior?
 
#8 ·
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-Q6MMK-KYK6X-VKM6G
Windows Product Key Hash: 289NoAWl2ZoVfuieux/315WkDIc=
Windows Product ID: 00426-OEM-8992662-00173
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {C78D04B9-6C0C-4791-8065-FA6BD11C799E}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150715-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: c:\program files (x86)\google\chrome\application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C78D04B9-6C0C-4791-8065-FA6BD11C799E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VKM6G</PKey><PID>00426-OEM-8992662-00173</PID><PIDType>2</PIDType><SID>S-1-5-21-3603227820-2617303867-322315972</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>3603</Version><SMBIOSVersion major="2" minor="6"/><Date>20121109000000.000000+000</Date></BIOS><HWID>52913C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600173-02-1033-7601.0000-2122015
Installation ID: 002083135031305392821284168296399910875353997706055884
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VKM6G
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 5/21/2016 12:48:20 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:12:2015 14:34
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: OAAAAAIAAwABAAEAAAACAAAABAABAAEAln1eZf4LdxasixpdeBmOB9BeMGTKxFvtCqlEDgoCLnM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl
BGRT ALASKA A M I
SLIC _ASUS_ Notebook
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top