# Solved: Explorer.exe using 50+% of CPU



## pera93bgd (Mar 17, 2014)

Few days ago I noticed my CPU usage is very high, I tried rebooting few times and nothing changed. When I go to Windows Task Manager/processes I see my explorer.exe file is using more than 50% of my CPU even when no app was started...
I tried everything I know. Scanning PC with Antivirus, doing system restore etc.
Does anyone have any suggestion?

Also, here is my configuration:
MSI GE620 DX
CPU: Intel i5 2430M
GPU: NVIDIA GT 555M / 2GB DDR3
RAM: DDR3 4GB
64-bit Windows 7


----------



## Mark1956 (May 7, 2011)

Lets have a look at what is on your system:

Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

*Note:* If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click on FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the* Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run from. Please copy and paste it into your next reply.
The first time the tool is run, it makes another log (*Addition.txt*). Please also copy and paste that into your reply.


----------



## pera93bgd (Mar 17, 2014)

First of all thanks for very fast replay.
Here are the requested copies:

This is from FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by P (administrator) on P-MSI on 17-03-2014 14:31:25
Running from C:\Users\P\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
(msi) C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\P\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [THXCfg64] - C:\windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [4059136 2011-03-11] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-04] (Realtek Semiconductor)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Cinema ProII AP] - C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe [200192 2011-01-25] (Micro-Star Int'l Co., Ltd.)
HKLM-x32\...\Run: [Cinema ProII Controler] - C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe [1689600 2010-06-25] (msi)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1351680 2010-11-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [S-Bar] - C:\Program Files (x86)\S-Bar\S-Bar.exe [5504416 2012-12-03] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [svchost] - regsvr32 /s "C:\Temp:0001D49C.dat"
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\MountPoints2: {7bf88a45-6ad5-11e2-bba3-8c89a5001d84} - F:\INSTALL.EXE
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/INF00176/tb_v1?SearchSource=10&cc=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.com
URLSearchHook: HKCU - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {FC722C2E-184C-402A-9892-63CB813C4A51} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=310
SearchScopes: HKCU - {5C1F6FA4-51D8-45BC-BFE9-382320B8D1E3} URL = http://www.bing.com/search?q={searchTerms}&r=613
SearchScopes: HKCU - {E98CD509-E696-434A-A149-D426A78E31F3} URL = 
SearchScopes: HKCU - {FC722C2E-184C-402A-9892-63CB813C4A51} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=310
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{1AAFB922-CEDE-44D9-8930-3ED45AC1434A}: [NameServer]8.8.8.8,8.8.4.4

Chrome: 
=======
CHR HomePage: hxxp://startsear.ch/?aff=2&cf=4146ad59-501c-11e1-8848-00241d013c08
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
CHR Extension: (Google Drive) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (YouTube) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (AdBlock) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-02]
CHR Extension: (Hola Better Internet) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-03-02]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-03-02]
CHR Extension: (Skype Click to Call) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\P\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Users\P\AppData\Local\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\P\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2012-12-03] (Micro-Star International Co., Ltd.)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-17] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R2 Dokan; C:\windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-30] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67072 2011-03-11] (Sentelic Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-17 14:31 - 2014-03-17 14:31 - 00020564 _____ () C:\Users\P\Downloads\FRST.txt
2014-03-17 14:31 - 2014-03-17 14:31 - 00000000 ____D () C:\FRST
2014-03-17 14:30 - 2014-03-17 14:30 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64 (1).exe
2014-03-17 14:19 - 2014-03-17 14:19 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64.exe
2014-03-17 13:37 - 2014-03-17 13:37 - 00299808 _____ () C:\Users\P\Downloads\RTSVunc (1).zip
2014-03-17 13:31 - 2014-03-17 13:31 - 00299808 _____ () C:\Users\P\Downloads\RTSVunc.zip
2014-03-17 13:31 - 2014-03-17 13:31 - 00299808 _____ () C:\Users\P\Desktop\RTSVunc.zip
2014-03-17 13:31 - 2010-06-09 10:58 - 00000000 ____D () C:\Users\P\Desktop\src
2014-03-17 13:31 - 2010-06-09 10:58 - 00000000 ____D () C:\Users\P\Desktop\release
2014-03-16 14:45 - 2014-03-16 14:45 - 00001466 _____ () C:\Users\P\Downloads\IMG_00644.zip
2014-03-15 09:59 - 2014-03-15 09:59 - 00000000 ____D () C:\Users\P\AppData\Local\Skype
2014-03-15 00:40 - 2014-03-15 00:40 - 00000000 ____D () C:\Users\P\AppData\Local\Skyrim
2014-03-15 00:29 - 2014-03-15 00:39 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim
2014-03-14 16:20 - 2014-03-14 16:34 - 00000000 ____D () C:\Users\P\Downloads\rzr-skrm
2014-03-14 15:40 - 2014-03-14 15:40 - 00000008 _____ () C:\Users\P\AppData\Roaming\DofusAppId0_2
2014-03-14 15:40 - 2014-03-14 15:40 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dofus-2
2014-03-12 15:49 - 2014-03-12 16:27 - 00000000 ____D () C:\Users\P\Downloads\CIV4
2014-03-12 12:47 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 12:47 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 12:47 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 12:47 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 12:47 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 12:47 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 12:47 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 12:47 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 12:47 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 12:47 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 12:47 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 12:47 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 12:47 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 12:47 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:47 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 12:47 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 12:47 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 12:47 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 12:47 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 12:47 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:47 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 12:47 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 12:47 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 12:47 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 12:47 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 12:47 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-12 12:47 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-12 12:47 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 12:47 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 12:47 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 12:47 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 12:47 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 12:47 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 12:47 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-12 12:47 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 12:47 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 12:47 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 12:47 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 12:47 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 12:47 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 12:47 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 12:47 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 12:47 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 12:47 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-12 12:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 12:44 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 12:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:44 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\system32\NV
2014-03-11 10:00 - 2014-03-04 15:35 - 31474976 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 25255256 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 23716640 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 18302384 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 17755424 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 17561544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 15783992 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 12708128 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-03-11 10:00 - 2014-03-04 15:35 - 11636176 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 11589272 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 09728064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 09690424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 03143456 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 02958792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 02783008 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 02411976 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 01885472 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433523.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 01516488 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433523.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00892704 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00877856 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00863064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00846168 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00353504 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00305600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00033736 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2014-03-09 16:53 - 2014-03-09 17:17 - 00000000 ____D () C:\Users\P\Downloads\Nymphomaniac Volume I & II Unrated Webrip x264 AC3 TiTAN
2014-03-09 12:05 - 2014-03-09 12:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Apple Computer
2014-03-08 13:04 - 2014-03-08 13:05 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\Users\P\AppData\Local\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\ProgramData\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-07 16:19 - 2014-03-07 16:24 - 00000000 ____D () C:\Users\P\Downloads\12 Years a Slave[2013] BRRip XviD-SaM[ETRG]
2014-03-04 21:49 - 2014-03-04 21:49 - 00001006 _____ () C:\Users\P\Desktop\Dev-C++.lnk
2014-03-04 21:49 - 2014-03-04 21:49 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dev-Cpp
2014-03-04 21:48 - 2014-03-04 21:48 - 00000000 ____D () C:\Program Files (x86)\Dev-Cpp
2014-03-02 02:57 - 2014-03-02 02:57 - 00000767 _____ () C:\Users\P\Desktop\The Elder Scrolls Online Beta.lnk
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\Documents\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\AppData\Roaming\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Program Files\Rainmeter
2014-02-27 11:50 - 2014-02-27 11:50 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-22 23:50 - 2014-02-22 23:50 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA Corporation
2014-02-22 23:46 - 2014-02-22 23:51 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA
2014-02-22 23:46 - 2014-02-22 23:46 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-22 23:46 - 2014-02-05 10:31 - 01048152 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2014-02-22 23:46 - 2014-02-05 10:30 - 01179576 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2014-02-22 23:42 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433489.dll
2014-02-22 23:42 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433489.dll
2014-02-22 23:42 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2014-02-22 23:42 - 2013-12-27 19:42 - 00035104 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2014-02-22 23:42 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2014-02-22 22:05 - 2014-03-05 23:39 - 00000000 ____D () C:\Users\P\AppData\Roaming\Upok
2014-02-22 22:05 - 2014-03-03 09:17 - 00000000 ____D () C:\Users\P\AppData\Roaming\Koesim
2014-02-22 21:45 - 2014-02-22 21:45 - 00000000 _____ () C:\windows\SysWOW64\Access.dat
2014-02-22 21:43 - 2014-02-22 21:49 - 00000000 ____D () C:\Users\P\AppData\Roaming\Tunngle
2014-02-22 21:43 - 2014-02-22 21:45 - 00000000 ____D () C:\ProgramData\Tunngle
2014-02-22 21:43 - 2014-02-22 21:44 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00001001 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\P\Documents\Tunngle
2014-02-22 21:43 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\windows\system32\Drivers\tap0901t.sys
2014-02-22 20:34 - 2014-03-14 16:22 - 315680028 _____ () C:\Users\P\Downloads\WoodmanCastingX - Hard Table - Nancy Fancy.mp4
2014-02-16 02:08 - 2014-02-16 03:13 - 00000000 ____D () C:\Users\P\Downloads\Simpsons Hit and Run

==================== One Month Modified Files and Folders =======

2014-03-17 14:31 - 2014-03-17 14:31 - 00020564 _____ () C:\Users\P\Downloads\FRST.txt
2014-03-17 14:31 - 2014-03-17 14:31 - 00000000 ____D () C:\FRST
2014-03-17 14:30 - 2014-03-17 14:30 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64 (1).exe
2014-03-17 14:29 - 2013-01-25 21:15 - 00000000 ____D () C:\Users\P\AppData\Roaming\Skype
2014-03-17 14:25 - 2013-01-25 01:25 - 01841894 _____ () C:\windows\WindowsUpdate.log
2014-03-17 14:19 - 2014-03-17 14:19 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64.exe
2014-03-17 14:05 - 2009-07-14 05:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 14:05 - 2009-07-14 05:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-17 13:37 - 2014-03-17 13:37 - 00299808 _____ () C:\Users\P\Downloads\RTSVunc (1).zip
2014-03-17 13:37 - 2013-01-25 02:37 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 13:31 - 2014-03-17 13:31 - 00299808 _____ () C:\Users\P\Downloads\RTSVunc.zip
2014-03-17 13:31 - 2014-03-17 13:31 - 00299808 _____ () C:\Users\P\Desktop\RTSVunc.zip
2014-03-17 13:07 - 2013-12-20 22:18 - 00000000 ____D () C:\Users\P\AppData\Local\LogMeIn Hamachi
2014-03-17 12:54 - 2009-07-14 05:51 - 00140747 _____ () C:\windows\setupact.log
2014-03-17 12:53 - 2013-01-25 02:37 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 12:53 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-16 16:25 - 2013-12-16 22:07 - 00000000 ____D () C:\Users\P\AppData\Local\Battle.net
2014-03-16 14:45 - 2014-03-16 14:45 - 00001466 _____ () C:\Users\P\Downloads\IMG_00644.zip
2014-03-16 14:42 - 2010-11-21 04:47 - 00268886 _____ () C:\windows\PFRO.log
2014-03-15 10:16 - 2013-11-23 13:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-15 09:59 - 2014-03-15 09:59 - 00000000 ____D () C:\Users\P\AppData\Local\Skype
2014-03-15 09:59 - 2013-01-25 21:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-15 09:59 - 2013-01-25 21:15 - 00000000 ____D () C:\ProgramData\Skype
2014-03-15 00:40 - 2014-03-15 00:40 - 00000000 ____D () C:\Users\P\AppData\Local\Skyrim
2014-03-15 00:40 - 2013-04-24 14:49 - 00000000 ____D () C:\Users\P\Documents\My Games
2014-03-15 00:39 - 2014-03-15 00:29 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim
2014-03-15 00:36 - 2011-07-19 01:27 - 00047128 _____ () C:\windows\DirectX.log
2014-03-14 21:46 - 2013-01-25 01:33 - 00000000 ____D () C:\Users\P\AppData\Local\VirtualStore
2014-03-14 20:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-03-14 18:35 - 2013-01-26 00:20 - 00000000 ____D () C:\Users\P\AppData\Roaming\BitTorrent
2014-03-14 16:34 - 2014-03-14 16:20 - 00000000 ____D () C:\Users\P\Downloads\rzr-skrm
2014-03-14 16:22 - 2014-02-22 20:34 - 315680028 _____ () C:\Users\P\Downloads\WoodmanCastingX - Hard Table - Nancy Fancy.mp4
2014-03-14 15:46 - 2013-01-25 02:48 - 00000000 ____D () C:\Games
2014-03-14 15:45 - 2013-10-28 14:07 - 00000000 ____D () C:\Users\P\Desktop\New folder (2)
2014-03-14 15:44 - 2013-02-02 23:04 - 00000000 ___RD () C:\Users\P\Desktop\Programi
2014-03-14 15:40 - 2014-03-14 15:40 - 00000008 _____ () C:\Users\P\AppData\Roaming\DofusAppId0_2
2014-03-14 15:40 - 2014-03-14 15:40 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dofus-2
2014-03-14 15:40 - 2013-11-15 16:38 - 00000109 _____ () C:\Users\P\AppData\Roaming\D2Info0
2014-03-14 15:40 - 2013-11-15 16:38 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dofus2
2014-03-14 15:39 - 2013-02-16 20:00 - 00000000 ____D () C:\Users\P\Desktop\Filmovi
2014-03-14 15:35 - 2011-07-19 01:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-14 11:22 - 2013-02-03 16:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-13 13:23 - 2009-07-14 05:45 - 00463432 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 13:21 - 2013-03-12 21:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 13:21 - 2013-03-12 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 16:27 - 2014-03-12 15:49 - 00000000 ____D () C:\Users\P\Downloads\CIV4
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\system32\NV
2014-03-11 10:02 - 2013-01-28 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-10 13:15 - 2013-10-09 01:39 - 00000000 ____D () C:\Users\P\Desktop\New folder
2014-03-09 20:26 - 2009-07-14 06:13 - 00779788 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-09 17:17 - 2014-03-09 16:53 - 00000000 ____D () C:\Users\P\Downloads\Nymphomaniac Volume I & II Unrated Webrip x264 AC3 TiTAN
2014-03-09 12:05 - 2014-03-09 12:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Apple Computer
2014-03-08 13:05 - 2014-03-08 13:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\windows\System32\Tasks\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\Users\P\AppData\Local\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\ProgramData\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-08 01:42 - 2013-12-16 22:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-07 16:24 - 2014-03-07 16:19 - 00000000 ____D () C:\Users\P\Downloads\12 Years a Slave[2013] BRRip XviD-SaM[ETRG]
2014-03-07 16:03 - 2013-01-25 02:15 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-03-06 01:31 - 2013-12-21 01:08 - 00000000 ____D () C:\Users\P\AppData\Local\FileTypeAssistant
2014-03-05 23:39 - 2014-02-22 22:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Upok
2014-03-05 21:36 - 2013-01-25 01:30 - 00000000 ____D () C:\Users\P\AppData\Local\CrashDumps
2014-03-04 21:49 - 2014-03-04 21:49 - 00001006 _____ () C:\Users\P\Desktop\Dev-C++.lnk
2014-03-04 21:49 - 2014-03-04 21:49 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dev-Cpp
2014-03-04 21:48 - 2014-03-04 21:48 - 00000000 ____D () C:\Program Files (x86)\Dev-Cpp
2014-03-04 15:35 - 2014-03-11 10:00 - 31474976 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 25255256 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 23716640 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 18302384 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 17755424 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 17561544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 15783992 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 12708128 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-03-04 15:35 - 2014-03-11 10:00 - 11636176 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 11589272 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 09728064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 09690424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 03143456 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 02958792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 02783008 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 02411976 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 01885472 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433523.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 01516488 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433523.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00892704 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00877856 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00863064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00846168 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00353504 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00305600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00033736 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2014-03-04 15:35 - 2013-10-08 23:29 - 02715264 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2014-03-04 15:35 - 2013-02-20 06:33 - 14709720 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2014-03-04 15:35 - 2013-02-20 06:33 - 00832936 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 03093280 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00947808 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00174296 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00148016 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00024544 _____ () C:\windows\system32\nvinfo.pb
2014-03-04 14:06 - 2013-01-28 18:30 - 06714312 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2014-03-04 14:06 - 2013-01-28 18:30 - 03497816 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 03649185 _____ () C:\windows\system32\nvcoproc.bin
2014-03-04 14:05 - 2013-01-28 18:30 - 02558808 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 01075032 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 00922968 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2014-03-04 14:05 - 2013-01-28 18:30 - 00386336 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 00067072 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 00064968 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2014-03-03 09:17 - 2014-02-22 22:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Koesim
2014-03-02 23:55 - 2013-10-12 16:58 - 00000000 ____D () C:\Users\P\AppData\Roaming\vlc
2014-03-02 02:57 - 2014-03-02 02:57 - 00000767 _____ () C:\Users\P\Desktop\The Elder Scrolls Online Beta.lnk
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\Documents\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\AppData\Roaming\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Program Files\Rainmeter
2014-03-01 15:02 - 2013-01-25 01:33 - 00000000 ___RD () C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-01 07:05 - 2014-03-12 12:47 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 12:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 12:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 12:47 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 12:47 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 12:47 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 12:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 12:47 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 12:47 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 12:47 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 12:47 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 12:47 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 12:47 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 12:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 12:47 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 12:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 12:47 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 12:47 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 12:47 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 12:47 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 12:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 12:47 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 12:47 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 12:47 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 12:47 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 12:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 12:47 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 12:47 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 12:47 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 12:47 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 12:47 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 12:47 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 12:47 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 12:47 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 12:47 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 12:47 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 12:47 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 12:47 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 12:47 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 12:47 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 23:33 - 2014-01-09 00:13 - 00000000 ____D () C:\Users\P\Downloads\The.Wolf.of.Wall.Street.2013.DVDScr.x264-HaM
2014-02-27 11:50 - 2014-02-27 11:50 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-24 19:53 - 2013-10-26 19:42 - 00000000 ____D () C:\Users\P\AppData\Roaming\TS3Client
2014-02-22 23:51 - 2014-02-22 23:46 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA
2014-02-22 23:50 - 2014-02-22 23:50 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA Corporation
2014-02-22 23:50 - 2013-01-28 18:30 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-22 23:46 - 2014-02-22 23:46 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-22 23:46 - 2011-07-19 01:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-22 23:46 - 2011-07-19 01:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-22 23:12 - 2013-01-25 01:27 - 00126048 _____ () C:\Users\P\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-22 21:49 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\P\AppData\Roaming\Tunngle
2014-02-22 21:45 - 2014-02-22 21:45 - 00000000 _____ () C:\windows\SysWOW64\Access.dat
2014-02-22 21:45 - 2014-02-22 21:43 - 00000000 ____D () C:\ProgramData\Tunngle
2014-02-22 21:44 - 2014-02-22 21:43 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00001001 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\P\Documents\Tunngle
2014-02-22 18:18 - 2013-11-18 14:20 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-02-19 03:41 - 2014-02-11 04:31 - 00000000 ____D () C:\Users\P\AppData\Roaming\ScummVM
2014-02-19 03:41 - 2013-01-27 06:23 - 00000000 ____D () C:\Program Files (x86)\3DO
2014-02-18 04:31 - 2009-07-14 06:08 - 00032636 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-16 03:20 - 2013-01-27 11:00 - 00000000 ____D () C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-16 03:13 - 2014-02-16 02:08 - 00000000 ____D () C:\Users\P\Downloads\Simpsons Hit and Run

Some content of TEMP:
====================
C:\Users\P\AppData\Local\Temp\3s9bib9b.dll
C:\Users\P\AppData\Local\Temp\AdobeAIRInstaller.exe
C:\Users\P\AppData\Local\Temp\AutoRun.exe
C:\Users\P\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\P\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\P\AppData\Local\Temp\drm_dialogs.dll
C:\Users\P\AppData\Local\Temp\EAInstall.dll
C:\Users\P\AppData\Local\Temp\ICReinstall_FreeFileViewerSetup.exe
C:\Users\P\AppData\Local\Temp\InstHelper.exe
C:\Users\P\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\P\AppData\Local\Temp\libcurl-4.dll
C:\Users\P\AppData\Local\Temp\OfficeSetup.exe
C:\Users\P\AppData\Local\Temp\pthreadGC2.dll
C:\Users\P\AppData\Local\Temp\SIntf16.dll
C:\Users\P\AppData\Local\Temp\SIntf32.dll
C:\Users\P\AppData\Local\Temp\SIntfNT.dll
C:\Users\P\AppData\Local\Temp\SkypeSetup.exe
C:\Users\P\AppData\Local\Temp\SRLDetectionLibrary425576824631249345.dll
C:\Users\P\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\P\AppData\Local\Temp\wbms1uzw.dll
C:\Users\P\AppData\Local\Temp\xmlUpdater.exe
C:\Users\P\AppData\Local\Temp\zlib1.dll
C:\Users\P\AppData\Local\Temp\_is3774.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 16:16

==================== End Of Log ============================

And this is from Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by P at 2014-03-17 14:32:11
Running from C:\Users\P\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1105.1601 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.7.3.28706 - BitTorrent Inc.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1103.1801 - Micro-Star International Co., Ltd.)
Cinema ProII Setup (HKLM-x32\...\{C13926BE-159B-4494-BEEC-AB6E207F70AD}) (Version: 1.0.0.10 - Micro-Star International Co., Ltd.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Daum PotPlayer 1.5.40688 x64 Edition (HKLM\...\PotPlayer64) (Version: - )
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.6.1 - Bloodshed Software)
DLL Player 0.1 (HKLM-x32\...\DLL Player) (Version: 0.1 - )
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
EasyFace2 (HKLM-x32\...\{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}) (Version: 2.0.0.25 - Micro-Star International CO.,Ltd.)
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
EasyViewer (x32 Version: 1.3.0.9 - MSI) Hidden
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.8.3.0 - Sentelic)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version: - Sports Interactive)
Football Manager 2013 Editor (HKLM-x32\...\Steam App 220600) (Version: - Sports Interactive)
Football Manager 2014 (HKLM-x32\...\Rm9vdGJhbGxNYW5hZ2VyMjAxNA==_is1) (Version: 1 - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Might and Magic® III The Shadow of Death(TM) (HKLM-x32\...\Heroes III The Shadow of Death) (Version: - )
i-Charger (HKLM-x32\...\i-Charger_is1) (Version: - msi, Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Medal of Honor Pacific Assault (HKLM-x32\...\Medal of Honor Pacific Assault_is1) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Standard 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSI HOUSE (HKLM-x32\...\{DA5597C9-9216-44FF-9670-D1E48817B998}) (Version: 10.07.1601 - MSI)
MSI Software Install (HKLM-x32\...\{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}) (Version: 4.0.1105.1701 - Micro-Star International Co., Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6324 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 - )
Secure Download Manager (HKLM-x32\...\{704B1EDC-F99C-43C1-894A-75C7CE0BC372}) (Version: 3.1.30 - Kivuto Solutions Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.20 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stone Giant 1.0 (HKLM-x32\...\{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1) (Version: - BitSquid & Fatshark)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
Time Adjuster STANDARD 3.1 (HKCU\...\TimeAdjuster) (Version: - IrekSoftware.com)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2012 Gaijin Entertainment Corporation)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

08-03-2014 12:04:14 Installed QuickTime
11-03-2014 08:55:08 Windows Update
13-03-2014 01:11:27 Windows Update
14-03-2014 14:34:23 Removed WOT Statistics
14-03-2014 14:35:27 Removed GTA San Andreas
14-03-2014 23:34:34 Installed DirectX
16-03-2014 13:49:46 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08CC798B-FE58-4CB7-BFA9-F6F7E238B82E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {350B7A9E-1B36-41BE-97B2-57F2F166373E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-15] (Microsoft Corporation)
Task: {74506223-4C5B-472F-B6A4-352A0C1986A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {79A5F73C-1337-487A-A9D4-C4BDC7E7F0F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: {96AA90BB-4CB6-438F-AE75-793C87681E50} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E97B94EE-7A8D-4E0D-AB05-C6849FAC0185} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-01-28 18:29 - 2014-03-04 15:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-01-28 18:30 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-15 10:13 - 2014-03-15 10:13 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2005-06-07 19:26 - 2005-06-07 19:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR 3.61 Multi\rarext64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-03-15 10:10 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-23 13:49 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-18 22:07 - 2011-04-15 03:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-25 02:06 - 2011-03-11 12:47 - 00044032 _____ () C:\Program Files\FSP\KbdHook.dll
2013-01-25 02:06 - 2011-03-11 12:47 - 00071168 _____ () C:\Program Files\FSP\FspLib.dll
2013-01-28 18:29 - 2014-03-04 15:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-07-19 01:24 - 2010-05-04 18:59 - 00182272 _____ () C:\windows\SysWOW64\APOMngr.DLL
2014-02-13 14:48 - 2014-02-13 14:48 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b8df91c398333d759c95234d066e2f14\IsdiInterop.ni.dll
2011-07-19 01:12 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-16 14:46 - 2014-03-16 14:46 - 01887774 _____ () C:\Users\P\AppData\Local\Temp\libcurl-4.dll
2014-03-16 14:46 - 2014-03-16 14:46 - 00100864 _____ () C:\Users\P\AppData\Local\Temp\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Temp:0001D49C.dat
AlternateDataStreams: C:\Temp:00034CD7.dat
AlternateDataStreams: C:\Tempid1
AlternateDataStreams: C:\Tempid2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 00:54:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 00:23:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 00:05:24 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/17/2014 11:56:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/17/2014 00:47:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 07:08:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/16/2014 07:02:27 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (03/16/2014 02:53:21 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/16/2014 02:44:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2014 10:17:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/17/2014 00:56:23 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/17/2014 00:24:47 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/17/2014 11:58:23 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/17/2014 00:48:54 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/16/2014 07:10:31 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/16/2014 02:46:27 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/16/2014 01:18:31 AM) (Source: Service Control Manager) (User: )
Description: The Windows Time service terminated with the following error: 
%%1115

Error: (03/15/2014 09:58:44 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/14/2014 11:20:06 AM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Error: (03/13/2014 06:43:26 PM) (Source: Service Control Manager) (User: )
Description: The ESET Service service hung on starting.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 4003.4 MB
Available physical RAM: 1609.06 MB
Total Pagefile: 8004.98 MB
Available Pagefile: 5264.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:270.02 GB) (Free:25.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:180.01 GB) (Free:146.41 GB) NTFS
Drive f: (SKYRIM_EN) (CDROM) (Total:5.12 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FC3199EB)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

There is a very unusual entry in the FRST log, a Google search only lists this thread that relates to it.

We will take it out and see if that helps. There are also some errors relating to Eset Anti Virus so we can look at that later, did you disable the Eset Firewall?

Let me know if anything has changed after completing the instructions below.

Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.
=============================

When done, post the report and run this:

NOTE: This will empty your recycle bin, if you have anything you need in there please save it before you run this scan.
Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name *TFC - Temp File Cleaner by Old Timer*.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select *Run as Administrator*.
When the window opens click on* Start*. It will close all running programs and clear the desktop icons.
When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.


----------



## pera93bgd (Mar 17, 2014)

Fixlog results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by P at 2014-03-17 17:53:36 Run:1
Running from C:\Users\P\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
*****************

HKU\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => Value not found.

==== End of Fixlog ====


----------



## pera93bgd (Mar 17, 2014)

I just finished TFC scan. He cleaned almost 4GB of files and I didn't have to reboot.
Looks like problem is fixed, CPU usage is 1-10% now but physical memory usage is 2.15 GB while running Chrome only. Don't know if that is normal?

EDIT. I rebooted now just in case and now it's all the same again, explorer.exe is using ~50% of CPU and memory usage is 2-3GB...


----------



## Mark1956 (May 7, 2011)

The registry entry we tried to remove was not recognized, unfortunately there is a minor formatting issue on this site which could have put spaces into the line of A's, one space in the wrong place and it won't match the key in the log.

It does seem that something improved when you removed the temp files, we shall try another scan and see what it finds. Please follow these instructions.

You must save Combofix to your desktop, FRST would have been better put there, but with Combofix it is much more important.

Please download *ComboFix*







from one of the locations below and *save it to your Desktop. <-Important!!!*


Download Mirror #1
Download Mirror #2

Be sure to print out and follow these instructions: *A guide and tutorial on using ComboFix*

*Vista*/*Windows 7* users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. *XP* users need to install the Recovery Console first, just follow the prompts when you run it.


Temporarily *disable* your *anti-virus*, script blocking and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_. Click this link to see a list of such programs and how to disable them.
If ComboFix detects an older version of itself, you will be asked to update the program.
ComboFix will begin by showing a Disclaimer. Read it and click *I Agree* if you want to continue.
Follow the prompts and click on *Yes* to continue scanning for malware.
If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the *Continue* button.
When finished, please copy and paste the contents of C:\*ComboFix.txt* (_which will open after reboot_) in your next reply.
Be sure to *re-enable* your anti-virus and other security programs.

_-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security._

If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "_How to Guide_" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

*NOTE:* if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.



> *Do NOT use ComboFix* unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *ComboFix's Disclaimer*.


If you are are using a *CD Emulator* (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with _*rootkit-like techniques*_ to hide from other applications. When dealing with a malware infection, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results and false detections. This often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by CM Emulators. Since this is the case, please *follow these* instructions to disable CD Emulators until disinfection is completed so our tools may run unhindered. For a complete uninstall, follow the steps on DuplexSecure's FAQ page for uninstalling the SPTD driver which these emulators use. They can be re-installed after your machine has been cleaned.


----------



## pera93bgd (Mar 17, 2014)

Sorry for taking this long, here is ComboFix log, I did everything as you said. It took more than 3 hours to finish but here it is:

ComboFix 14-03-16.01 - P 18.03.2014 19:11:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.387.1033.18.4003.1855 [GMT 1:00]
Running from: c:\users\P\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Eidos Interactive\IO Interactive\Hitman - Codename 47\RegSetup.exe
c:\programdata\Roaming
c:\users\P\AppData\Roaming\app
c:\users\P\AppData\Roaming\app\Jerakine_lang.dat
c:\users\P\AppData\Roaming\app\Jerakine_lang_vesrion.dat
.
.
((((((((((((((((((((((((( Files Created from 2014-02-18 to 2014-03-18 )))))))))))))))))))))))))))))))
.
.
2014-03-18 20:25 . 2014-03-18 20:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-18 15:20 . 2014-03-18 15:20	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BF31F07-0137-4613-930B-61075FA97753}\offreg.dll
2014-03-18 09:08 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BF31F07-0137-4613-930B-61075FA97753}\mpengine.dll
2014-03-17 17:37 . 2014-03-17 17:37	--------	d-----w-	c:\program files\ESET
2014-03-17 13:31 . 2014-03-17 16:53	--------	d-----w-	C:\FRST
2014-03-16 13:46 . 2014-03-18 18:10	--------	d---a-w-	C:\Temp
2014-03-15 08:59 . 2014-03-15 08:59	--------	d-----w-	c:\users\P\AppData\Local\Skype
2014-03-15 08:59 . 2014-03-15 08:59	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-03-14 23:40 . 2014-03-14 23:40	--------	d-----w-	c:\users\P\AppData\Local\Skyrim
2014-03-14 23:29 . 2014-03-14 23:39	--------	d-----w-	c:\program files (x86)\The Elder Scrolls V Skyrim
2014-03-14 14:40 . 2014-03-14 14:40	--------	d-----w-	c:\users\P\AppData\Roaming\Dofus-2
2014-03-12 11:44 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-12 11:44 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-12 11:44 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 11:44 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-11 09:02 . 2014-03-11 09:02	--------	d-----w-	c:\windows\SysWow64\NV
2014-03-11 09:02 . 2014-03-11 09:02	--------	d-----w-	c:\windows\system32\NV
2014-03-09 11:05 . 2014-03-09 11:05	--------	d-----w-	c:\users\P\AppData\Roaming\Apple Computer
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-08 12:04 . 2014-03-08 12:05	--------	d-----w-	c:\program files (x86)\QuickTime
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\programdata\Apple Computer
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\users\P\AppData\Local\Apple
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\programdata\Apple
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\program files (x86)\Apple Software Update
2014-03-04 20:49 . 2014-03-04 20:49	--------	d-----w-	c:\users\P\AppData\Roaming\Dev-Cpp
2014-03-04 20:48 . 2014-03-04 20:48	--------	d-----w-	c:\program files (x86)\Dev-Cpp
2014-03-01 14:02 . 2014-03-01 14:02	--------	d-----w-	c:\users\P\AppData\Roaming\Rainmeter
2014-03-01 14:02 . 2014-03-01 14:02	--------	d-----w-	c:\program files\Rainmeter
2014-02-27 10:50 . 2014-02-27 10:50	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-02-22 22:50 . 2014-02-22 22:50	--------	d-----w-	c:\users\P\AppData\Local\NVIDIA Corporation
2014-02-22 22:46 . 2014-02-22 22:51	--------	d-----w-	c:\users\P\AppData\Local\NVIDIA
2014-02-22 22:46 . 2014-02-05 09:31	1048152	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-02-22 22:46 . 2014-02-05 09:30	1179576	----a-w-	c:\windows\system32\nvspcap64.dll
2014-02-22 22:46 . 2014-02-22 22:46	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2014-02-22 22:42 . 2013-12-27 18:42	39200	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-02-22 22:42 . 2013-12-27 18:42	35104	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-02-22 22:42 . 2013-12-27 18:42	33056	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-02-22 22:42 . 2014-02-08 18:34	1885472	----a-w-	c:\windows\system32\nvdispco6433489.dll
2014-02-22 22:42 . 2014-02-08 18:34	1515296	----a-w-	c:\windows\system32\nvdispgenco6433489.dll
2014-02-22 21:05 . 2014-03-05 22:39	--------	d-----w-	c:\users\P\AppData\Roaming\Upok
2014-02-22 21:05 . 2014-03-03 08:17	--------	d-----w-	c:\users\P\AppData\Roaming\Koesim
2014-02-22 20:43 . 2014-02-22 20:49	--------	d-----w-	c:\users\P\AppData\Roaming\Tunngle
2014-02-22 20:43 . 2014-02-22 20:45	--------	d-----w-	c:\programdata\Tunngle
2014-02-22 20:43 . 2009-09-16 06:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2014-02-22 20:43 . 2014-02-22 20:44	--------	d-----w-	c:\program files (x86)\Tunngle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-15 09:12 . 2013-11-23 12:56	578256	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-03-04 14:35 . 2013-10-08 22:29	2715264	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2013-02-20 05:33	832936	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2013-02-20 05:33	14709720	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2013-01-28 17:29	947808	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2013-01-28 17:29	3093280	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2013-01-28 17:29	174296	----a-w-	c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2013-01-28 17:29	148016	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-03-04 13:06 . 2013-01-28 17:30	6714312	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-01-28 17:30	3497816	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2013-01-28 17:30	922968	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-01-28 17:30	64968	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-01-28 17:30	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2013-01-28 17:30	67072	----a-w-	c:\windows\system32\nv3dappshextr.dll
2014-03-04 13:05 . 2013-01-28 17:30	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2013-01-28 17:30	1075032	----a-w-	c:\windows\system32\nv3dappshext.dll
2014-03-04 13:05 . 2013-01-28 17:30	3649185	----a-w-	c:\windows\system32\nvcoproc.bin
2014-01-06 15:20 . 2013-01-29 02:00	86054176	----a-w-	c:\windows\system32\MRT.exe
2013-12-24 23:09 . 2014-02-12 11:50	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 11:50	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-13 02:01	548864	----a-w-	c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-13 02:01	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-23 13:04	222832	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-23 13:04	222832	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-23 13:04	222832	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1" [X]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2012-12-03 5504416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 09:38	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 01:37]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 01:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-23 13:04	261744	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-23 13:04	261744	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-23 13:04	261744	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-15 09:14	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-15 09:14	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-15 09:14	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=10&cc=
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: Interfaces\{1AAFB922-CEDE-44D9-8930-3ED45AC1434A}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
AddRemove-Heroes of Might and Magic® III - c:\program files (x86)\GOG.com\Heroes of Might and Magic 3 Complete\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,9b,13,14,87,61,02,49,83,91,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,9b,13,14,87,61,02,49,83,91,23,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-18 22:23:15
ComboFix-quarantined-files.txt 2014-03-18 21:22
.
Pre-Run: 32.256.315.392 bytes free
Post-Run: 31.394.406.400 bytes free
.
- - End Of File - - A2CAD277A238432B71C98FAF98928C38


----------



## Mark1956 (May 7, 2011)

We will have another go at taking out that strange registry key.

We are now going to run ComboFix a different way.

Open Notepad by clicking on







and in the *Search* box type: *Notepad.exe* and hit *Enter*.
Copy and paste everything in the *code box* below into it.
_-- Note: Make sure Word Wrap is *unchecked* in Notepad by clicking on *Format* in the top menu._


```
KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"=-
ClearJavaCache::

Reboot::
```

Save the file as *CFScript.txt* by choosing _Save As..._ in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
Close your browser and* disconnect* from the Internet. Disable your Anti Virus.
Now use your mouse to *drag*, then *drop* the CFScript.txt file on top of ComboFix.exe as seen in the image below.









This will start ComboFix again and launch the script.
ComboFix may reboot your system when it finishes. This is normal.
A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of *ComboFix.txt* in your next reply.
Be sure to *re-enable* your anti-virus and other security programs *after* the scan is complete.
NOTE: if you see a message like this when you attempt to open anything after the reboot *"Illegal Operation attempted on a registry key that has been marked for deletion"* please reboot the system again and the warning should not return.


----------



## pera93bgd (Mar 17, 2014)

Here is the log as requested:

ComboFix 14-03-16.01 - P 19.03.2014 14:09:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.387.1033.18.4003.2588 [GMT 1:00]
Running from: c:\users\P\Desktop\ComboFix.exe
Command switches used :: c:\users\P\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-19 to 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-19 13:25 . 2014-03-19 13:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-03-18 09:08 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BF31F07-0137-4613-930B-61075FA97753}\mpengine.dll
2014-03-17 17:37 . 2014-03-17 17:37	--------	d-----w-	c:\program files\ESET
2014-03-17 13:31 . 2014-03-17 16:53	--------	d-----w-	C:\FRST
2014-03-16 13:46 . 2014-03-18 18:10	--------	d---a-w-	C:\Temp
2014-03-15 08:59 . 2014-03-15 08:59	--------	d-----w-	c:\users\P\AppData\Local\Skype
2014-03-15 08:59 . 2014-03-15 08:59	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-03-14 23:40 . 2014-03-14 23:40	--------	d-----w-	c:\users\P\AppData\Local\Skyrim
2014-03-14 23:29 . 2014-03-14 23:39	--------	d-----w-	c:\program files (x86)\The Elder Scrolls V Skyrim
2014-03-14 14:40 . 2014-03-14 14:40	--------	d-----w-	c:\users\P\AppData\Roaming\Dofus-2
2014-03-12 11:44 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-12 11:44 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-12 11:44 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 11:44 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-11 09:02 . 2014-03-11 09:02	--------	d-----w-	c:\windows\SysWow64\NV
2014-03-11 09:02 . 2014-03-11 09:02	--------	d-----w-	c:\windows\system32\NV
2014-03-09 11:05 . 2014-03-09 11:05	--------	d-----w-	c:\users\P\AppData\Roaming\Apple Computer
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-08 12:05 . 2014-03-08 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-03-08 12:04 . 2014-03-08 12:05	--------	d-----w-	c:\program files (x86)\QuickTime
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\programdata\Apple Computer
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\users\P\AppData\Local\Apple
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\programdata\Apple
2014-03-08 12:04 . 2014-03-08 12:04	--------	d-----w-	c:\program files (x86)\Apple Software Update
2014-03-04 20:49 . 2014-03-04 20:49	--------	d-----w-	c:\users\P\AppData\Roaming\Dev-Cpp
2014-03-04 20:48 . 2014-03-04 20:48	--------	d-----w-	c:\program files (x86)\Dev-Cpp
2014-03-01 14:02 . 2014-03-01 14:02	--------	d-----w-	c:\users\P\AppData\Roaming\Rainmeter
2014-03-01 14:02 . 2014-03-01 14:02	--------	d-----w-	c:\program files\Rainmeter
2014-02-27 10:50 . 2014-02-27 10:50	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-02-22 22:50 . 2014-02-22 22:50	--------	d-----w-	c:\users\P\AppData\Local\NVIDIA Corporation
2014-02-22 22:46 . 2014-02-22 22:51	--------	d-----w-	c:\users\P\AppData\Local\NVIDIA
2014-02-22 22:46 . 2014-02-05 09:31	1048152	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-02-22 22:46 . 2014-02-05 09:30	1179576	----a-w-	c:\windows\system32\nvspcap64.dll
2014-02-22 22:46 . 2014-02-22 22:46	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
2014-02-22 22:42 . 2013-12-27 18:42	39200	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-02-22 22:42 . 2013-12-27 18:42	35104	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-02-22 22:42 . 2013-12-27 18:42	33056	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-02-22 22:42 . 2014-02-08 18:34	1885472	----a-w-	c:\windows\system32\nvdispco6433489.dll
2014-02-22 22:42 . 2014-02-08 18:34	1515296	----a-w-	c:\windows\system32\nvdispgenco6433489.dll
2014-02-22 21:05 . 2014-03-05 22:39	--------	d-----w-	c:\users\P\AppData\Roaming\Upok
2014-02-22 21:05 . 2014-03-03 08:17	--------	d-----w-	c:\users\P\AppData\Roaming\Koesim
2014-02-22 20:43 . 2014-02-22 20:49	--------	d-----w-	c:\users\P\AppData\Roaming\Tunngle
2014-02-22 20:43 . 2014-02-22 20:45 --------	d-----w-	c:\programdata\Tunngle
2014-02-22 20:43 . 2009-09-16 06:02	31232	----a-w-	c:\windows\system32\drivers\tap0901t.sys
2014-02-22 20:43 . 2014-02-22 20:44	--------	d-----w-	c:\program files (x86)\Tunngle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-15 09:12 . 2013-11-23 12:56	578256	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-03-04 14:35 . 2013-10-08 22:29	2715264	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2013-02-20 05:33	832936	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2013-02-20 05:33	14709720	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2013-01-28 17:29	947808	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2013-01-28 17:29	3093280	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2013-01-28 17:29	174296	----a-w-	c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2013-01-28 17:29	148016	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-03-04 13:06 . 2013-01-28 17:30	6714312	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2013-01-28 17:30	3497816	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2013-01-28 17:30	922968	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2013-01-28 17:30	64968	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2013-01-28 17:30	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2013-01-28 17:30	67072	----a-w-	c:\windows\system32\nv3dappshextr.dll
2014-03-04 13:05 . 2013-01-28 17:30	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2013-01-28 17:30	1075032	----a-w-	c:\windows\system32\nv3dappshext.dll
2014-03-04 13:05 . 2013-01-28 17:30	3649185	----a-w-	c:\windows\system32\nvcoproc.bin
2014-01-06 15:20 . 2013-01-29 02:00	86054176	----a-w-	c:\windows\system32\MRT.exe
2013-12-24 23:09 . 2014-02-12 11:50	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 11:50	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-13 02:01	548864	----a-w-	c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-13 02:01	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-23 13:04	222832	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-23 13:04	222832	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-23 13:04	222832	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1" [X]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2012-12-03 5504416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 09:38	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 01:37]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 01:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-23 13:04	261744	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-23 13:04	261744	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-23 13:04	261744	----a-w-	c:\users\P\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-15 09:14	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-15 09:14	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-15 09:14	2333400	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"fspuip"="c:\program files (x86)\FSP\fspuip.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.softonic.com/INF00176/tb_v1?SearchSource=10&cc=
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 89.216.1.30 89.216.1.50
TCP: Interfaces\{1AAFB922-CEDE-44D9-8930-3ED45AC1434A}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Heroes of Might and Magic® III - c:\program files (x86)\GOG.com\Heroes of Might and Magic 3 Complete\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,9b,13,14,87,61,02,49,83,91,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,9b,13,14,87,61,02,49,83,91,23,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-03-19 15:07:16 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-19 14:06
ComboFix2.txt 2014-03-18 21:24
.
Pre-Run: 31.223.062.528 bytes free
Post-Run: 46.869.975.040 bytes free
.
- - End Of File - - D26C1DAF591A191DE576C05CC3C9D4E8


----------



## Mark1956 (May 7, 2011)

Still no go with that odd registry key, it may not even relate to your problems but we need to get rid of it so we know for sure it isn't the cause.

Please follow this with extreme care.

As a precaution first follow the instruction in Option 2 in this link: Create a System Restore Point in Windows 7

Click on Start, type *regedit* into the search box, as the menu pops up right click on *regedit* at the top of the list and select *Run as Administrator*, accept the User Account Control prompt.
The *Registry Editor* window should open.
In the left pane click on the small tab next to *HKEY_CURRENT_USER*
Scroll down and click on the tab next to *SOFTWARE*
Scroll down and click on the tab next to *Microsoft*
Scroll down and click on the tab next to *Windows*
Scroll down and click on the tab next to *CurrentVersion*

Then scroll down and click on the word *Run*

In the right hand pane click on the entry with all the A's and select Delete.

If for any reason you do not see the entry with a long line of A's please take a screen shot with the window open to full screen and post it back here, then shut the Registry Editor window.

How to take a screen shot in Vista/Windows 7

*How to attach a screenshot.*
Below the *Message Box* click on *Go Advanced*. Then scroll down until you see a button, *Manage Attachments*. Click on it and a new window opens.
• Click on the *Browse* button, find the screenshot/folder you made earlier and doubleclick on it.
• Now click on the *Upload* button. When done, click on the *Close this window* button at the top of the page.
• Enter your message-text in the message box, then click on *Submit Message/Reply.*


----------



## pera93bgd (Mar 17, 2014)

This is all I see when i go to HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Run

http://www.dodaj.rs/f/43/Zp/3c5VddNl/8987.png


----------



## Mark1956 (May 7, 2011)

Well done with that, but no sign of that odd key, I can only guess it is a misreading by Combofix, although FRST also displayed it. Perhaps we are looking in the wrong place for the problem and should move on to some other scans to find the problem.

Leave Combofix just where it is for now as it requires specific instructions to uninstall it and doing so will delete all your restore points which is best left until we have found and fixed the problem.

Please run these scans in the order listed:

*SCAN 1*
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

*NOTE:* If using Internet Explorer and you get an alert that stops the program downloading click on *Tools > Smartscreen Filter > Turn off Smartscreen Filter* then click on *OK* in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop: 

You will then see the screen below, click on the *Scan* button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the *Clean* button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.



*SCAN 2*
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page, scroll down until you see these two icons:  Select the 32bit (on the left) or the 64bit button to match the bit rate of your version of Windows.


Quit all running programs. 
Start RogueKiller.exe by double clicking on the icon. 
Wait until Prescan has finished. 
Ensure all boxes are ticked under "Report" tab. 
Click on Scan. 
Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
NOTE: *DO NOT attempt to remove anything that the scan detects.*










*SCAN 3*
Please download RKill 
There are three buttons to choose from with different names on, select the first one and save it to your desktop.


Double-click on the *Rkill* desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and select *Run As Administrator*.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at *C:\rkill.log*. *Please Copy & Paste the entire log in your next reply.*
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

*SCAN 4*
*DO NOT* reboot, download Malwarebytes from here if you do not already have it: Malwarebytes. Install the program, run it and let it update. If you already have Malwarebytes launch the program.


Select *Perform full scan* and click on the *Scan* button. When the scan completes click on *Show Results*. 
If the scan does not find any infections the log will appear as soon as it completes, please Copy & Paste it into your next reply.
If items are detected it will stay on the Scanner window and you will see *Objects detected: 1* (the number may be higher). 
Click on *Show Results* and put a check mark next to all the items displayed in the list by clicking on each one in turn *<--- very important*, then click on *Remove Selected*.
The log will appear, Copy & Paste it into your next post. 
Click on OK and close the window.


----------



## pera93bgd (Mar 17, 2014)

AdwCleaner:

# AdwCleaner v3.022 - Report created 21/03/2014 at 16:12:58
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : P - P-MSI
# Running from : C:\Users\P\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\P\APPData\Local\Conduit
Folder Deleted : C:\Users\P\APPData\Local\FileTypeAssistant
Folder Deleted : C:\Users\P\APPData\LocalLow\Conduit
Folder Deleted : C:\Users\P\APPData\LocalLow\Softonic
Folder Deleted : C:\Users\P\APPData\Roaming\OpenCandy

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [3156 octets] - [21/03/2014 15:33:44]
AdwCleaner[S0].txt - [3004 octets] - [21/03/2014 16:12:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3064 octets] ##########

RKreport:

RogueKiller V8.8.12 _x64_ [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : P [Admin rights]
Mode : Scan -- Date : 03/21/2014 16:24:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BPKT-00PK4T0 +++++
--- User ---
[MBR] 676dc1c4d647c5c1afe8a2b6bca5762b
[BSP] c9a3f14bd1e56ca5981311d6d0f62521 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16007 MB
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 32784384 | Size: 100 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32989184 | Size: 276499 MB
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599259136 | Size: 184332 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03212014_162402.txt >>

Rkill:

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/21/2014 04:27:15 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 03/21/2014 04:28:37 PM
Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)

MBAM:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
P :: P-MSI [administrator]

Protection: Enabled

21.3.2014 16:35:35
mbam-log-2014-03-21 (16-35-35).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415228
Time elapsed: 51 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2014\rld.dll (VirTool.Obfuscator) -> Quarantined and deleted successfully.
C:\Users\P\AppData\Local\Google\Chrome\Backup\File System\004\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.

(end)


----------



## Mark1956 (May 7, 2011)

Those scans just found a few items of Adware, which I doubt has made any difference to the issue.

Please now run these two scans:

*System File Checker*


Click on *Start* and type *cmd* in the search box. Right click on *cmd* in the popup menu and select *Run as Administrator*.
Another box will open, at the Command Prompt, type *sfc /scannow* and press Enter. (Note the gap between the c and the /)
Let the check run to completion. *DO NOT* reboot the PC or close the *cmd* window.
Copy & Paste the following command at the Command Prompt and press Enter:

* findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*


This will place a file on your desktop called *sfcdetails.txt* which contains the results of the scan.
Copy and Paste the contents of the file into your next post.

*Disk Check*


Click on *Start* then type *cmd* in the search box. A menu will pop up with *cmd* at the top, *right click* on it and select *Run as Administrator*. Another box will open, at the prompt type *chkdsk /r* and hit *Enter*._ *Note:* you must include a space between the *k* and the */*_
You will then see the following message:
*chkdsk* cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?* (Y/N)*
Type *Y* for yes, and hit *Enter*. Then reboot the computer.
*chkdsk* will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (_The *chkdsk* process may take an hour or more to finish, if it appears to freeze this is normal so *do not* interrupt it. On drives above 500GB it can take several hours._)
When the Disk Check is done, it will finish loading Windows.

When back at the desktop, follow this to find the log.


Press the *Windows + R* keys to open the *Run* box, type *eventvwr.msc*, and hit the Enter key on your keyboard.
If prompted by the *User Account Control*, click on *Yes* (Windows 7/8) or *Continue* (Vista).
In the left pane of *Event Viewer*, double click on *Windows Logs* to expand it, then left click once on *Application* then right click on *Application* and select *Find*.
Type *wininit* into the *Find *box and click on *Find Next*.
When the search completes you should see the log displayed in the central pane, close the *Find* window.
In the right hand pane click on *Copy* and select *Copy details as text*.
Come back to this thread and right click in the message box and select *Paste*, the log should appear.
Add any other information asked for and submit the post.


----------



## pera93bgd (Mar 17, 2014)

Here is the system file checker:

2014-03-22 00:00:31, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:31, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:33, Info CSI 0000000c [SR] Verify complete
2014-03-22 00:00:33, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:33, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:35, Info CSI 00000010 [SR] Verify complete
2014-03-22 00:00:35, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:35, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:37, Info CSI 00000014 [SR] Verify complete
2014-03-22 00:00:37, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:37, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:39, Info CSI 00000018 [SR] Verify complete
2014-03-22 00:00:39, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:39, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:41, Info CSI 0000001c [SR] Verify complete
2014-03-22 00:00:42, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:42, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:44, Info CSI 00000020 [SR] Verify complete
2014-03-22 00:00:45, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:45, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:47, Info  CSI 00000024 [SR] Verify complete
2014-03-22 00:00:48, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:48, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:51, Info CSI 00000028 [SR] Verify complete
2014-03-22 00:00:51, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:51, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:54, Info CSI 0000002c [SR] Verify complete
2014-03-22 00:00:54, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:54, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-03-22 00:00:57, Info CSI 00000030 [SR] Verify complete
2014-03-22 00:00:57, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:00:57, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:00, Info CSI 00000034 [SR] Verify complete
2014-03-22 00:01:00, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:00, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:02, Info CSI 00000038 [SR] Verify complete
2014-03-22 00:01:03, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:03, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:05, Info CSI 0000003c [SR] Verify complete
2014-03-22 00:01:05, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:05, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:11, Info CSI 00000041 [SR] Verify complete
2014-03-22 00:01:11, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:11, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:15, Info CSI 00000048 [SR] Verify complete
2014-03-22 00:01:16, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:16, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:19, Info CSI 0000004d [SR] Verify complete
2014-03-22 00:01:20, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:20, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:24, Info CSI 00000051 [SR] Verify complete
2014-03-22 00:01:24, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:24, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:30, Info CSI 00000073 [SR] Verify complete
2014-03-22 00:01:31, Info CSI 00000074 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:31, Info CSI 00000075 [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:35, Info CSI 0000007c [SR] Verify complete
2014-03-22 00:01:36, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:36, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:40, Info CSI 00000080 [SR] Verify complete
2014-03-22 00:01:41, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:41, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:45, Info CSI 00000084 [SR] Verify complete
2014-03-22 00:01:46, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:46, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:50, Info CSI 00000088 [SR] Verify complete
2014-03-22 00:01:50, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:50, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2014-03-22 00:01:55, Info CSI 0000008c [SR] Verify complete
2014-03-22 00:01:55, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:01:55, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:00, Info CSI 00000090 [SR] Verify complete
2014-03-22 00:02:00, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:00, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:09, Info CSI 000000b5 [SR] Verify complete
2014-03-22 00:02:09, Info CSI 000000b6 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:09, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:15, Info CSI 000000b9 [SR] Verify complete
2014-03-22 00:02:16, Info CSI 000000ba [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:16, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:26, Info CSI 000000bd [SR] Verify complete
2014-03-22 00:02:27, Info CSI 000000be [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:27, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:35, Info CSI 000000c3 [SR] Verify complete
2014-03-22 00:02:35, Info CSI 000000c4 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:35, Info CSI 000000c5 [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:37, Info CSI 000000c7 [SR] Verify complete
2014-03-22 00:02:38, Info CSI 000000c8 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:38, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:39, Info CSI 000000cb [SR] Verify complete
2014-03-22 00:02:39, Info CSI 000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:39, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:43, Info CSI 000000d1 [SR] Verify complete
2014-03-22 00:02:44, Info CSI 000000d2 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:44, Info CSI 000000d3 [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:49, Info CSI 000000e4 [SR] Verify complete
2014-03-22 00:02:50, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:50, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:52, Info CSI 000000e8 [SR] Verify complete
2014-03-22 00:02:52, Info  CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:52, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:56, Info CSI 000000ec [SR] Verify complete
2014-03-22 00:02:56, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:02:56, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2014-03-22 00:02:59, Info CSI 000000f0 [SR] Verify complete
2014-03-22 00:03:00, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:00, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:08, Info CSI 000000f5 [SR] Verify complete
2014-03-22 00:03:08, Info CSI 000000f6 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:08, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:14, Info CSI 000000fa [SR] Verify complete
2014-03-22 00:03:14, Info CSI 000000fb [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:14, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:17, Info CSI 000000fe [SR] Verify complete
2014-03-22 00:03:17, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:17, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:20, Info CSI 00000102 [SR] Verify complete
2014-03-22 00:03:20, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:20, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:26, Info CSI 00000106 [SR] Verify complete
2014-03-22 00:03:26, Info CSI 00000107 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:26, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:31, Info CSI 0000010a [SR] Verify complete
2014-03-22 00:03:32, Info CSI 0000010b [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:32, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:39, Info CSI 0000010e [SR] Verify complete
2014-03-22 00:03:39, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:39, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:46, Info CSI 00000128 [SR] Verify complete
2014-03-22 00:03:46, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:46, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2014-03-22 00:03:51, Info CSI 0000012c [SR] Verify complete
2014-03-22 00:03:51, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:03:51, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:04, Info CSI 00000130 [SR] Verify complete
2014-03-22 00:04:04, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:04, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:12, Info CSI 00000135 [SR] Verify complete
2014-03-22 00:04:13, Info CSI 00000136 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:13, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:20, Info CSI 00000139 [SR] Verify complete
2014-03-22 00:04:21, Info CSI 0000013a [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:21, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:26, Info CSI 0000013d [SR] Verify complete
2014-03-22 00:04:27, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:27, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:32, Info CSI 00000141 [SR] Verify complete
2014-03-22 00:04:32, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:32, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:37, Info CSI 00000147 [SR] Verify complete
2014-03-22 00:04:37, Info CSI 00000148 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:37, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:41, Info CSI 0000014b [SR] Verify complete
2014-03-22 00:04:42, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:42, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2014-03-22 00:04:56, Info CSI 0000014f [SR] Verify complete
2014-03-22 00:04:56, Info CSI 00000150 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:04:56, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:03, Info CSI 00000154 [SR] Verify complete
2014-03-22 00:05:03, Info CSI 00000155 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:03, Info CSI 00000156 [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:09, Info CSI 00000159 [SR] Verify complete
2014-03-22 00:05:09, Info CSI 0000015a [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:09, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:18, Info CSI 0000015d [SR] Verify complete
2014-03-22 00:05:19, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:19, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:26, Info CSI 00000162 [SR] Verify complete
2014-03-22 00:05:26, Info CSI 00000163 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:26, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:30, Info CSI 00000166 [SR] Verify complete
2014-03-22 00:05:31, Info CSI 00000167 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:31, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:36, Info CSI 0000016a [SR] Verify complete
2014-03-22 00:05:36, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:36, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:41, Info CSI 0000016f [SR] Verify complete
2014-03-22 00:05:41, Info CSI 00000170 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:41, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:47, Info CSI 00000173 [SR] Verify complete
2014-03-22 00:05:47, Info CSI 00000174 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:47, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:50, Info CSI 00000177 [SR] Verify complete
2014-03-22 00:05:50, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:50, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2014-03-22 00:05:55, Info CSI 0000017c [SR] Verify complete
2014-03-22 00:05:56, Info CSI 0000017d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:05:56, Info CSI 0000017e [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:01, Info CSI 00000180 [SR] Verify complete
2014-03-22 00:06:01, Info CSI 00000181 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:01, Info CSI 00000182 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:07, Info CSI 00000186 [SR] Verify complete
2014-03-22 00:06:07, Info CSI 00000187 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:07, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:12, Info CSI 0000018a [SR] Verify complete
2014-03-22 00:06:13, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:13, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:18, Info CSI 0000018f [SR] Verify complete
2014-03-22 00:06:19, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:19, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:23, Info CSI 00000193 [SR] Verify complete
2014-03-22 00:06:24, Info CSI 00000194 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:24, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:26, Info CSI 00000197 [SR] Verify complete
2014-03-22 00:06:26, Info CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:26, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:30, Info CSI 0000019b [SR] Verify complete
2014-03-22 00:06:31, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:31, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:34, Info CSI 0000019f [SR] Verify complete
2014-03-22 00:06:35, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:35, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:39, Info CSI 000001a3 [SR] Verify complete
2014-03-22 00:06:40, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:40, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:42, Info CSI 000001a7 [SR] Verify complete
2014-03-22 00:06:43, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:43, Info  CSI 000001a9 [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:47, Info CSI 000001ab [SR] Verify complete
2014-03-22 00:06:47, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:47, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2014-03-22 00:06:57, Info CSI 000001af [SR] Verify complete
2014-03-22 00:06:57, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:06:57, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:09, Info CSI 000001b3 [SR] Verify complete
2014-03-22 00:07:09, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:09, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:13, Info CSI 000001b7 [SR] Verify complete
2014-03-22 00:07:13, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:13, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:16, Info CSI 000001bb [SR] Verify complete
2014-03-22 00:07:16, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:16, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:19, Info CSI 000001bf [SR] Verify complete
2014-03-22 00:07:19, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:19, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:21, Info CSI 000001c3 [SR] Verify complete
2014-03-22 00:07:22, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:22, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:25, Info CSI 000001c7 [SR] Verify complete
2014-03-22 00:07:25, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:25, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:27, Info CSI 000001cb [SR] Verify complete
2014-03-22 00:07:27, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:27, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:28, Info CSI 000001cf [SR] Verify complete
2014-03-22 00:07:28, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:28, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:33, Info CSI 000001d9 [SR] Verify complete
2014-03-22 00:07:33, Info CSI 000001da [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:33, Info CSI 000001db [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:36, Info CSI 000001dd [SR] Verify complete
2014-03-22 00:07:36, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:36, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:39, Info CSI 000001e1 [SR] Verify complete
2014-03-22 00:07:39, Info CSI 000001e2 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:39, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:42, Info CSI 000001e5 [SR] Verify complete
2014-03-22 00:07:42, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:42, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:47, Info CSI 000001e9 [SR] Verify complete
2014-03-22 00:07:47, Info CSI 000001ea [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:47, Info CSI 000001eb [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:54, Info CSI 000001ee [SR] Verify complete
2014-03-22 00:07:54, Info CSI 000001ef [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:54, Info CSI 000001f0 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:56, Info CSI 000001f2 [SR] Verify complete
2014-03-22 00:07:57, Info CSI 000001f3 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:07:57, Info CSI 000001f4 [SR] Beginning Verify and Repair transaction
2014-03-22 00:07:59, Info CSI 000001f6 [SR] Verify complete
2014-03-22 00:08:00, Info CSI 000001f7 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:00, Info CSI 000001f8 [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:09, Info CSI 000001fd [SR] Verify complete
2014-03-22 00:08:09, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:09, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:17, Info CSI 00000202 [SR] Verify complete
2014-03-22 00:08:18, Info CSI 00000203 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:18, Info CSI 00000204 [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:23, Info CSI 00000208 [SR] Verify complete
2014-03-22 00:08:23, Info CSI 00000209 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:23, Info CSI 0000020a [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:29, Info CSI 00000215 [SR] Verify complete
2014-03-22 00:08:29, Info CSI 00000216 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:29, Info CSI 00000217 [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:36, Info CSI 0000021e [SR] Verify complete
2014-03-22 00:08:36, Info CSI 0000021f [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:36, Info CSI 00000220 [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:40, Info CSI 00000222 [SR] Verify complete
2014-03-22 00:08:40, Info CSI 00000223 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:40, Info CSI 00000224 [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:44, Info CSI 00000228 [SR] Verify complete
2014-03-22 00:08:45, Info CSI 00000229 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:45, Info CSI 0000022a [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:49, Info CSI 0000022c [SR] Verify complete
2014-03-22 00:08:49, Info CSI 0000022d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:49, Info CSI 0000022e [SR] Beginning Verify and Repair transaction
2014-03-22 00:08:55, Info CSI 00000253 [SR] Verify complete
2014-03-22 00:08:56, Info CSI 00000254 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:08:56, Info CSI 00000255 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:00, Info CSI 00000257 [SR] Verify complete
2014-03-22 00:09:00, Info CSI 00000258 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:00, Info CSI 00000259 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:03, Info CSI 0000025b [SR] Verify complete
2014-03-22 00:09:04, Info CSI 0000025c [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:04, Info CSI 0000025d [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:08, Info CSI 0000025f [SR] Verify complete
2014-03-22 00:09:08, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:08, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:12, Info CSI 0000026f [SR] Verify complete
2014-03-22 00:09:13, Info CSI 00000270 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:13, Info CSI 00000271 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:20, Info CSI 00000273 [SR] Verify complete
2014-03-22 00:09:20, Info CSI 00000274 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:20, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:26, Info CSI 00000283 [SR] Verify complete
2014-03-22 00:09:26, Info CSI 00000284 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:26, Info CSI 00000285 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:28, Info CSI 00000287 [SR] Verify complete
2014-03-22 00:09:29, Info CSI 00000288 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:29, Info CSI 00000289 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:32, Info CSI 0000028b [SR] Verify complete
2014-03-22 00:09:32, Info CSI 0000028c [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:32, Info CSI 0000028d [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:37, Info CSI 00000290 [SR] Verify complete
2014-03-22 00:09:37, Info CSI 00000291 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:37, Info CSI 00000292 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:39, Info CSI 00000294 [SR] Verify complete
2014-03-22 00:09:40, Info CSI 00000295 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:40, Info CSI 00000296 [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:44, Info CSI 00000298 [SR] Verify complete
2014-03-22 00:09:44, Info CSI 00000299 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:44, Info CSI 0000029a [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:48, Info CSI 0000029c [SR] Verify complete
2014-03-22 00:09:49, Info CSI 0000029d [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:49, Info CSI 0000029e [SR] Beginning Verify and Repair transaction
2014-03-22 00:09:53, Info CSI  000002a0 [SR] Verify complete
2014-03-22 00:09:53, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:09:53, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:00, Info CSI 000002bc [SR] Verify complete
2014-03-22 00:10:00, Info CSI 000002bd [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:00, Info CSI 000002be [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:12, Info CSI 000002c0 [SR] Verify complete
2014-03-22 00:10:13, Info CSI 000002c1 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:13, Info CSI 000002c2 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:16, Info CSI 000002c4 [SR] Verify complete
2014-03-22 00:10:17, Info CSI 000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:17, Info CSI 000002c6 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:20, Info CSI 000002c8 [SR] Verify complete
2014-03-22 00:10:20, Info CSI 000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:20, Info CSI 000002ca [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:23, Info CSI 000002ce [SR] Verify complete
2014-03-22 00:10:24, Info CSI 000002cf [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:24, Info CSI 000002d0 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:27, Info CSI 000002d2 [SR] Verify complete
2014-03-22 00:10:28, Info CSI 000002d3 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:28, Info CSI 000002d4 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:31, Info CSI 000002d6 [SR] Verify complete
2014-03-22 00:10:32, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:32, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:35, Info CSI 000002da [SR] Verify complete
2014-03-22 00:10:35, Info CSI 000002db [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:35, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:38, Info CSI 000002df [SR] Verify complete
2014-03-22 00:10:39, Info CSI 000002e0 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:39, Info CSI 000002e1 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:42, Info CSI 000002e3 [SR] Verify complete
2014-03-22 00:10:42, Info CSI 000002e4 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:42, Info CSI 000002e5 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:47, Info CSI 000002e7 [SR] Verify complete
2014-03-22 00:10:47, Info CSI 000002e8 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:47, Info CSI 000002e9 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:51, Info CSI 000002eb [SR] Verify complete
2014-03-22 00:10:51, Info CSI 000002ec [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:51, Info CSI 000002ed [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:54, Info CSI 000002f0 [SR] Verify complete
2014-03-22 00:10:55, Info CSI 000002f1 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:55, Info CSI 000002f2 [SR] Beginning Verify and Repair transaction
2014-03-22 00:10:58, Info CSI 000002f4 [SR] Verify complete
2014-03-22 00:10:59, Info CSI 000002f5 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:10:59, Info CSI 000002f6 [SR] Beginning Verify and Repair transaction
2014-03-22 00:11:02, Info CSI 000002f8 [SR] Verify complete
2014-03-22 00:11:02, Info CSI 000002f9 [SR] Verifying 100 (0x0000000000000064) components
2014-03-22 00:11:02, Info CSI 000002fa [SR] Beginning Verify and Repair transaction
2014-03-22 00:11:06, Info CSI 000002fc [SR] Verify complete
2014-03-22 00:11:06, Info CSI 000002fd [SR] Verifying 61 (0x000000000000003d) components
2014-03-22 00:11:06, Info CSI 000002fe [SR] Beginning Verify and Repair transaction
2014-03-22 00:11:08, Info CSI 00000300 [SR] Verify complete
2014-03-22 00:11:08, Info CSI 00000301 [SR] Repairing 0 components
2014-03-22 00:11:08, Info CSI 00000302 [SR] Beginning Verify and Repair transaction
2014-03-22 00:11:08, Info CSI 00000304 [SR] Repair complete

Sine you said it will take few hours to do Disc Check I will leave it over night and post results tomorrow.


----------



## Mark1956 (May 7, 2011)

No problem, I am just turning in myself.


----------



## pera93bgd (Mar 17, 2014)

Here is disc check, sorry for taking so long I had some issues with internet provider...

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 23.3.2014 3:25:46
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: P-MSI
Description:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS_Install.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
288000 file records processed.

File verification completed.
1416 large file records processed.

0 bad file records processed.

0 EA records processed.

59 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
354290 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
288000 file SDs/SIDs processed.

Cleaning up 3065 unused index entries from index $SII of file 0x9.
Cleaning up 3065 unused index entries from index $SDH of file 0x9.
Cleaning up 3065 unused security descriptors.
CHKDSK is compacting the security descriptor stream
33146 data files processed.

CHKDSK is verifying Usn Journal...
34570720 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
287984 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
6159281 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

283134975 KB total disk space.
257943120 KB in 172592 files.
157192 KB in 33149 indexes.
0 KB in bad sectors.
397535 KB in use by the system.
65536 KB occupied by the log file.
24637128 KB available on disk.

4096 bytes in each allocation unit.
70783743 total allocation units on disk.
6159282 allocation units available on disk.

Internal Info:
00 65 04 00 b6 23 03 00 53 b2 05 00 00 00 00 00 .e...#..S.......
9b 03 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-23T02:25:46.000000000Z" />
<EventRecordID>85976</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>P-MSI</Computer>
<Security />
</System>
<EventData>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS_Install.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
288000 file records processed.

File verification completed.
1416 large file records processed.

0 bad file records processed.

0 EA records processed.

59 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
354290 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
288000 file SDs/SIDs processed.

Cleaning up 3065 unused index entries from index $SII of file 0x9.
Cleaning up 3065 unused index entries from index $SDH of file 0x9.
Cleaning up 3065 unused security descriptors.
CHKDSK is compacting the security descriptor stream
33146 data files processed.

CHKDSK is verifying Usn Journal...
34570720 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
287984 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
6159281 free clusters processed.

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

283134975 KB total disk space.
257943120 KB in 172592 files.
157192 KB in 33149 indexes.
0 KB in bad sectors.
397535 KB in use by the system.
65536 KB occupied by the log file.
24637128 KB available on disk.

4096 bytes in each allocation unit.
70783743 total allocation units on disk.
6159282 allocation units available on disk.

Internal Info:
00 65 04 00 b6 23 03 00 53 b2 05 00 00 00 00 00 .e...#..S.......
9b 03 00 00 3b 00 00 00 00 00 00 00 00 00 00 00 ....;...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

</EventData>
</Event>


----------



## Mark1956 (May 7, 2011)

Both the scans above are normal. We now need to try something else.

*Selective Startup (Clean Boot)*
I would recommend you print out these instructions.


Click on *Start*







then type *msconfig* into the *Search* box and hit the* Enter* key.
This screen should appear with the settings as shown:











Click on the Services tab and you should see this, click on the box next to *Hide all Microsoft Services* so a check mark appears.











Now click on the General tab and check the boxes as shown:











When done click on *Apply* and then *OK*.
The window will close and you will see a notification with two choices, click on *Restart*.

Now run the system and check to see if the problem has been cured. Tell me the outcome in your next reply.


----------



## pera93bgd (Mar 17, 2014)

Looks OK now. Here is SS of Windows Task Manager:










Whats worrying me now is whenever I do anything, for example open new tab in Chrome, CPU usage jumps to 80-99% usage for few seconds and then goes back to normal. Here is SS:


----------



## Mark1956 (May 7, 2011)

That all looks good and it is quite normal for the CPU usage to jump up when you start any new process.

As we are now seeing normal behaviour using Selective Startup we need to see if we can find what was causing the high CPU usage when everything was running in Normal Startup. The only way to do this is by a process of elimination.

First thing to do is to find out if it is a Service or Program set to run at Startup that is causing the problem.


Click on *Start*







then type *msconfig* into the *Search* box and hit the* Enter* key.

Under the *General* tab click the box next to *Load System Services* so it appears checked, click on *Apply* then *OK* and select *Restart* when the options appear.
Check again to see if the problem has returned. If *it has* then we are looking for a bad *Service*, if the problem *has not* returned we are looking for a bad *Startup* item.

Let me know the outcome.


----------



## pera93bgd (Mar 17, 2014)

Okay, I did like you said and problem did not return, so I guess we are looking for a bad Startup item.


----------



## Mark1956 (May 7, 2011)

Ok, now follow this to track down what Startup item is causing the problem. It can get confusing so take your time.


Now open *msconfig* again, leave the check mark for *Selective Startup* and check both the boxes for *Load System Services* and* Load Startup Items*, these settings can now be left untouched until the end of the process.
Click on the *Startup* tab.
Now you have the list in view and we know that the item responsible for the problem is one of them. You can go the long, but less confusing, route of disabling one at a time, clicking on *Apply*, *OK* and *Restart* and checking again, but that could take a long time.
The quickest method is to disable (by unchecking the item/s) half at a time and then repeating the process by disabling half of the remaining items until the problem stops.
For an example: If there are 24 items, start by disabling 12 of them, click on *Apply*, *OK* and *Restart*. Then check if the problem has gone, if it hasn't then go back and disable half of the remainder which will be the next 6 items in the list. Again, repeat the Apply, OK, Restart and check again for the problem. Keep going like this until the problem stops.
Once the problem has gone you will know that it is being caused by one of the items you have just disabled. You then need to go back and re-enable half of the items you just disabled (by putting the check mark back next to the item). It is easy to make mistakes when doing this so keeping notes will help. Alternatively you can just disable items in groups of 6 (or more) at a time, the method you use is up to you, once you get the hang of it you should soon find the item that has caused all this time consuming work.
Using this process of elimination you will end up with just one item disabled. 
Once you have isolated the item then post back with the details.
Within the System Configuration window, move the mouse pointer over the top bar that has the column names in, it will change appearance as it goes over the divider, click and hold, then drag so you can expand the column width and get the full details that are listed. I will need the full information from all the columns.


----------



## pera93bgd (Mar 17, 2014)

Okay, looks like I narrowed it down to 2 items.
1st is Apple Push (I don't even know why I have this, I don't use any of the Apple products...)
Startup item: Apple Push
Manufacturer: Apple Inc.
Command: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Data Disabled: 23.03.2014

And 2nd is famous AAAAAAAAAAAAAA.. 
Startup item: AAAAAAA.............
Manufacturer: Unknown
Command: 1
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Data Disabled: 23.03.2014


----------



## Mark1956 (May 7, 2011)

Can you narrow it down further to either one of them, or are they both causing high CPU usage.

While you see if you can do that please also run this so we can try and get a better fix on that AAAA entry.

Please download *SystemLook* from the following link below and save it to your Desktop.


*SystemLook (64-bit)*


Double-click *SystemLook.exe* to run it.
_*Vista*/*Windows 7* users right-click and select Run As Administrator_.
Copy and paste everything in the codebox below into the main textfield:


```
:regfind
*AAAAAAAAA*
```

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.


----------



## Mark1956 (May 7, 2011)

Just had quick look back through the logs and you do have Apple products installed:

Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)


----------



## pera93bgd (Mar 17, 2014)

They are both causing the problem. I tried turning off only one of them and problem is gone only when both are disabled.

Look like scan couldn't find AAAAAAA, here is the report:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:14 on 24/03/2014 by P
Administrator - Elevation successful

========== regfind ==========

Searching for "*AAAAAAAAA*"
No data found.

-= EOF =-


----------



## Mark1956 (May 7, 2011)

That AAAA key is a mystery. Nevertheless we have found the source of the problem. 

Open msconfig again and click on the Startup tab, re-enable everything apart from those two items, click on Apply. Go back to the General tab and put the selection back to Normal Startup, click on Apply and OK, allow the system to reboot.

When booted back up, uninstall the two Apple products I listed above and QuickTime.

Then run FRST again, when the window opens click the box next to Addition.txt so a check mark appears in it. Then run the scan, post both of the new logs back here and I shall create a script to remove any left overs.


----------



## pera93bgd (Mar 17, 2014)

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by P (administrator) on P-MSI on 24-03-2014 23:17:41
Running from C:\Users\P\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(msi) C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [THXCfg64] - C:\windows\system32\THXCfg64.dll [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [ShadowPlay] - C:\windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-04] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\fspuip.exe [4059136 2011-03-11] (Sentelic Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10372368 2011-03-30] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] - C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1351680 2010-11-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [S-Bar] - C:\Program Files (x86)\S-Bar\S-Bar.exe [5504416 2012-12-03] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Cinema ProII Controler] - C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe [1689600 2010-06-25] (msi)
HKLM-x32\...\Run: [Cinema ProII AP] - C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe [200192 2011-01-25] (Micro-Star Int'l Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {FC722C2E-184C-402A-9892-63CB813C4A51} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=310
SearchScopes: HKCU - {5C1F6FA4-51D8-45BC-BFE9-382320B8D1E3} URL = http://www.bing.com/search?q={searchTerms}&r=613
SearchScopes: HKCU - {E98CD509-E696-434A-A149-D426A78E31F3} URL = 
SearchScopes: HKCU - {FC722C2E-184C-402A-9892-63CB813C4A51} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=310
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 89.216.1.30 89.216.1.50
Tcpip\..\Interfaces\{1AAFB922-CEDE-44D9-8930-3ED45AC1434A}: [NameServer]8.8.8.8,8.8.4.4

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
CHR Extension: (Google Drive) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (YouTube) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (AdBlock) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-02]
CHR Extension: (Hola Better Internet) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-03-02]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-03-02]
CHR Extension: (Skype Click to Call) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\P\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Users\P\AppData\Local\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\P\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-01-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2012-12-03] (Micro-Star International Co., Ltd.)
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-17] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Dokan; C:\windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-30] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [67072 2011-03-11] (Sentelic Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-24 20:14 - 2014-03-24 20:15 - 00000414 _____ () C:\Users\P\Downloads\SystemLook.txt
2014-03-24 20:13 - 2014-03-24 20:14 - 00165376 _____ () C:\Users\P\Downloads\SystemLook_x64.exe
2014-03-23 15:01 - 2014-03-24 22:44 - 00000000 ____D () C:\windows\pss
2014-03-22 23:19 - 2014-03-22 23:19 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-22 23:18 - 2014-03-22 23:18 - 10983288 _____ (Wargaming.net ) C:\Users\P\Downloads\WoT_internet_install_ct.exe
2014-03-22 00:13 - 2014-03-22 00:13 - 00038586 _____ () C:\Users\P\Desktop\sfcdetails.txt
2014-03-21 19:20 - 2014-03-23 01:37 - 00000383 _____ () C:\Users\P\Desktop\oik9ik.txt
2014-03-21 16:33 - 2014-03-21 16:33 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-21 16:33 - 2014-03-21 16:33 - 00000000 ____D () C:\Users\P\AppData\Roaming\Malwarebytes
2014-03-21 16:33 - 2014-03-21 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 16:33 - 2014-03-21 16:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 16:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-21 16:32 - 2014-03-21 16:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\P\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-21 16:32 - 2014-03-21 16:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\P\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 16:27 - 2014-03-21 16:28 - 00002122 _____ () C:\Users\P\Desktop\Rkill.txt
2014-03-21 16:26 - 2014-03-21 16:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\P\Desktop\rkill.exe
2014-03-21 16:25 - 2014-03-21 16:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\P\Downloads\rkill.exe
2014-03-21 16:24 - 2014-03-21 16:24 - 00001899 _____ () C:\Users\P\Desktop\RKreport[0]_S_03212014_162402.txt
2014-03-21 16:21 - 2014-03-21 16:25 - 00000000 ____D () C:\Users\P\Desktop\RK_Quarantine
2014-03-21 16:19 - 2014-03-21 16:19 - 04486144 _____ () C:\Users\P\Downloads\RogueKillerX64.exe
2014-03-21 16:19 - 2014-03-21 16:19 - 04486144 _____ () C:\Users\P\Desktop\RogueKillerX64.exe
2014-03-21 15:33 - 2014-03-21 16:13 - 00000000 ____D () C:\AdwCleaner
2014-03-21 15:33 - 2014-03-21 15:32 - 01950720 _____ () C:\Users\P\Desktop\AdwCleaner.exe
2014-03-21 15:32 - 2014-03-21 15:32 - 01950720 _____ () C:\Users\P\Downloads\AdwCleaner.exe
2014-03-19 21:26 - 2014-03-19 21:27 - 03392612 _____ () C:\Users\P\Downloads\20.MAR.HQ MIX and more else.rar
2014-03-19 15:08 - 2014-03-19 15:08 - 00030919 _____ () C:\ComboFix.txt
2014-03-18 19:08 - 2014-03-19 15:10 - 00000000 ____D () C:\Qoobox
2014-03-18 19:08 - 2014-03-19 14:26 - 00000000 ____D () C:\windows\erdnt
2014-03-18 19:08 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-18 19:08 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-18 19:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-18 19:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-18 19:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-18 19:08 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-18 19:08 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-18 19:08 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-18 01:28 - 2014-03-18 01:29 - 40442937 _____ () C:\Users\P\Downloads\Popcorn-Time-2.7-Win.zip
2014-03-17 21:14 - 2014-03-17 21:14 - 05190594 ____R (Swearware) C:\Users\P\Desktop\ComboFix.exe
2014-03-17 18:37 - 2014-03-17 18:37 - 00000000 ____D () C:\ProgramData\ESET
2014-03-17 18:37 - 2014-03-17 18:37 - 00000000 ____D () C:\Program Files\ESET
2014-03-17 18:05 - 2014-03-17 18:05 - 00448512 _____ (OldTimer Tools) C:\Users\P\Downloads\TFC.exe
2014-03-17 14:32 - 2014-03-17 14:32 - 00033319 _____ () C:\Users\P\Downloads\Addition.txt
2014-03-17 14:31 - 2014-03-24 23:18 - 00019331 _____ () C:\Users\P\Downloads\FRST.txt
2014-03-17 14:31 - 2014-03-24 23:17 - 00000000 ____D () C:\FRST
2014-03-17 14:30 - 2014-03-17 14:30 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64 (1).exe
2014-03-17 14:19 - 2014-03-17 14:19 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64.exe
2014-03-17 13:31 - 2014-03-17 13:31 - 00299808 _____ () C:\Users\P\Desktop\RTSVunc.zip
2014-03-17 13:31 - 2010-06-09 10:58 - 00000000 ____D () C:\Users\P\Desktop\src
2014-03-17 13:31 - 2010-06-09 10:58 - 00000000 ____D () C:\Users\P\Desktop\release
2014-03-15 09:59 - 2014-03-15 09:59 - 00000000 ____D () C:\Users\P\AppData\Local\Skype
2014-03-15 00:40 - 2014-03-15 00:40 - 00000000 ____D () C:\Users\P\AppData\Local\Skyrim
2014-03-15 00:29 - 2014-03-15 00:39 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim
2014-03-14 16:20 - 2014-03-14 16:34 - 00000000 ____D () C:\Users\P\Downloads\rzr-skrm
2014-03-14 15:40 - 2014-03-14 15:40 - 00000008 _____ () C:\Users\P\AppData\Roaming\DofusAppId0_2
2014-03-14 15:40 - 2014-03-14 15:40 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dofus-2
2014-03-12 15:49 - 2014-03-12 16:27 - 00000000 ____D () C:\Users\P\Downloads\CIV4
2014-03-12 12:47 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 12:47 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 12:47 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 12:47 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 12:47 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 12:47 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 12:47 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 12:47 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 12:47 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 12:47 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 12:47 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 12:47 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 12:47 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 12:47 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:47 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 12:47 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 12:47 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 12:47 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 12:47 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 12:47 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:47 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 12:47 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 12:47 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 12:47 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 12:47 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 12:47 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-12 12:47 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-12 12:47 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 12:47 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 12:47 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 12:47 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 12:47 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 12:47 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 12:47 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-12 12:47 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 12:47 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 12:47 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 12:47 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 12:47 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 12:47 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 12:47 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 12:47 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 12:47 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 12:47 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-12 12:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 12:44 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 12:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:44 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\system32\NV
2014-03-11 10:00 - 2014-03-04 15:35 - 31474976 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 25255256 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 23716640 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 18302384 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 17755424 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 17561544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 15783992 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 12708128 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-03-11 10:00 - 2014-03-04 15:35 - 11636176 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 11589272 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 09728064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 09690424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 03143456 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 02958792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 02783008 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 02411976 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 01885472 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433523.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 01516488 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433523.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00892704 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00877856 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00863064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00846168 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00353504 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00305600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2014-03-11 10:00 - 2014-03-04 15:35 - 00033736 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2014-03-09 16:53 - 2014-03-09 17:17 - 00000000 ____D () C:\Users\P\Downloads\Nymphomaniac Volume I & II Unrated Webrip x264 AC3 TiTAN
2014-03-09 12:05 - 2014-03-09 12:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Apple Computer
2014-03-08 13:04 - 2014-03-24 23:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\Users\P\AppData\Local\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\ProgramData\Apple
2014-03-07 16:19 - 2014-03-07 16:24 - 00000000 ____D () C:\Users\P\Downloads\12 Years a Slave[2013] BRRip XviD-SaM[ETRG]
2014-03-04 21:49 - 2014-03-04 21:49 - 00001006 _____ () C:\Users\P\Desktop\Dev-C++.lnk
2014-03-04 21:49 - 2014-03-04 21:49 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dev-Cpp
2014-03-04 21:48 - 2014-03-04 21:48 - 00000000 ____D () C:\Program Files (x86)\Dev-Cpp
2014-03-02 02:57 - 2014-03-02 02:57 - 00000767 _____ () C:\Users\P\Desktop\The Elder Scrolls Online Beta.lnk
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\Documents\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\AppData\Roaming\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Program Files\Rainmeter
2014-02-27 11:50 - 2014-02-27 11:50 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-22 23:50 - 2014-02-22 23:50 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA Corporation
2014-02-22 23:46 - 2014-02-22 23:51 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA
2014-02-22 23:46 - 2014-02-22 23:46 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-22 23:46 - 2014-02-05 10:31 - 01048152 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2014-02-22 23:46 - 2014-02-05 10:30 - 01179576 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2014-02-22 23:42 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433489.dll
2014-02-22 23:42 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433489.dll
2014-02-22 23:42 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2014-02-22 23:42 - 2013-12-27 19:42 - 00035104 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2014-02-22 23:42 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2014-02-22 22:05 - 2014-03-05 23:39 - 00000000 ____D () C:\Users\P\AppData\Roaming\Upok
2014-02-22 22:05 - 2014-03-03 09:17 - 00000000 ____D () C:\Users\P\AppData\Roaming\Koesim
2014-02-22 21:45 - 2014-02-22 21:45 - 00000000 _____ () C:\windows\SysWOW64\Access.dat
2014-02-22 21:43 - 2014-02-22 21:49 - 00000000 ____D () C:\Users\P\AppData\Roaming\Tunngle
2014-02-22 21:43 - 2014-02-22 21:45 - 00000000 ____D () C:\ProgramData\Tunngle
2014-02-22 21:43 - 2014-02-22 21:44 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00001001 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\P\Documents\Tunngle
2014-02-22 21:43 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\windows\system32\Drivers\tap0901t.sys
2014-02-22 20:34 - 2014-03-23 01:25 - 315680028 _____ () C:\Users\P\Downloads\WoodmanCastingX - Hard Table - Nancy Fancy.mp4

==================== One Month Modified Files and Folders =======

2014-03-24 23:18 - 2014-03-17 14:31 - 00019331 _____ () C:\Users\P\Downloads\FRST.txt
2014-03-24 23:17 - 2014-03-17 14:31 - 00000000 ____D () C:\FRST
2014-03-24 23:16 - 2013-01-25 21:15 - 00000000 ____D () C:\Users\P\AppData\Roaming\Skype
2014-03-24 23:08 - 2014-03-08 13:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-24 22:54 - 2009-07-14 05:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 22:54 - 2009-07-14 05:45 - 00024432 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 22:47 - 2013-12-20 22:18 - 00000000 ____D () C:\Users\P\AppData\Local\LogMeIn Hamachi
2014-03-24 22:47 - 2009-07-14 05:51 - 00143547 _____ () C:\windows\setupact.log
2014-03-24 22:46 - 2013-01-25 02:37 - 00000918 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-24 22:46 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-24 22:45 - 2013-01-25 01:25 - 01409978 _____ () C:\windows\WindowsUpdate.log
2014-03-24 22:44 - 2014-03-23 15:01 - 00000000 ____D () C:\windows\pss
2014-03-24 22:44 - 2013-01-25 01:33 - 00000000 ___RD () C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-24 22:37 - 2013-01-25 02:37 - 00000922 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-24 20:15 - 2014-03-24 20:14 - 00000414 _____ () C:\Users\P\Downloads\SystemLook.txt
2014-03-24 20:14 - 2014-03-24 20:13 - 00165376 _____ () C:\Users\P\Downloads\SystemLook_x64.exe
2014-03-24 16:14 - 2013-01-25 02:48 - 00000000 ____D () C:\Games
2014-03-24 14:35 - 2013-12-16 22:07 - 00000000 ____D () C:\Users\P\AppData\Local\Battle.net
2014-03-23 13:01 - 2013-03-26 22:15 - 00007605 _____ () C:\Users\P\AppData\Local\Resmon.ResmonCfg
2014-03-23 12:30 - 2013-12-16 22:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-23 02:08 - 2013-01-26 00:20 - 00000000 ____D () C:\Users\P\AppData\Roaming\BitTorrent
2014-03-23 01:37 - 2014-03-21 19:20 - 00000383 _____ () C:\Users\P\Desktop\oik9ik.txt
2014-03-23 01:25 - 2014-02-22 20:34 - 315680028 _____ () C:\Users\P\Downloads\WoodmanCastingX - Hard Table - Nancy Fancy.mp4
2014-03-22 23:19 - 2014-03-22 23:19 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-22 23:19 - 2013-01-25 02:48 - 00000000 ____D () C:\windows\SysWOW64\directx
2014-03-22 23:18 - 2014-03-22 23:18 - 10983288 _____ (Wargaming.net ) C:\Users\P\Downloads\WoT_internet_install_ct.exe
2014-03-22 07:40 - 2009-07-14 06:13 - 00779788 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-22 00:13 - 2014-03-22 00:13 - 00038586 _____ () C:\Users\P\Desktop\sfcdetails.txt
2014-03-21 18:06 - 2010-11-21 04:47 - 00271266 _____ () C:\windows\PFRO.log
2014-03-21 16:33 - 2014-03-21 16:33 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-21 16:33 - 2014-03-21 16:33 - 00000000 ____D () C:\Users\P\AppData\Roaming\Malwarebytes
2014-03-21 16:33 - 2014-03-21 16:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-21 16:33 - 2014-03-21 16:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 16:32 - 2014-03-21 16:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\P\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-21 16:32 - 2014-03-21 16:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\P\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-21 16:28 - 2014-03-21 16:27 - 00002122 _____ () C:\Users\P\Desktop\Rkill.txt
2014-03-21 16:25 - 2014-03-21 16:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\P\Desktop\rkill.exe
2014-03-21 16:25 - 2014-03-21 16:25 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\P\Downloads\rkill.exe
2014-03-21 16:25 - 2014-03-21 16:21 - 00000000 ____D () C:\Users\P\Desktop\RK_Quarantine
2014-03-21 16:24 - 2014-03-21 16:24 - 00001899 _____ () C:\Users\P\Desktop\RKreport[0]_S_03212014_162402.txt
2014-03-21 16:19 - 2014-03-21 16:19 - 04486144 _____ () C:\Users\P\Downloads\RogueKillerX64.exe
2014-03-21 16:19 - 2014-03-21 16:19 - 04486144 _____ () C:\Users\P\Desktop\RogueKillerX64.exe
2014-03-21 16:13 - 2014-03-21 15:33 - 00000000 ____D () C:\AdwCleaner
2014-03-21 15:32 - 2014-03-21 15:33 - 01950720 _____ () C:\Users\P\Desktop\AdwCleaner.exe
2014-03-21 15:32 - 2014-03-21 15:32 - 01950720 _____ () C:\Users\P\Downloads\AdwCleaner.exe
2014-03-20 01:19 - 2013-12-16 22:08 - 00000761 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-03-19 21:27 - 2014-03-19 21:26 - 03392612 _____ () C:\Users\P\Downloads\20.MAR.HQ MIX and more else.rar
2014-03-19 15:10 - 2014-03-18 19:08 - 00000000 ____D () C:\Qoobox
2014-03-19 15:08 - 2014-03-19 15:08 - 00030919 _____ () C:\ComboFix.txt
2014-03-19 14:30 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-03-19 14:26 - 2014-03-18 19:08 - 00000000 ____D () C:\windows\erdnt
2014-03-19 14:21 - 2013-02-16 20:00 - 00000000 ____D () C:\Users\P\Desktop\Filmovi
2014-03-18 22:25 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-18 15:33 - 2013-02-03 16:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-18 01:29 - 2014-03-18 01:28 - 40442937 _____ () C:\Users\P\Downloads\Popcorn-Time-2.7-Win.zip
2014-03-17 21:14 - 2014-03-17 21:14 - 05190594 ____R (Swearware) C:\Users\P\Desktop\ComboFix.exe
2014-03-17 18:37 - 2014-03-17 18:37 - 00000000 ____D () C:\ProgramData\ESET
2014-03-17 18:37 - 2014-03-17 18:37 - 00000000 ____D () C:\Program Files\ESET
2014-03-17 18:05 - 2014-03-17 18:05 - 00448512 _____ (OldTimer Tools) C:\Users\P\Downloads\TFC.exe
2014-03-17 14:32 - 2014-03-17 14:32 - 00033319 _____ () C:\Users\P\Downloads\Addition.txt
2014-03-17 14:30 - 2014-03-17 14:30 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64 (1).exe
2014-03-17 14:19 - 2014-03-17 14:19 - 02157056 _____ (Farbar) C:\Users\P\Downloads\FRST64.exe
2014-03-17 13:31 - 2014-03-17 13:31 - 00299808 _____ () C:\Users\P\Desktop\RTSVunc.zip
2014-03-15 10:16 - 2013-11-23 13:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-15 09:59 - 2014-03-15 09:59 - 00000000 ____D () C:\Users\P\AppData\Local\Skype
2014-03-15 09:59 - 2013-01-25 21:15 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-15 09:59 - 2013-01-25 21:15 - 00000000 ____D () C:\ProgramData\Skype
2014-03-15 00:40 - 2014-03-15 00:40 - 00000000 ____D () C:\Users\P\AppData\Local\Skyrim
2014-03-15 00:40 - 2013-04-24 14:49 - 00000000 ____D () C:\Users\P\Documents\My Games
2014-03-15 00:39 - 2014-03-15 00:29 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim
2014-03-15 00:36 - 2011-07-19 01:27 - 00047128 _____ () C:\windows\DirectX.log
2014-03-14 21:46 - 2013-01-25 01:33 - 00000000 ____D () C:\Users\P\AppData\Local\VirtualStore
2014-03-14 20:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-03-14 16:34 - 2014-03-14 16:20 - 00000000 ____D () C:\Users\P\Downloads\rzr-skrm
2014-03-14 15:45 - 2013-10-28 14:07 - 00000000 ____D () C:\Users\P\Desktop\New folder (2)
2014-03-14 15:44 - 2013-02-02 23:04 - 00000000 ___RD () C:\Users\P\Desktop\Programi
2014-03-14 15:40 - 2014-03-14 15:40 - 00000008 _____ () C:\Users\P\AppData\Roaming\DofusAppId0_2
2014-03-14 15:40 - 2014-03-14 15:40 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dofus-2
2014-03-14 15:40 - 2013-11-15 16:38 - 00000109 _____ () C:\Users\P\AppData\Roaming\D2Info0
2014-03-14 15:40 - 2013-11-15 16:38 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dofus2
2014-03-14 15:35 - 2011-07-19 01:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-13 13:23 - 2009-07-14 05:45 - 00463432 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 13:21 - 2013-03-12 21:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 13:21 - 2013-03-12 21:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 16:27 - 2014-03-12 15:49 - 00000000 ____D () C:\Users\P\Downloads\CIV4
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\SysWOW64\NV
2014-03-11 10:02 - 2014-03-11 10:02 - 00000000 ____D () C:\windows\system32\NV
2014-03-11 10:02 - 2013-01-28 18:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-10 13:15 - 2013-10-09 01:39 - 00000000 ____D () C:\Users\P\Desktop\New folder
2014-03-09 17:17 - 2014-03-09 16:53 - 00000000 ____D () C:\Users\P\Downloads\Nymphomaniac Volume I & II Unrated Webrip x264 AC3 TiTAN
2014-03-09 12:05 - 2014-03-09 12:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Apple Computer
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\Users\P\AppData\Local\Apple
2014-03-08 13:04 - 2014-03-08 13:04 - 00000000 ____D () C:\ProgramData\Apple
2014-03-07 16:24 - 2014-03-07 16:19 - 00000000 ____D () C:\Users\P\Downloads\12 Years a Slave[2013] BRRip XviD-SaM[ETRG]
2014-03-07 16:03 - 2013-01-25 02:15 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-03-05 23:39 - 2014-02-22 22:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Upok
2014-03-05 21:36 - 2013-01-25 01:30 - 00000000 ____D () C:\Users\P\AppData\Local\CrashDumps
2014-03-04 21:49 - 2014-03-04 21:49 - 00001006 _____ () C:\Users\P\Desktop\Dev-C++.lnk
2014-03-04 21:49 - 2014-03-04 21:49 - 00000000 ____D () C:\Users\P\AppData\Roaming\Dev-Cpp
2014-03-04 21:48 - 2014-03-04 21:48 - 00000000 ____D () C:\Program Files (x86)\Dev-Cpp
2014-03-04 15:35 - 2014-03-11 10:00 - 31474976 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 25255256 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 23716640 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 18302384 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 17755424 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 17561544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 15783992 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 12708128 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-03-04 15:35 - 2014-03-11 10:00 - 11636176 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 11589272 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 09728064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 09690424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 03143456 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 02958792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 02783008 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 02411976 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 01885472 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6433523.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 01516488 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6433523.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00892704 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00877856 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00863064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00846168 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00353504 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00305600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2014-03-04 15:35 - 2014-03-11 10:00 - 00033736 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2014-03-04 15:35 - 2013-10-08 23:29 - 02715264 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2014-03-04 15:35 - 2013-02-20 06:33 - 14709720 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2014-03-04 15:35 - 2013-02-20 06:33 - 00832936 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 03093280 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00947808 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00174296 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00148016 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2014-03-04 15:35 - 2013-01-28 18:29 - 00024544 _____ () C:\windows\system32\nvinfo.pb
2014-03-04 14:06 - 2013-01-28 18:30 - 06714312 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2014-03-04 14:06 - 2013-01-28 18:30 - 03497816 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 03649185 _____ () C:\windows\system32\nvcoproc.bin
2014-03-04 14:05 - 2013-01-28 18:30 - 02558808 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 01075032 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 00922968 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2014-03-04 14:05 - 2013-01-28 18:30 - 00386336 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 00067072 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2014-03-04 14:05 - 2013-01-28 18:30 - 00064968 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2014-03-03 09:17 - 2014-02-22 22:05 - 00000000 ____D () C:\Users\P\AppData\Roaming\Koesim
2014-03-02 23:55 - 2013-10-12 16:58 - 00000000 ____D () C:\Users\P\AppData\Roaming\vlc
2014-03-02 02:57 - 2014-03-02 02:57 - 00000767 _____ () C:\Users\P\Desktop\The Elder Scrolls Online Beta.lnk
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\Documents\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Users\P\AppData\Roaming\Rainmeter
2014-03-01 15:02 - 2014-03-01 15:02 - 00000000 ____D () C:\Program Files\Rainmeter
2014-03-01 07:05 - 2014-03-12 12:47 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 12:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 12:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 12:47 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 12:47 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 12:47 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 12:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 12:47 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 12:47 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 12:47 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 12:47 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 12:47 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 12:47 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 12:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 12:47 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 12:47 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 12:47 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 12:47 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 12:47 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 12:47 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 12:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 12:47 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 12:47 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 12:47 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 12:47 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 12:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 12:47 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 12:47 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 12:47 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 12:47 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 12:47 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 12:47 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 12:47 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 12:47 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 12:47 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 12:47 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 12:47 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 12:47 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 12:47 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 12:47 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 11:50 - 2014-02-27 11:50 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-24 19:53 - 2013-10-26 19:42 - 00000000 ____D () C:\Users\P\AppData\Roaming\TS3Client
2014-02-22 23:51 - 2014-02-22 23:46 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA
2014-02-22 23:50 - 2014-02-22 23:50 - 00000000 ____D () C:\Users\P\AppData\Local\NVIDIA Corporation
2014-02-22 23:50 - 2013-01-28 18:30 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-22 23:46 - 2014-02-22 23:46 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-22 23:46 - 2011-07-19 01:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-22 23:46 - 2011-07-19 01:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-22 23:12 - 2013-01-25 01:27 - 00126048 _____ () C:\Users\P\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-22 21:49 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\P\AppData\Roaming\Tunngle
2014-02-22 21:45 - 2014-02-22 21:45 - 00000000 _____ () C:\windows\SysWOW64\Access.dat
2014-02-22 21:45 - 2014-02-22 21:43 - 00000000 ____D () C:\ProgramData\Tunngle
2014-02-22 21:44 - 2014-02-22 21:43 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00001001 _____ () C:\Users\Public\Desktop\Tunngle beta.lnk
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\P\Documents\Tunngle

Some content of TEMP:
====================
C:\Users\P\AppData\Local\Temp\ntdll_dump.dll
C:\Users\P\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-22 19:18

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by P at 2014-03-24 23:18:35
Running from C:\Users\P\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 7.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1105.1601 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.7.3.28706 - BitTorrent Inc.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 3.0.1103.1801 - Micro-Star International Co., Ltd.)
Cinema ProII Setup (HKLM-x32\...\{C13926BE-159B-4494-BEEC-AB6E207F70AD}) (Version: 1.0.0.10 - Micro-Star International Co., Ltd.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Daum PotPlayer 1.5.40688 x64 Edition (HKLM\...\PotPlayer64) (Version: - )
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.6.1 - Bloodshed Software)
DLL Player 0.1 (HKLM-x32\...\DLL Player) (Version: 0.1 - )
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version: - )
EasyFace2 (HKLM-x32\...\{94DE7548-E449-4F7D-804F-0C5CDC3A1E6A}) (Version: 2.0.0.25 - Micro-Star International CO.,Ltd.)
EasyViewer (HKLM-x32\...\InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}) (Version: 1.3.0.9 - MSI)
EasyViewer (x32 Version: 1.3.0.9 - MSI) Hidden
ESET Smart Security (HKLM\...\{F7C525E7-659A-47F6-A25A-7A63FA10E767}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.8.3.0 - Sentelic)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version: - Sports Interactive)
Football Manager 2013 Editor (HKLM-x32\...\Steam App 220600) (Version: - Sports Interactive)
Football Manager 2014 (HKLM-x32\...\Rm9vdGJhbGxNYW5hZ2VyMjAxNA==_is1) (Version: 1 - )
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Might and Magic® III The Shadow of Death(TM) (HKLM-x32\...\Heroes III The Shadow of Death) (Version: - )
i-Charger (HKLM-x32\...\i-Charger_is1) (Version: - msi, Inc.)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
MAGIX Music Maker 16 Download Version (HKLM-x32\...\MAGIX Music Maker 16 Download Version UK) (Version: 16.0.3.0 - MAGIX AG)
MAGIX Photo Manager 9 (HKLM-x32\...\MAGIX Photo Manager 9 UK) (Version: 7.0.3.119 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare UK) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR UK) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Video easy SE (HKLM-x32\...\MAGIX_MSI_Video_easy_SE) (Version: 1.0.4.1 - MAGIX AG)
MAGIX Video easy SE (x32 Version: 1.0.4.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medal of Honor Pacific Assault (HKLM-x32\...\Medal of Honor Pacific Assault_is1) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4569.1508 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Standard 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSI HOUSE (HKLM-x32\...\{DA5597C9-9216-44FF-9670-D1E48817B998}) (Version: 10.07.1601 - MSI)
MSI Software Install (HKLM-x32\...\{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}) (Version: 4.0.1105.1701 - Micro-Star International Co., Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1508 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6324 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10010 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
S-Bar (HKLM-x32\...\{EA37105B-24BD-4B05-8D4A-3CA5945CBD40}) (Version: 21.012.12039 - )
Secure Download Manager (HKLM-x32\...\{704B1EDC-F99C-43C1-894A-75C7CE0BC372}) (Version: 3.1.30 - Kivuto Solutions Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.20 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stone Giant 1.0 (HKLM-x32\...\{1FC46D21-F4A4-42DF-B9A4-27F8A702EBC5}_is1) (Version: - BitSquid & Fatshark)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
THX TruStudio Pro (HKLM-x32\...\{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}) (Version: 1.0 - Creative Technology Limited)
Time Adjuster STANDARD 3.1 (HKCU\...\TimeAdjuster) (Version: - IrekSoftware.com)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2012 Gaijin Entertainment Corporation)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version: - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

23-03-2014 14:55:53 Scheduled Checkpoint
24-03-2014 21:50:06 Removed Apple Application Support
24-03-2014 21:54:19 Removed Apple Application Support
24-03-2014 21:57:47 Removed Apple Software Update
24-03-2014 22:08:20 Removed QuickTime

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-03-19 14:29 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {350B7A9E-1B36-41BE-97B2-57F2F166373E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-15] (Microsoft Corporation)
Task: {74506223-4C5B-472F-B6A4-352A0C1986A2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {79A5F73C-1337-487A-A9D4-C4BDC7E7F0F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: {96AA90BB-4CB6-438F-AE75-793C87681E50} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E97B94EE-7A8D-4E0D-AB05-C6849FAC0185} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-01-28 18:30 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-15 10:13 - 2014-03-15 10:13 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-15 10:10 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-23 13:49 - 2014-01-02 18:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2011-07-18 22:07 - 2011-04-15 03:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-02 21:41 - 2011-05-02 21:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-01-28 18:29 - 2014-03-04 15:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-07-19 01:24 - 2010-05-04 18:59 - 00182272 _____ () C:\windows\SysWOW64\APOMngr.DLL
2014-02-13 14:48 - 2014-02-13 14:48 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b8df91c398333d759c95234d066e2f14\IsdiInterop.ni.dll
2011-07-19 01:12 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 10:41 - 2014-03-15 01:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Temp:0001D49C.dat
AlternateDataStreams: C:\Temp:00034CD7.dat
AlternateDataStreams: C:\Tempid1
AlternateDataStreams: C:\Tempid2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2014 11:08:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time stamp: 0x4ea5d656
Exception code: 0xc0000005
Fault offset: 0x5fb5aa99
Faulting process id: 0x1a58
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (03/24/2014 10:47:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2014 10:47:11 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/24/2014 10:47:11 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/24/2014 10:47:11 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/24/2014 00:30:03 PM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/24/2014 00:21:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 03:04:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 08:26:37 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (03/23/2014 03:27:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/23/2014 03:01:30 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (03/23/2014 03:01:21 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (03/23/2014 11:11:31 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/21/2014 06:05:59 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (03/21/2014 06:05:33 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/19/2014 02:29:13 PM) (Source: Service Control Manager) (User: )
Description: The DokanMounter service terminated unexpectedly. It has done this 1 time(s).

Error: (03/19/2014 02:26:13 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/19/2014 02:12:47 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/19/2014 02:09:10 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/19/2014 02:09:10 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-03-19 14:09:10.762
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-19 14:09:10.722
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-19 14:09:10.322
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-19 14:09:10.272
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-18 21:07:44.637
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-18 21:07:44.576
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 4003.4 MB
Available physical RAM: 1618.16 MB
Total Pagefile: 8004.98 MB
Available Pagefile: 5317.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:270.02 GB) (Free:50.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:180.01 GB) (Free:146.41 GB) NTFS
Drive f: (SKYRIM_EN) (CDROM) (Total:5.12 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: FC3199EB)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## Mark1956 (May 7, 2011)

Looking good, no remnants from those programs are left behind, just a couple of orphan files to take out and one more crack at removing the mystery key.

Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.


Launch FRST by double clicking on it.
When the *FRST* window opens click on the *Fix* button just once and wait.
The tool will make a log in the same location the program is run from (Fixlog.txt) please *Copy & Paste* it into your next reply.

==========================

One more thing you could try is to go back to that run key with all the A's, as you did in post 11. When you get to the word Run in the left pane, right click on it and select Export, give it a name AAA will do, save it to the desktop. Go to the desktop and right click on the reg file, select 'Open with' and choose Notepad, when it opens see if the AAAA... entry is now visible, let me know what you find.


----------



## pera93bgd (Mar 17, 2014)

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by P at 2014-03-27 16:25:57 Run:2
Running from C:\Users\P\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
SearchScopes: HKCU - {E98CD509-E696-434A-A149-D426A78E31F3} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-3537755977-993374182-274981816-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] - 1
*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E98CD509-E696-434A-A149-D426A78E31F3} => Key deleted successfully.
HKCR\CLSID\{E98CD509-E696-434A-A149-D426A78E31F3} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => Value not found.

==== End of Fixlog ====

I tried doing the reg file thing and it still don't show AAA...


----------



## Mark1956 (May 7, 2011)

It won't do much harm leaving that bad registry key on the system, with it disabled it can't cause any issues, but it would be interesting to dig deeper and see if we can remove it.

From what we know so far it is being shown in two different locations, we have only checked one of them and it should also be in a third location.

Please do as you did before to find the Run keys below and Export each one to make a copy on your desktop.
This is done in just the same way as before but the process starts from the HKEY_USERS hive instead of HKEY_CURRENT_USER and the second one from HKEY_LOCAL MACHINE

HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Once you have done that, all three registry files will be on your desktop, zip them into one file and attach them to your next post, I'd just like to have a look at them.

There has to be an answer to this mystery key as two scanners have found it but when you look in the Registry Editor it doesn't appear to be there, but it must be somewhere as you found the Startup entry for it.

=====================

Something else you could try again is another search with SystemLook you used in post 25.

Run it just as you did before but this time use this text:

```
:regfind
AAAAAAAA
```


----------



## pera93bgd (Mar 17, 2014)

When I entered that new code in SystemLook, looks like it found something:

SystemLook 30.07.11 by jpshortstuff
Log created at 01:31 on 28/03/2014 by P
Administrator - Elevation successful

========== regfind ==========

Searching for "AAAAAAAA"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID2"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+6uOFqx8+czAqAAAAsSDAAAAAEAAAAAAAAAAAAA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID1"="OZAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAAkjQzOAEAcVauR2b3NHA8AACAQAAv7r76UoG5I0sDoCAAAwiNAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwbAcHAzBAAAYBAWBQMAAAAAAQOC1/AQAwU5NHdl12MyAAA+AACAQAAv7r76YoG5IU/DoCAAAA/cAAAAAQAAAAAAAAAAAAAAAAAAAAATBQeAMHA0BQZA0GAzAgMAAAAYAgSAEDAAAAAAIvPVrKEA82biVGAAYDAIAABA8uvurjhaIvPVrqKAAAAaLCAAAAABAAAAAAAAAAAAAAAAAAAA8GAvBgYAUGAAAAFAoEAxAAAAAAAy7z1qCBAp5mZvBAA2AACAQAAv7r8+Utqy7z1qqCAAAQ4iAAAAAQAAAAAAAAAAAAAAAAAAAAApBgbAYGAvBAAAQBAjTQMAAAAAAg8+ctqQAwVBxETQFkfxAAAABACAQAAv7r8+ctqy7z1qqCAAAAUjAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQYAwGAsBAcAEGAwBQZAIHAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAoGAwBwZAAAAAAQAAAAAAAA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID3"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+6uOFqx8+czAqAAAAsSDAAAAAEAAAAAAAAAAAAA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1"
[HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID2"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+
[HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID1"="OZAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAAkjQzOAEAcVauR2b3NHA8AACAQAAv7r76UoG5I0sDoCAAAwiNAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwbAcHAzBAAAYBAWBQMAAAAAAQOC1/AQAwU5NHdl12MyAAA+AACAQAAv7r76YoG5IU/DoCAAAA/cAAAAAQAAAAAAAAAAAAAAAAAAAAATBQeAMHA0BQZA0GAzAgMAAAAYAgSAEDAAAAAAIvPVrKEA82biVGAAYDAIAABA8uvurjhaIvPVrqKAAAAaLCAAAAABAAAAAAAAAAAAAAAAAAAA8GAvBgYAUGAAAAFAoEAxAAAAAAAy7z1qCBAp5mZvBAA2AACAQAAv7r8+Utqy7z1qqCAAAQ4iAAAAAQAAAAAAAAAAAAAAAAAAAAApBgbAYGAvBAAAQBAjTQMAAAAAAg8+ctqQAwVBxETQFkfxAAAABACAQAAv7r8+ctqy7z1qqCAAAAUjAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQYAwGAsBAcAEGAwBQZAIHAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCA
[HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID3"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+
[HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"="1"

-= EOF =-

Do you want me to do everything you said above anyway or this can help?


----------



## Mark1956 (May 7, 2011)

That is a good result and proves the mystery key is for real.

Yes, please go ahead and post the reg key copies.


----------



## pera93bgd (Mar 17, 2014)

Okay, here are three registry keys.


----------



## Mark1956 (May 7, 2011)

All three keys look fine. The next thing we can try is to delete the keys from the registry and reinstall them from the keys you have on your desktop.

Open the registry editor and locate each of the three Run keys in turn, right click on the Run key in the left pane and select Delete. When they have all been removed, double click on each of the keys you have saved on the desktop and let them merge with the registry.

When done, run the same scan as you did with SystemLook from post 32 and post the new report.


----------



## pera93bgd (Mar 17, 2014)

I'm so sorry for taking this long, I've been super busy and I had issues with my laptop charger etc. etc.
Here is the SystemLook scan as requested:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:18 on 10/04/2014 by P
Administrator - Elevation successful

========== regfind ==========

Searching for "AAAAAAAA"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID2"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+6uOFqx8+czAqAAAAsSDAAAAAEAAAAAAAAAAAAA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID1"="OZAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAAkjQzOAEAcVauR2b3NHA8AACAQAAv7r76UoG5I0sDoCAAAwiNAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwbAcHAzBAAAYBAWBQMAAAAAAQOC1/AQAwU5NHdl12MyAAA+AACAQAAv7r76YoG5IU/DoCAAAA/cAAAAAQAAAAAAAAAAAAAAAAAAAAATBQeAMHA0BQZA0GAzAgMAAAAYAgSAEDAAAAAAIvPVrKEA82biVGAAYDAIAABA8uvurjhaIvPVrqKAAAAaLCAAAAABAAAAAAAAAAAAAAAAAAAA8GAvBgYAUGAAAAFAoEAxAAAAAAAy7z1qCBAp5mZvBAA2AACAQAAv7r8+Utqy7z1qqCAAAQ4iAAAAAQAAAAAAAAAAAAAAAAAAAAApBgbAYGAvBAAAQBAjTQMAAAAAAg8+ctqQAwVBxETQFkfxAAAABACAQAAv7r8+ctqy7z1qqCAAAAUjAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQYAwGAsBAcAEGAwBQZAIHAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCAAAAfAgBAAAAqAgLAoGAwBwZAAAAAAQAAAAAAAA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID3"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+6uOFqx8+czAqAAAAsSDAAAAAEAAAAAAAAAAAAA
[HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID2"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+
[HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID1"="OZAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAgUAEDAAAAAAkjQzOAEAcVauR2b3NHA8AACAQAAv7r76UoG5I0sDoCAAAwiNAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQaA4GAkBwbAcHAzBAAAYBAWBQMAAAAAAQOC1/AQAwU5NHdl12MyAAA+AACAQAAv7r76YoG5IU/DoCAAAA/cAAAAAQAAAAAAAAAAAAAAAAAAAAATBQeAMHA0BQZA0GAzAgMAAAAYAgSAEDAAAAAAIvPVrKEA82biVGAAYDAIAABA8uvurjhaIvPVrqKAAAAaLCAAAAABAAAAAAAAAAAAAAAAAAAA8GAvBgYAUGAAAAFAoEAxAAAAAAAy7z1qCBAp5mZvBAA2AACAQAAv7r8+Utqy7z1qqCAAAQ4iAAAAAQAAAAAAAAAAAAAAAAAAAAApBgbAYGAvBAAAQBAjTQMAAAAAAg8+ctqQAwVBxETQFkfxAAAABACAQAAv7r8+ctqy7z1qqCAAAAUjAAAAAQAAAAAAAAAAAAAAAAAAAAAXBQYAwGAsBAcAEGAwBQZAIHAAAAGAsIBAAAEA8uvBAAAAkHBAAQdEAAAxMFUTVQ1NXNnusBETeJCAsCL57aIAAAAQAAAAAwSAUGA5BgOAAFAJBARAAAATAAAAQGAAAQeDAAAUAAAAAwQA8GAuBAZAkGA0BQaA8GAuBAAAIEAAAgHAAAAwBgcA8GAwBANAIDA5AANAkDA2AwNAIDA5AQNAAAAAAwLDAAAT04bR4BEl+EhU/vg5hTG1AAAAAQAAAAALAAAAkIXxL1FaFOS72sRjiPn8JMAAAAAgr1zBp19GgUvHm1xZTij5SGAAAwCA
[HKEY_USERS\S-1-5-21-3537755977-993374182-274981816-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers\Images]
"ID3"="0yiss8BAFgS1fP6I3fCBAAAAAAw8nAAAxMFUTVQ1NXNnusBETeJCAsCL576VnAAASAAAAAQQAUHA0BwbAwEApBwcAQHAAAgQAAAAeAAAAAHAyBwbAAHA0AgMAkDA0AQOAYDA3AgMAkDA1AAAAAAAQcCAA4apOhT4tqoTKu5eqj3/xnuBAAAgAAAAAEAAAAgAAAAgBAAAAEAAAAQAAAAABAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAGAAAAABAkGA0BQZA0GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAULKPxVa4ToTOCW8dkLfcd8///////////////PAAAAABAAAAcAAEBQZAMHArBAdA8GAwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwODvLAAAAABAAAAIAAAAAUAAAAAAAAAkZAUAwHQB+TQDi66kGEiiNCAsCMw0ZGA8yQ6wFAAAAAAAAAAAAAAAAAAAAAAAAA0BQMAAAAAAAPCV+iRAQVzVmczBAYAgAAEAw7+6uOFqBPCV+iqAAAAAEDAAAAAEAAAAAAAAAAAAgNAAAAAAQVAMHAlBgcAMHAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAwMAAAAUAAeAEDAAAAAAglQPZZEAAVdixWajBAAiBACAQAAv7r76UoGYJ0TWqCAAAw/MAAAAAQAAAAAAAAAAAAA4AAAAAAAQBQdAIGAsBQaAMGAAAAQAMHAoBQZAwGAsBwMAIDAuAAZAwGAsBALA0CAyAQMAgDAxAgNAAAAWAgfAEDAAAAAAMvP3MQEAAVajRXdyV2cAAgZAgAAEAw7+

-= EOF =-


----------



## Mark1956 (May 7, 2011)

Looks like we have done it .

We now need to uninstall Combofix.

To uninstall ComboFix, press the *WINKEY + R* keys on your keyboard or click on Start







and type *Run* into the search box and hit *Enter*.
In the *Run* box type: *ComboFix /Uninstall* (Be sure to leave a space before the forward slash).











Click on *OK*.
If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to *Uninstall.exe*, then double-click on it to remove.
This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and *create a new Restore point.*
When it has finished you will see a dialog box stating that _"ComboFix has been uninstalled". _
After that, you can delete the ComboFix.exe program from your computer (Desktop).

Let me know if that went ok and if there are any further issues.


----------



## pera93bgd (Mar 17, 2014)

Uninstall went OK, I think there are no further issues. I guess I can also uninstall Malwarebyte, AdwCleaner, rKill etc. because those are still on my desktop?


----------



## Mark1956 (May 7, 2011)

All the apps used and any of the saved logs you can just right click on and select Delete to remove them. I would suggest keeping ADWCleaner and Malwarebytes to run regular scans with to keep the system clean and free of Adware. The free version of Malwarebytes has no active component and will only run scans when done so manually, the paid for version is a one off fee and will actively scan the system and provide an excellent addition to your PC's security running along side your Anti Virus.

Please mark the thread as Solved by clicking on the Thread Tools tab, just to the right above the first post and make the appropriate selection.


----------

