1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive] Ruling Out Malware

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by Shadefyre, Apr 11, 2015.

  1. Shadefyre

    Shadefyre Established Techie7 Member

    Hey,
    I'm crossposting from here: http://www.techie7.com/threads/suddenly-unable-to-connect-to-my-wireless-network.72778/ as I'd like to rule out Malware as a potential source of my problem since it's source is unclear.

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
    Ran by Shadefyre (administrator) on ALPHAZERO on 11-04-2015 18:26:50
    Running from C:\Users\Shadefyre\Desktop
    Loaded Profiles: Shadefyre (Available profiles: Shadefyre)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Apple Inc.) F:\My Better Documents\New Folder\iTunesHelper.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
    () C:\Users\Shadefyre\Desktop\NoSleepHDv2.0.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    () C:\Program Files (x86)\RocketDock\RocketDock.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Farbar) C:\Users\Shadefyre\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => F:\My Better Documents\New Folder\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
    HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
    HKLM\...\Run: [NoSleepHD] => C:\Users\Shadefyre\Desktop\NoSleepHDv2.0.exe [110080 2009-04-11] ()
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-25] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
    HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\MountPoints2: D - D:\setup.exe
    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\MountPoints2: {1c9bd36b-d754-11e4-b2cc-f46d04969b53} - L:\Setup.exe
    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\MountPoints2: {d936a5d6-ddd4-11e4-a099-806e6f6e6963} - E:\AUTORUN.EXE
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-25] (Avast Software s.r.o.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-25] (Avast Software s.r.o.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    FireFox:
    ========
    FF ProfilePath: C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF DefaultSearchUrl: hxxp://www.bing.com/search
    FF SearchEngineOrder.1: Microsoft (Bing)
    FF Homepage: about:home
    FF Keyword.URL: hxxp://www.bing.com/search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
    FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\user.js [2015-02-06]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-12] (Apple Inc.)
    FF SearchPlugin: C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\searchplugins\bing-avast.xml [2014-06-12]
    FF SearchPlugin: C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\searchplugins\zonealarm.xml [2015-02-06]
    FF Extension: Ant Video Downloader - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\anttoolbar@ant.com [2015-04-02]
    FF Extension: GFACE Experience Plugin - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\cryenginebrowserplugin@crytek.com [2013-11-07]
    FF Extension: zonealarm.com - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\ffxtlbr@zonealarm.com [2015-02-06]
    FF Extension: FoxyProxy Standard - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\foxyproxy@eric.h.jung [2015-03-23]
    FF Extension: Firefox Sync - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2011-12-20]
    FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-12-20]
    FF Extension: Black Steel - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} [2011-12-20]
    FF Extension: Simpler Black - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\{e971b650-6098-11da-8cd6-0800200c9a66} [2011-12-20]
    FF Extension: SkipScreen - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\SkipScreen@SkipScreen.xpi [2011-12-27]
    FF Extension: Adblock Plus - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-20]
    FF Extension: User Agent Switcher - C:\Users\Shadefyre\AppData\Roaming\Mozilla\Firefox\Profiles\0wnpkbg4.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-11-04]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-10]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-25]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-25]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-25] (Avast Software s.r.o.)
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-21] ()
    R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-25] (EasyAntiCheat Ltd)
    S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
    S3 Origin Client Service; G:\Origin\OriginClientService.exe [1910128 2015-02-04] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-06] ()
    S3 Survarium-Steam Update Service; F:\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [76408 2015-04-06] ()
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
    R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-25] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-25] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-25] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-25] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-25] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-25] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-25] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-25] ()
    S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-02] (Disc Soft Ltd)
    S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-09] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-09] (Acronis)
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-09] (Acronis International GmbH)
    R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-11 18:26 - 2015-04-11 18:27 - 00017208 _____ () C:\Users\Shadefyre\Desktop\FRST.txt
    2015-04-11 18:26 - 2015-04-11 18:26 - 02095616 _____ (Farbar) C:\Users\Shadefyre\Desktop\FRST64(1).exe
    2015-04-11 08:23 - 2015-04-11 08:30 - 00026856 _____ () C:\Users\Shadefyre\Documents\Resident Evil 2 16.veg
    2015-04-11 08:23 - 2015-04-11 08:23 - 00025472 _____ () C:\Users\Shadefyre\Documents\Resident Evil 2 16.veg.bak
    2015-04-11 07:34 - 2015-04-11 07:34 - 00000000 ___RD () C:\Users\Shadefyre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-04-11 04:17 - 2015-04-11 08:20 - 00032712 _____ () C:\Users\Shadefyre\Documents\Metro Last Light Bonus 5.veg
    2015-04-11 04:17 - 2015-04-11 08:13 - 00030472 _____ () C:\Users\Shadefyre\Documents\Metro Last Light Bonus 5.veg.bak
    2015-04-11 04:07 - 2011-01-21 10:28 - 735027200 _____ () C:\Users\Shadefyre\Desktop\01-Alien [1979].avi
    2015-04-10 06:42 - 2015-04-11 07:34 - 00000280 _____ () C:\Windows\setupact.log
    2015-04-10 06:42 - 2015-04-10 06:42 - 00000000 _____ () C:\Windows\setuperr.log
    2015-04-10 01:28 - 2015-04-10 01:28 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-04-10 01:20 - 2015-04-10 01:21 - 00137022 _____ () C:\Users\Shadefyre\Documents\cc_20150410_012051.reg
    2015-04-08 16:16 - 2015-04-11 07:34 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
    2015-04-08 16:16 - 2015-04-08 16:16 - 00000000 ____D () C:\Users\Public\Documents\Atheros
    2015-04-08 16:10 - 2015-04-11 18:19 - 00016006 _____ () C:\Windows\system32\RaCoInst.log
    2015-04-08 16:09 - 2013-11-21 22:06 - 02172616 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28ux.sys
    2015-04-08 16:09 - 2013-11-15 23:34 - 00331568 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
    2015-04-08 16:09 - 2013-11-15 23:34 - 00013973 _____ () C:\Windows\system32\RaCoInst.dat
    2015-04-08 05:58 - 2015-04-08 05:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
    2015-04-08 05:57 - 2015-04-09 20:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
    2015-04-08 05:57 - 2015-04-09 20:49 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
    2015-04-08 05:52 - 2015-04-08 05:52 - 00000000 ____D () C:\Users\Shadefyre\AppData\Roaming\Intel Corporation
    2015-04-08 05:49 - 2015-04-09 20:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2015-04-08 05:49 - 2011-04-26 11:07 - 00557848 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
    2015-04-08 04:32 - 2015-04-08 04:36 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-08 04:31 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-08 04:21 - 2011-03-30 00:15 - 01254464 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\AE2500w764.sys
    2015-04-08 04:21 - 2011-03-30 00:15 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
    2015-04-08 04:21 - 2011-03-30 00:11 - 03900928 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
    2015-04-08 04:21 - 2011-03-30 00:11 - 03566592 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
    2015-04-08 04:21 - 2010-06-10 19:11 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
    2015-04-08 01:45 - 2015-04-08 01:55 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-04-06 22:35 - 2015-04-09 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survarium-Steam
    2015-04-06 22:32 - 2015-04-09 20:49 - 00000000 ____D () C:\Users\Shadefyre\Documents\Survarium-Steam
    2015-04-05 11:18 - 2015-04-05 11:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-04 02:59 - 2015-04-04 03:12 - 429734857 _____ (GOG.com ) C:\Users\Shadefyre\Desktop\setup_pathologic_2.0.0.3.exe.part
    2015-04-04 02:59 - 2015-04-04 02:59 - 09738710 _____ () C:\Users\Shadefyre\Desktop\pathologic_wallpapers.zip
    2015-04-03 21:57 - 2015-04-03 22:44 - 87962872 _____ (GOG.com ) C:\Users\Shadefyre\Desktop\setup_dragonsphere_2.0.0.14.exe
    2015-04-03 21:57 - 2015-04-03 21:57 - 00267944 _____ () C:\Users\Shadefyre\Desktop\dragonsphere_examination_paper.zip
    2015-04-03 01:53 - 2015-04-03 01:53 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
    2015-03-29 03:07 - 2015-03-29 03:07 - 00025472 _____ () C:\Users\Shadefyre\Documents\Resident Evil 2 15.veg
    2015-03-29 02:58 - 2015-03-29 02:58 - 00024680 _____ () C:\Users\Shadefyre\Documents\Metro Last Light Bonus 4.veg
    2015-03-29 02:48 - 2015-03-29 02:52 - 00025048 _____ () C:\Users\Shadefyre\Documents\Metro Last Light Bonus 3.veg
    2015-03-29 02:48 - 2015-03-29 02:48 - 00023976 _____ () C:\Users\Shadefyre\Documents\Metro Last Light Bonus 3.veg.bak
    2015-03-29 02:46 - 2015-04-09 18:25 - 00026088 _____ () C:\Users\Shadefyre\Documents\Pacific Liberation Force.veg
    2015-03-29 02:46 - 2015-03-29 02:46 - 00026688 _____ () C:\Users\Shadefyre\Documents\Pacific Liberation Force.veg.bak
    2015-03-29 02:14 - 2015-04-09 20:49 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\NoSleepHD
    2015-03-29 02:13 - 2009-04-11 14:17 - 00110080 _____ () C:\Users\Shadefyre\Desktop\NoSleepHDv2.0.exe
    2015-03-26 06:45 - 2015-03-26 06:45 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\mslug3
    2015-03-25 07:23 - 2015-03-25 07:23 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-03-25 07:23 - 2015-03-25 07:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-03-25 05:48 - 2015-03-25 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THE ZOO RACE
    2015-03-23 04:39 - 2015-03-23 04:39 - 00028456 _____ () C:\Users\Shadefyre\Documents\Republique.veg
    2015-03-23 04:30 - 2015-03-23 04:30 - 00025192 _____ () C:\Users\Shadefyre\Documents\Metro Last Light Bonus 2.veg
    2015-03-23 04:24 - 2015-03-23 04:24 - 00027064 _____ () C:\Users\Shadefyre\Documents\Resident Evil 14.veg
    2015-03-23 04:17 - 2015-03-23 04:17 - 00030536 _____ () C:\Users\Shadefyre\Documents\Resident Evil 13.veg
    2015-03-23 04:10 - 2015-03-23 04:10 - 00021560 _____ () C:\Users\Shadefyre\Documents\Metro Last Light Bonus 1.veg
    2015-03-20 05:45 - 2015-03-20 06:42 - 00028632 _____ () C:\Users\Shadefyre\Documents\Metro Last Light 30.veg
    2015-03-20 05:45 - 2015-03-20 05:45 - 00025544 _____ () C:\Users\Shadefyre\Documents\Metro Last Light 30.veg.bak
    2015-03-19 22:21 - 2015-03-19 22:28 - 62470405 _____ (Qsc) C:\Users\Shadefyre\Desktop\Noahfull2.exe
    2015-03-16 13:48 - 2015-03-16 13:48 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
    2015-03-14 14:34 - 2015-03-14 14:34 - 00000000 ____D () C:\Users\Shadefyre\Documents\Colossal Order
    2015-03-14 14:34 - 2015-03-14 14:34 - 00000000 ____D () C:\Users\Shadefyre\AppData\Roaming\Colossal Order
    2015-03-14 14:34 - 2015-03-14 14:34 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\Colossal Order
    2015-03-14 14:34 - 2015-03-14 14:34 - 00000000 ____D () C:\ProgramData\.mono
    2015-03-14 12:13 - 2015-03-14 12:13 - 00021752 _____ () C:\Users\Shadefyre\Documents\White Night.veg

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-11 18:26 - 2013-06-15 09:50 - 00000000 ____D () C:\FRST
    2015-04-11 18:19 - 2009-07-14 01:13 - 00006166 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-11 18:17 - 2014-11-30 18:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-11 18:15 - 2009-07-14 00:45 - 00023408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-11 18:15 - 2009-07-14 00:45 - 00023408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-11 09:21 - 2014-11-30 20:49 - 01221378 _____ () C:\Windows\WindowsUpdate.log
    2015-04-11 08:36 - 2011-12-20 00:49 - 00000000 ____D () C:\Users\Shadefyre\AppData\Roaming\vlc
    2015-04-11 08:30 - 2011-12-20 00:02 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\CrashDumps
    2015-04-11 07:34 - 2015-02-09 04:06 - 00003752 _____ () C:\Windows\System32\Tasks\AutoKMS
    2015-04-11 07:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-11 02:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-04-11 00:23 - 2015-01-08 04:26 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
    2015-04-10 01:20 - 2011-12-20 01:08 - 00000000 ____D () C:\Users\Shadefyre\AppData\Roaming\uTorrent
    2015-04-10 01:20 - 2011-12-20 01:08 - 00000000 ____D () C:\Users\Shadefyre\AppData\Roaming\DAEMON Tools Lite
    2015-04-10 00:43 - 2014-11-30 18:49 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
    2015-04-09 20:49 - 2015-02-09 04:06 - 00000000 ____D () C:\Windows\AutoKMS
    2015-04-09 20:49 - 2014-11-30 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
    2015-04-09 20:49 - 2014-11-30 18:57 - 00000000 ____D () C:\Program Files (x86)\Renesas Electronics
    2015-04-09 20:49 - 2014-11-30 18:49 - 00000000 ____D () C:\Windows\Intel_Chipset_XPVistaWin7_V9301019
    2015-04-09 20:49 - 2014-11-30 18:12 - 00000000 ____D () C:\Users\Shadefyre
    2015-04-09 20:49 - 2011-12-20 01:08 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\4A Games
    2015-04-09 20:49 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-09 20:49 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-04-09 20:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
    2015-04-09 20:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-08 05:57 - 2010-10-20 05:01 - 00246804 _____ () C:\Windows\system32\Drivers\AtherosBt.bin
    2015-04-08 05:56 - 2014-11-30 18:52 - 00000000 ____D () C:\Program Files (x86)\Intel
    2015-04-08 05:43 - 2014-11-30 18:49 - 00001769 _____ () C:\Windows\Language_trs.ini
    2015-04-07 05:16 - 2012-09-29 22:19 - 00000000 ____D () C:\Users\Shadefyre\AppData\Roaming\Awesomium
    2015-04-06 05:15 - 2014-11-30 22:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-04 19:35 - 2014-12-18 06:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2015-04-04 19:35 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-04-03 01:53 - 2011-12-20 01:23 - 00000000 ____D () C:\Users\Shadefyre\Documents\My Games
    2015-04-02 19:33 - 2015-02-04 03:49 - 00000000 ____D () C:\ProgramData\Origin
    2015-03-30 15:25 - 2014-12-05 21:26 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
    2015-03-28 23:04 - 2014-12-10 21:34 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
    2015-03-28 23:04 - 2014-12-10 21:34 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2015-03-28 23:04 - 2014-12-10 21:34 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
    2015-03-28 23:04 - 2014-12-10 21:34 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2015-03-28 22:32 - 2015-01-02 03:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    2015-03-28 22:32 - 2015-01-02 03:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2015-03-27 21:37 - 2013-02-15 22:42 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\Warframe
    2015-03-25 07:23 - 2014-12-01 00:07 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-03-25 07:23 - 2014-12-01 00:07 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-03-21 16:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-21 07:01 - 2013-04-30 06:16 - 00000000 ____D () C:\Users\Shadefyre\AppData\Roaming\ScummVM
    2015-03-21 01:03 - 2009-07-14 00:45 - 04888944 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-21 01:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-03-17 00:17 - 2015-01-31 01:49 - 00000000 ____D () C:\Users\Shadefyre\Desktop\Resident Evil Code Veronica X
    2015-03-16 13:48 - 2014-02-25 00:54 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\Arma 3
    2015-03-14 18:09 - 2013-01-23 17:50 - 00058344 _____ () C:\Users\Shadefyre\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-13 10:24 - 2011-12-20 01:08 - 00000000 ____D () C:\Users\Shadefyre\AppData\Local\Adobe
    2015-03-13 10:21 - 2014-12-01 00:16 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-13 10:21 - 2014-12-01 00:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2010-11-19 00:27 - 2010-11-19 00:27 - 0587776 _____ (Igor Pavlov) C:\Users\Shadefyre\AppData\Roaming\7za.exe
    2012-04-02 16:17 - 2012-04-02 16:17 - 0040985 _____ () C:\Users\Shadefyre\AppData\Roaming\a.7z
    2014-12-26 23:50 - 2014-12-26 23:50 - 0000132 _____ () C:\Users\Shadefyre\AppData\Roaming\Adobe BMP Format CS6 Prefs
    2012-04-03 03:07 - 2013-04-26 00:47 - 0000132 _____ () C:\Users\Shadefyre\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-08-15 01:12 - 2013-01-19 14:18 - 0000132 _____ () C:\Users\Shadefyre\AppData\Roaming\Adobe Targa Format CS5 Prefs
    2014-03-27 02:34 - 2014-11-03 02:07 - 0000297 _____ () C:\Users\Shadefyre\AppData\Roaming\BreakingPoint_Login.ini
    2014-08-25 01:19 - 2014-11-03 02:07 - 0001580 _____ () C:\Users\Shadefyre\AppData\Roaming\BreakingPoint_Options.ini
    2014-03-19 01:46 - 2014-03-19 01:46 - 0079936 _____ () C:\Users\Shadefyre\AppData\Roaming\icarus-dxdiag.xml
    2013-07-20 01:09 - 2013-07-21 00:59 - 0000039 _____ () C:\Users\Shadefyre\AppData\Roaming\TheHunterSettings_live.cfg
    2013-04-28 20:13 - 2013-04-28 20:13 - 0003072 _____ () C:\Users\Shadefyre\AppData\Local\file__0.localstorage
    2013-05-01 06:11 - 2013-05-01 06:11 - 1145382 _____ () C:\Users\Shadefyre\AppData\Local\Tempmusic.ogg
    2014-12-01 00:28 - 2014-12-01 00:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-05 19:07

    ==================== End Of Log ============================


    Addition.txt
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
    Ran by Shadefyre at 2015-04-11 18:27:31
    Running from C:\Users\Shadefyre\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
    µTorrent (HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Alchemilla v1.0 (HKLM-x32\...\{F48B561D-9D56-4C5E-8822-AB78042BA342}}_is1) (Version: - White Noise)
    Aliens versus Predator Classic 2000 (HKLM-x32\...\Steam App 3730) (Version: - Rebellion)
    Aliens: Colonial Marines (HKLM-x32\...\Steam App 49540) (Version: - Gearbox Software)
    Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
    BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
    BloodRayne (HKLM-x32\...\GOGPACKBLOODRAYNE1_is1) (Version: 2.0.0.5 - GOG.com)
    Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: - )
    Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version: - )
    Clive Barker's Undying (HKLM-x32\...\GOGPACKUNDYING_is1) (Version: 2.0.0.5 - GOG.com)
    Conflict: Denied Ops (HKLM-x32\...\Steam App 8100) (Version: - Pivotal Games)
    Cthulhu (HKLM-x32\...\Cthulhu) (Version: - )
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version: - Red Hook Studios)
    Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version: - Rising Star Games)
    Delta Force 2 (HKLM-x32\...\Steam App 32630) (Version: - NovaLogic)
    Delta Force Task Force Dagger (HKLM-x32\...\Delta Force Task Force Dagger) (Version: - )
    Depth (HKLM-x32\...\Steam App 274940) (Version: - Digital Confectioners)
    Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
    Dissolution (HKLM-x32\...\Dissolution) (Version: - )
    Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
    Dusk 12 (HKLM-x32\...\Steam App 317970) (Version: - Orion Games)
    Dying Light (HKLM-x32\...\Steam App 239140) (Version: - Techland)
    FINAL FANTASY IV (HKLM-x32\...\RklOQUxGQU5UQVNZSVY=_is1) (Version: 1 - )
    FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version: - SQUARE ENIX)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
    Genesis Expansion Project v2 (HKLM-x32\...\Genesis Expansion Project v2 2) (Version: 2 - Name of your company)
    GenuTax Standard (HKLM-x32\...\{C558F931-FCAD-4252-909F-D736DF679567}) (Version: 1.45 - GenuSource Consulting Inc)
    Ghastleybriar 1.0 (HKLM-x32\...\Ghastleybriar) (Version: 1.0 - BattleSquirrel Galactica)
    H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment)
    Half-Life: Before (HKLM-x32\...\Steam App 261980) (Version: - Andrii Vintsevych)
    Heavy Bullets (HKLM-x32\...\Steam App 297120) (Version: - Terri Vellmann)
    Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
    HMS Defiance 2 (HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\HMS Defiance 2) (Version: - )
    Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)
    Hotline Miami 2 - Wrong Number (HKLM-x32\...\1424773427_is1) (Version: 2.0.0.1 - GOG.com)
    Insanity's Blade (HKLM-x32\...\SW5zYW5pdHlzQmxhZGU=_is1) (Version: 1 - )
    Intel A/V Codecs V2.0 (HKLM-x32\...\CodInstl) (Version: - )
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
    Joint Task Force (HKLM-x32\...\Steam App 6400) (Version: - Most Wanted Entertainment)
    Killer is Dead (HKLM-x32\...\Steam App 261110) (Version: - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
    K-Lite Codec Pack 10.8.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.5 - )
    Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
    M.I.A. Mission in Asia (HKLM-x32\...\M.I.A. Mission in Asia_is1) (Version: - )
    Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version: - Remedy Entertainment)
    Metal Drift (HKLM-x32\...\Steam App 32200) (Version: - Black Jacket Studios)
    METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version: - Kojima Productions)
    METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version: - DotEmu)
    Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (Partnernet) (HKLM-x32\...\{57672BEC-E777-4D4B-944A-719414E84D3F}) (Version: 3.5.50.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
    Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
    My Game Long Name (HKLM\...\UDK-444582ab-59d3-4d15-abfc-69d562429220) (Version: - Epic Games, Inc.)
    Neverending Nightmares (HKLM-x32\...\Steam App 253330) (Version: - Infinitap Games)
    NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
    NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Primal Carnage: Extinction (HKLM-x32\...\Steam App 321360) (Version: - Circle Five Studios)
    Real Horror Stories Ultimate Edition (HKLM-x32\...\Steam App 281370) (Version: - GameORE)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    Redline (HKLM-x32\...\GOGPACKREDLINE_is1) (Version: 2.0.0.3 - GOG.com)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
    Republique Remastered (HKLM-x32\...\Republique Remastered_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
    Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version: - CAPCOM Co., Ltd.)
    resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)
    Resident Evil 5 / Biohazard 5 (HKLM-x32\...\Steam App 21690) (Version: - Capcom)
    Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version: - Capcom)
    Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version: - CAPCOM Co., Ltd.)
    Rock of Ages (HKLM-x32\...\Steam App 22230) (Version: - ACE Team)
    S.T.A.L.K.E.R.: Lost Alpha version 1.3003 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3003 - dezowave)
    S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World)
    Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
    SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
    Sequence (HKLM-x32\...\Steam App 200910) (Version: - Iridium Studios)
    Shad'O (HKLM-x32\...\Steam App 215770) (Version: - Okugi Studio)
    Shank 2 (HKLM-x32\...\Steam App 102840) (Version: - Klei Entertainment)
    Shelter 2 (HKLM-x32\...\1424868751_is1) (Version: 2.0.0.1 - GOG.com)
    Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
    Singularity (HKLM-x32\...\Steam App 42670) (Version: - Raven Software)
    Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version: - Rebellion)
    Stalker Complete 2009 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version: - )
    State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
    Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
    Subnautica v900 (HKLM-x32\...\Subnautica v900 1.0.0) (Version: 1.0.0 - IGG-GAMES.COM)
    Subnautica v900 (x32 Version: 1.0.0 - IGG-GAMES.COM) Hidden
    Survarium (HKLM-x32\...\Steam App 355840) (Version: - Vostok Games)
    Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.27d - )
    Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version: - Nomad Games Limited)
    The Culling Of The Cows (HKLM-x32\...\Steam App 297020) (Version: - Decaying Logic)
    The Fall (HKLM-x32\...\Steam App 290770) (Version: - Over The Moon)
    The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version: - Relic Entertainment)
    The Long Dark (HKLM-x32\...\Steam App 305620) (Version: - Hinterland Studio Inc.)
    The Stalin Subway (HKLM-x32\...\Steam App 311140) (Version: - Orion Games)
    The Train 1.0 (HKLM-x32\...\The Train 1.0) (Version: 1.0 - Cat-A-Cat)
    The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
    The Zoo Race 1.7 (HKLM-x32\...\THE ZOO RACE_is1) (Version: - Cougar Interactive)
    Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version: - Crystal Dynamics)
    Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version: - Ubisoft Montpellier)
    Vegas Pro 10.0 (64-bit) (HKLM\...\{C616FD4F-11F5-11E0-A38F-0013D3D69929}) (Version: 10.0.470 - Sony)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
    Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
    WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
    Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
    Year Walk (HKLM-x32\...\Steam App 269050) (Version: - Simogo)
    Ys: The Oath in Felghana (HKLM-x32\...\Steam App 207320) (Version: - Nihon Falcom)
    ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 13.3.209.000 - Check Point)
    ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
    ZoneAlarm Security Toolbar (HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    08-04-2015 16:09:48 Installed DWA-130
    09-04-2015 00:28:26 Removed DWA-130
    09-04-2015 00:30:01 Installed DWA-130
    09-04-2015 01:01:28 Removed DWA-130
    09-04-2015 01:11:59 Installed DWA-130
    09-04-2015 20:37:04 Restore Operation
    09-04-2015 21:29:58 Installed Broadcom 802.11n Network Adapter
    09-04-2015 21:32:59 Device Driver Package Install: Broadcom Network adapters
    09-04-2015 21:33:01 Device Driver Package Install: Broadcom Network adapters
    09-04-2015 21:33:57 Removed DWA-130
    09-04-2015 21:34:48 Removed Broadcom 802.11n Network Adapter
    10-04-2015 00:54:13 Installed DWA-130
    10-04-2015 01:03:38 Removed DWA-130
    10-04-2015 16:21:46 Installed DWA-130
    11-04-2015 18:17:09 Removed DWA-130

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2014-12-26 07:22 - 00001952 ___RA C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
    127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
    127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
    127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com cmdls.adobe.com na1r.services.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02373CDE-6DCA-422C-9534-013786617B4E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {4354CE19-F396-49A3-90FF-4C442E7405D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: {AAAA84B0-78E1-4779-AFDD-1EBD29536825} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-09] ()
    Task: {B1152BFB-BD19-4391-A2D3-E6D64DA7F909} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-25] (Avast Software s.r.o.)
    Task: {B357B5A1-DD88-406E-84CC-700B29E85FC8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {EED50030-5A18-420D-9ECC-C80B2A1A8FBF} - System32\Tasks\ASUS\i-Setup174906 => C:\Windows\Intel_Chipset_XPVistaWin7_V9301019\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-29 02:13 - 2009-04-11 14:17 - 00110080 _____ () C:\Users\Shadefyre\Desktop\NoSleepHDv2.0.exe
    2011-12-20 01:00 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
    2015-02-04 14:22 - 2015-02-06 03:22 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2015-03-25 07:23 - 2015-03-25 07:23 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-03-25 07:23 - 2015-03-25 07:23 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-04-07 17:36 - 2015-04-07 17:36 - 02924544 _____ () C:\Program Files\AVAST Software\Avast\defs\15040701\algo.dll
    2011-12-20 01:00 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
    2015-03-25 07:23 - 2015-03-25 07:23 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-04-08 05:49 - 2015-04-08 05:49 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\84842098d2f03a96f67a190bd3de8940\IsdiInterop.ni.dll
    2015-04-08 05:49 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3571763962-2637144462-2063933446-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Shadefyre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3571763962-2637144462-2063933446-500 - Administrator - Disabled)
    Guest (S-1-5-21-3571763962-2637144462-2063933446-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3571763962-2637144462-2063933446-1002 - Limited - Enabled)
    Shadefyre (S-1-5-21-3571763962-2637144462-2063933446-1000 - Administrator - Enabled) => C:\Users\Shadefyre

    ==================== Faulty Device Manager Devices =============

    Name: WAN Miniport (IPv6)
    Description: WAN Miniport (IPv6)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: NdisWan
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/11/2015 06:19:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (04/11/2015 06:19:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (04/11/2015 08:30:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: vegas100.exe, version: 10.0.0.470, time stamp: 0x4d18eee3
    Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
    Exception code: 0xc0000374
    Fault offset: 0x00000000000c40f2
    Faulting process id: 0x404
    Faulting application start time: 0xvegas100.exe0
    Faulting application path: vegas100.exe1
    Faulting module path: vegas100.exe2
    Report Id: vegas100.exe3

    Error: (04/11/2015 07:38:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (04/11/2015 07:38:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (04/11/2015 07:35:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (04/11/2015 07:35:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (04/11/2015 07:34:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/11/2015 04:12:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program vegas100.exe version 10.0.0.470 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: cc0

    Start Time: 01d0742f0987ce98

    Termination Time: 12436

    Application Path: C:\Program Files\Sony\Vegas Pro 10.0\vegas100.exe

    Report Id: 81e82e23-e022-11e4-ac9c-f46d04969b53

    Error: (04/11/2015 00:28:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


    System errors:
    =============
    Error: (04/11/2015 08:10:37 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (04/11/2015 07:34:09 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:20:34 AM on ‎4/‎11/‎2015 was unexpected.

    Error: (04/11/2015 04:33:02 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk3\DR3.

    Error: (04/11/2015 04:32:43 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (04/11/2015 04:32:24 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (04/11/2015 04:32:23 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (04/11/2015 04:31:59 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (04/11/2015 04:31:58 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (04/11/2015 04:31:57 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Error: (04/11/2015 04:18:08 AM) (Source: iaStor) (EventID: 9) (User: )
    Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


    Microsoft Office Sessions:
    =========================
    Error: (04/11/2015 06:19:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000

    Error: (04/11/2015 06:19:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000

    Error: (04/11/2015 08:30:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: vegas100.exe10.0.0.4704d18eee3ntdll.dll6.1.7601.175144ce7c8f9c000037400000000000c40f240401d07450d5fd0537C:\Program Files\Sony\Vegas Pro 10.0\vegas100.exeC:\Windows\SYSTEM32\ntdll.dll7a647dab-e046-11e4-9e34-f46d04969b53

    Error: (04/11/2015 07:38:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000

    Error: (04/11/2015 07:38:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000

    Error: (04/11/2015 07:35:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000

    Error: (04/11/2015 07:35:31 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000

    Error: (04/11/2015 07:34:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/11/2015 04:12:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: vegas100.exe10.0.0.470cc001d0742f0987ce9812436C:\Program Files\Sony\Vegas Pro 10.0\vegas100.exe81e82e23-e022-11e4-ac9c-f46d04969b53

    Error: (04/11/2015 00:28:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000


    CodeIntegrity Errors:
    ===================================
    Date: 2015-04-11 18:26:34.125
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 18:16:49.705
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 10:06:49.872
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 08:08:34.730
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 07:34:16.327
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 04:33:02.587
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 02:27:09.943
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 00:58:13.214
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 00:48:45.730
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-04-11 00:42:12.526
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
    Percentage of memory in use: 23%
    Total physical RAM: 8159.14 MB
    Available physical RAM: 6212.14 MB
    Total Pagefile: 16316.47 MB
    Available Pagefile: 14042.66 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:146.48 GB) (Free:56.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive e: (DWA-130) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS
    Drive f: () (Fixed) (Total:785.02 GB) (Free:16.38 GB) NTFS
    Drive g: () (Fixed) (Total:931.51 GB) (Free:59.12 GB) NTFS
    Drive h: (Video Media Storage Unit) (Fixed) (Total:1024 GB) (Free:27.2 GB) NTFS
    Drive i: (Ext Sto) (Fixed) (Total:465.75 GB) (Free:32.16 GB) NTFS
    Drive j: (Game And LP Storage) (Fixed) (Total:839.01 GB) (Free:593.33 GB) NTFS
    Drive k: () (Fixed) (Total:2794.51 GB) (Free:1976.78 GB) NTFS
    Drive m: (ADATA UFD) (Removable) (Total:29.44 GB) (Free:29.44 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: AF75AF75)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D6E8740B)
    Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=785 GB) - (Type=05)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8FBE5191)
    Partition 1: (Not Active) - (Size=1024 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=839 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 01A002E5)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 4.

    ========================================================
    Disk: 5 (Size: 29.5 GB) (Disk ID: 04DD5721)
    Partition 1: (Active) - (Size=29.5 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  2. Shadefyre

    Shadefyre Established Techie7 Member

    Well, I've solved my initial problem, however I'd still like to get a malware once-over, as I've still been having a few unrelated stability issues.
     
  3. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    I don't see anything suspicious there.

    I'm little bit concerned though about this Event Viewer item listed several times:

    Hard drive issue?
    Create new topic in appropriate forum.