View Full Version : searchingresult.com and likeopinion.com popups and browser redirects
As the title states I am getting popups from both searchingresult.com and likeopinion.com, and once the popup appears my browser is redirected to their sites. This happens in both IE and Firefox. I have a computer using windows 8 so I can only provide the requested FRST results.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Buddy (administrator) on I5MSTS on 23-05-2015 21:30:20
Running from C:\Users\Buddy\Desktop
Loaded Profiles: Buddy (Available Profiles: Buddy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
Failed to access process -> stacsv64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sprint\Sprint SmartView\SwiCardDetect64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Ares Development Group) C:\Ares\Ares.exe
(Landstar) C:\Users\Buddy\AppData\Local\Apps\2.0\XOYYKMK7.03A\PPER3WQC.LN1\dire..tion_0000000000000000_0001.0000_94cfc10d76be32b6\DirectScan.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ConBuilder) C:\CONBUILDER 5.7\X_cbupdate.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sprint) C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
(SmithMicro Inc.) C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
() C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM-x32\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [357376 2008-08-28] (Saitek)
HKLM-x32\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2008-08-28] (Saitek)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-10-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sprint SmartView] => C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe [69632 2012-07-13] (Sprint)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [ares] => C:\Ares\Ares.exe [3404288 2014-06-29] (Ares Development Group)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [DirectScan] => C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landstar\Imaging\DirectScan.appref-ms
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-05-22]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ConBuilder - Auto Update.lnk [2013-11-21]
ShortcutTarget: ConBuilder - Auto Update.lnk -> C:\CONBUILDER 5.7\cbupdate.exe (ConBuilder)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-04-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-10-28]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-799792450-1319612783-380193225-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-799792450-1319612783-380193225-1001] => http=127.0.0.1:44444;https=127.0.0.1:44444
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-02-12] (RealDownloader)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-02-12] (RealDownloader)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\502ygpxx.default
FF Homepage: https://www.yahoo.com/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-11-23] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-28] (RealPlayer Cloud)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-799792450-1319612783-380193225-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Buddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-28]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 CASprint; C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [124520 2012-05-30] (SmithMicro Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-04-19] (Creative Labs) []
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) []
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-18] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-07] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-10-28] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-12] () []
R3 SprintRcAppSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe [120424 2012-05-30] (SmithMicro Inc.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) []
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\SwiCardDetect64.exe [307568 2010-09-22] (Sierra Wireless, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-28] (Advanced Micro Devices, Inc.)
S3 bcm; C:\Windows\system32\DRIVERS\drxvi314_64.sys [416000 2012-03-20] (Beceem Communications Inc.)
S3 bcmbusctr; C:\Windows\System32\drivers\BcmBusCtr_64.sys [64000 2012-03-20] (Beceem Communications Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1065728 2014-11-26] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PCTINDIS5X64; C:\WINDOWS\SYSTEM32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 SaiK0836; C:\Windows\System32\drivers\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SWNC5E00; C:\Windows\system32\DRIVERS\SWNC5E00.sys [285696 2010-10-19] (Sierra Wireless Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 21:30 - 2015-05-23 21:30 - 00025150 _____ () C:\Users\Buddy\Desktop\FRST.txt
2015-05-23 21:29 - 2015-05-23 21:30 - 00000000 ____D () C:\FRST
2015-05-23 08:03 - 2015-05-23 08:03 - 00002151 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-05-23 08:03 - 2015-05-11 20:34 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-05-23 08:01 - 2015-05-23 08:02 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-23 08:00 - 2015-05-13 00:52 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-05-23 08:00 - 2015-05-13 00:52 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 42718864 _____ () C:\WINDOWS\system32\nvcompiler.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 37741712 _____ () C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 30478992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 16145176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 14455296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 13263568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 10972304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-05-23 08:00 - 2015-05-12 00:27 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435286.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435286.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00878816 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00502896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-05-23 01:52 - 2015-05-23 01:52 - 08067407 _____ () C:\Users\Buddy\Desktop\aswMBR.exe
2015-05-23 01:51 - 2015-05-23 01:51 - 02108416 _____ (Farbar) C:\Users\Buddy\Desktop\FRST64.exe
2015-05-22 23:00 - 2015-05-22 23:00 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-I5MSTS-Windows-8.1-(64-bit).dat
2015-05-22 22:58 - 2015-05-22 22:58 - 00002253 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-22 22:58 - 2015-05-22 22:58 - 00000000 ____D () C:\RegBackup
2015-05-22 22:58 - 2015-05-22 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-22 22:58 - 2015-05-22 22:58 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-05-22 22:57 - 2015-05-22 22:57 - 04720448 _____ () C:\Users\Buddy\Desktop\tweaking.com_registry_backup_setup.exe
2015-05-22 21:17 - 2015-05-23 08:57 - 00636807 _____ () C:\Users\Buddy\Documents\untitled_AutoSave.gcs
2015-05-18 15:02 - 2015-05-18 15:02 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-18 15:02 - 2015-05-18 15:02 - 00000000 ____D () C:\Users\Buddy\AppData\Roaming\Canon
2015-05-15 16:26 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 16:26 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 13:38 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-15 13:38 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-15 13:38 - 2015-03-17 11:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-15 13:38 - 2015-03-08 20:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-15 13:37 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-15 13:37 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-15 13:37 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-15 13:37 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-15 13:37 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-15 13:37 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-15 13:37 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-15 13:36 - 2015-04-24 15:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-15 13:36 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-15 13:36 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-15 13:36 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-15 13:36 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-15 13:36 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-15 13:36 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-15 13:36 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-15 13:36 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-15 13:36 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-15 13:36 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-15 13:36 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-15 13:36 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-15 13:36 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-15 13:36 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-15 13:36 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-15 13:36 - 2015-03-04 17:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-15 13:36 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-15 13:35 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-15 13:35 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-15 13:35 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-15 13:35 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-15 13:35 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-15 13:35 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-15 13:35 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-15 13:35 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-15 13:35 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-15 13:35 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-15 13:35 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-15 13:35 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-15 13:35 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-15 13:35 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-15 13:35 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-15 13:35 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-15 13:35 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-15 13:35 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-15 13:35 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-15 13:35 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-15 13:35 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-15 13:35 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-15 13:35 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-15 13:35 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-15 13:35 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-15 13:35 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-15 13:35 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-15 13:35 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-15 13:35 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-15 13:35 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-15 13:35 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-15 13:35 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-15 13:35 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-15 13:35 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-15 13:35 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-15 13:35 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-15 13:35 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-15 13:35 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-15 13:35 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-15 13:35 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-15 13:35 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-15 13:35 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-15 13:35 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-15 13:35 - 2015-03-12 22:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-15 13:35 - 2015-03-12 22:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-15 13:35 - 2015-03-12 18:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-15 13:35 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-15 13:35 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-15 13:35 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-15 13:35 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-14 18:01 - 2015-05-23 09:03 - 00003308 _____ () C:\WINDOWS\System32\Tasks\UpdateService
2015-05-14 14:45 - 2015-05-14 14:45 - 00000344 _____ () C:\Users\Buddy\Desktop\DirectScan.appref-ms
2015-05-14 14:45 - 2015-05-14 14:45 - 00000204 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-05-14 14:45 - 2015-05-14 14:45 - 00000000 ____D () C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landstar
2015-05-04 19:49 - 2015-05-04 19:49 - 00000000 ____D () C:\01timetableedit13
2015-05-03 21:03 - 2013-08-22 07:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150503-210304.backup
2015-05-01 16:52 - 2015-05-23 20:35 - 1644374269 _____ () C:\Users\Buddy\Desktop\OpenRailsDump.csv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 21:29 - 2013-05-16 22:14 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{28F553E7-2424-4A2E-90CE-EE7D974AD797}
2015-05-23 21:11 - 2013-11-28 22:51 - 01201566 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-23 21:02 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-23 20:35 - 2013-05-17 09:04 - 00000000 ____D () C:\Users\Buddy\AppData\Roaming\Open Rails
2015-05-23 18:25 - 2014-09-12 09:26 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 16:53 - 2014-11-08 12:35 - 00000000 ____D () C:\01 OPEN RAILS 2833
2015-05-23 09:14 - 2013-05-16 22:21 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-799792450-1319612783-380193225-1001
2015-05-23 09:11 - 2015-04-04 19:16 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForBuddy
2015-05-23 09:11 - 2015-04-04 19:16 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForBuddy.job
2015-05-23 09:10 - 2013-12-02 09:09 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-23 09:08 - 2013-09-29 22:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 09:04 - 2014-09-10 23:38 - 00000000 ____D () C:\Users\Buddy\AppData\Local\Deployment
2015-05-23 09:04 - 2014-04-21 21:17 - 00000000 ___DO () C:\Users\Buddy\OneDrive
2015-05-23 09:03 - 2013-08-22 08:46 - 00376884 _____ () C:\WINDOWS\setupact.log
2015-05-23 09:02 - 2013-11-28 22:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-23 09:02 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 09:01 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-23 08:03 - 2013-11-28 22:51 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-23 08:03 - 2013-11-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-23 02:18 - 2014-11-14 12:42 - 00000000 ____D () C:\Users\Buddy\Desktop\My Shared Folder
2015-05-23 01:43 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-23 00:15 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-23 00:11 - 2015-04-06 21:24 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-23 00:11 - 2015-04-06 21:24 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-22 23:24 - 2013-01-14 21:33 - 00000000 ____D () C:\ProgramData\Temp
2015-05-18 18:04 - 2015-04-05 20:00 - 00000313 _____ () C:\Users\Buddy\Desktop\PRB TIMETABLE NOTES.txt
2015-05-18 16:36 - 2015-04-18 15:16 - 00014336 _____ () C:\Users\Buddy\Desktop\PRB DISPATCH.xls
2015-05-18 14:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-15 18:45 - 2013-08-22 08:44 - 04921672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 18:45 - 2013-08-07 10:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 18:45 - 2013-08-07 10:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 18:41 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 18:41 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 16:26 - 2013-11-15 23:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-15 16:23 - 2013-05-16 22:44 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-15 16:22 - 2013-08-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 16:20 - 2013-09-29 21:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 17:53 - 2014-04-20 20:16 - 00000910 _____ () C:\Users\Buddy\Desktop\FFEDITC_UNICODE.lnk
2015-05-13 00:52 - 2014-05-21 23:21 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-05-12 00:27 - 2015-04-01 06:45 - 22945424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-05-12 00:27 - 2015-04-01 06:45 - 15048816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-05-12 00:27 - 2015-04-01 06:45 - 01050256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-05-12 00:27 - 2014-11-10 10:55 - 11790144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-05-12 00:27 - 2014-09-19 22:56 - 15858728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 17540416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 12849056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 03363224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 02971776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 00031710 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-05-11 21:30 - 2013-11-28 22:52 - 06872392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-05-11 21:30 - 2013-11-28 22:52 - 03490448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-05-11 21:30 - 2013-11-28 22:52 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-05-11 21:30 - 2013-11-28 22:52 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-05-11 21:30 - 2013-11-28 22:52 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-05-11 21:30 - 2013-11-21 17:33 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-05-11 11:01 - 2013-11-28 22:52 - 04391871 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-05-05 11:59 - 2015-03-22 06:43 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 11:59 - 2015-03-22 06:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-02 10:58 - 2013-11-28 22:55 - 00000000 ____D () C:\Users\Buddy
2015-05-01 15:07 - 2014-09-12 09:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-01 15:00 - 2014-09-12 09:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-04-28 00:17 - 2014-09-12 09:26 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-28 00:17 - 2014-09-12 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-28 00:17 - 2014-09-12 09:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
==================== Files in the root of some directories =======
2014-11-14 16:50 - 2014-11-14 16:50 - 0000132 _____ () C:\Users\Buddy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-05-17 08:58 - 2015-04-16 17:41 - 0000000 _____ () C:\Users\Buddy\AppData\Roaming\FileIn.cns
2013-05-17 08:58 - 2015-04-16 17:41 - 0000000 _____ () C:\Users\Buddy\AppData\Roaming\FileOut.cns
2014-10-08 16:39 - 2014-11-13 11:36 - 0005120 _____ () C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-02 15:55 - 2014-10-02 15:55 - 0000017 _____ () C:\Users\Buddy\AppData\Local\resmon.resmoncfg
2015-05-14 14:45 - 2015-05-14 14:45 - 0000204 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-01-14 21:55 - 2013-01-14 21:55 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\Buddy\AppData\Local\Temp\bitool.dll
C:\Users\Buddy\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Buddy\AppData\Local\Temp\Itibiti_Knctr_B.exe
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Buddy\AppData\Local\Temp\nvStInst.exe
C:\Users\Buddy\AppData\Local\Temp\SoftUpdater.exe
C:\Users\Buddy\AppData\Local\Temp\sp64126.exe
C:\Users\Buddy\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-23 09:14
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Buddy at 2015-05-23 21:31:21
Running from C:\Users\Buddy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-799792450-1319612783-380193225-500 - Administrator - Disabled)
Buddy (S-1-5-21-799792450-1319612783-380193225-1001 - Administrator - Enabled) => C:\Users\Buddy
Guest (S-1-5-21-799792450-1319612783-380193225-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1994 BN Aluminum Grain Cars 1.0.0 (HKLM-x32\...\1994 BN Aluminum Grain Cars 1.0.0) (Version: 1.0.0 - Tigertrains.com)
2 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\2 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
3 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\3 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
4 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\4 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
52' Darling Tanker Set 1.0.0 (HKLM-x32\...\52' Darling Tanker Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
52' DRPX Tanker Set 1.0.0 (HKLM-x32\...\52' DRPX Tanker Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
Abacus CoPilot Pro (HKLM-x32\...\{69050DD3-976A-4818-9E30-C785A4C6A141}) (Version: 4.00.0003 - Abacus Software)
AceIt v1.3.1 (HKLM-x32\...\AceIt_is1) (Version: - Scott M. Miller)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Agrium Covered Hopper Set A 1.0.0 (HKLM-x32\...\Agrium Covered Hopper Set A 1.0.0) (Version: 1.0.0 - Tigertrains.com)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amtrak ExpressTrak Reefers 1.0.0 (HKLM-x32\...\Amtrak ExpressTrak Reefers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Amtrak P32AC-DM Engine Pack 1.0.1 (HKLM-x32\...\Amtrak P32AC-DM Engine Pack 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Amtrak U.S. Mail Boxcar Set 1.0.0 (HKLM-x32\...\Amtrak U.S. Mail Boxcar Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 3.1.8.4045 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.8.4045 - Ares)
Atlanta (HKLM-x32\...\MegaCity - Atlanta_is1) (Version: 1 - PC Aviator Inc.)
ATSF Seligman Route 2.0 (HKLM-x32\...\ATSF Seligman Route 2.0) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BN & ATSF Tank Cars 1.0.0 (HKLM-x32\...\BN & ATSF Tank Cars 1.0.0) (Version: 1.0.0 - Tigertrains.com)
BNSF Ore Trainset #1 1.0.3 (HKLM-x32\...\BNSF Ore Trainset #1 1.0.3) (Version: 1.0.3 - Tigertrains.com)
BNSF Ore Trainset 1.0.2 (HKLM-x32\...\BNSF Ore Trainset 1.0.2) (Version: 1.0.2 - Edstrainsonline.com)
BNSF Seligman Route 2.0 Upgrade (HKLM-x32\...\BNSF Seligman Route 2.0 Upgrade) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon MX360 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CLS DC10 (HKLM-x32\...\CLS DC10) (Version: - )
Coal Country: The Orin Line (HKLM-x32\...\{89EF5B71-BFB4-400E-ABD6-A331A153F304}_is1) (Version: 1.0 - van Birgelen)
ConBuilder (HKLM-x32\...\ConBuilder) (Version: 5.7.7.1 - ConBuilder)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dallas (HKLM-x32\...\MegaCITY - Dallas_is1) (Version: 1.0 - PC Aviator Inc.)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Data Rescue PC3 v110714 (HKLM-x32\...\Data Rescue PC3_is1) (Version: v110714 - Prosoft Engineering, Inc.)
Denver (HKLM-x32\...\MegaCITY - Denver_is1) (Version: 1.0 - PC Aviator Inc.)
DirectScan (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\cb59a91e7790dee5) (Version: 1.0.0.163 - Landstar)
DOCX Trinity 4460 cu.ft. Hoppers 1.0.0 (HKLM-x32\...\DOCX Trinity 4460 cu.ft. Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DWC Bulkhead Set 1.0.0 (HKLM-x32\...\DWC Bulkhead Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
EMD 645E3 Turbo Charged Soundset (HKLM-x32\...\EMD 645E3 Turbo Charged Soundset) (Version: - )
EVE Online (HKLM-x32\...\{F66A87E9-5BC1-4E9E-9411-9A15136A132E}) (Version: 3.0.0 - CCP Games Ltd.)
EVGA OC Scanner X 3.4.0 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: - EVGA)
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version: - Giants Software)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Feather River Route (HKLM-x32\...\Feather River Routev1.03) (Version: v1.03 - 3DTrains)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Flight1 Downloader (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Flight1 Downloader) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Freight Sound Package 1.0.7 (HKLM-x32\...\Freight Sound Package 1.0.7) (Version: 1.0.7 - Tigertrains.com)
FSGenesis Appalachians & Northeast 38m Terrain (HKLM-x32\...\FSGenesis Appalachians & Northeast 38m Terrain) (Version: - )
FSGenesis Texas & Southeast 38m Terrain (HKLM-x32\...\FSGenesis Texas & Southeast 38m Terrain) (Version: - )
FSGenesis The Great Plains 38m Terrain (HKLM-x32\...\FSGenesis The Great Plains 38m Terrain) (Version: - )
FSGenesis The Rockies 38m Terrain (HKLM-x32\...\FSGenesis The Rockies 38m Terrain) (Version: - )
FSGenesis The West Coast 38m Terrain (HKLM-x32\...\FSGenesis The West Coast 38m Terrain) (Version: - )
FSGenesis Yukon Territory 38.2m Terrain (HKLM-x32\...\FSGenesis Yukon Territory 38.2m Terrain) (Version: - )
GE FDL-12 ES44 Soundset (HKLM-x32\...\GE FDL-12 ES44 Soundset) (Version: - )
GE FDL-16 V1.0 Soundset (HKLM-x32\...\GE FDL-16 V1.0 Soundset) (Version: - )
Google Earth (HKLM-x32\...\{6DB7AD00-F781-11DF-9EEF-001279CD8240}) (Version: 6.0.0.1735 - Google)
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Johnstown America Autocarriers AMTK 1.0.1 (HKLM-x32\...\Johnstown America Autocarriers AMTK 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Johnstown America Autocarriers CNA 1.0.2 (HKLM-x32\...\Johnstown America Autocarriers CNA 1.0.2) (Version: 1.0.2 - Tigertrains.com)
Johnstown America Autocarriers CP 1.0.1 (HKLM-x32\...\Johnstown America Autocarriers CP 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metrolink CEM Rotem Coaches & CabCar (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Metrolink CEM Rotem Coaches & CabCar) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.4330.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSTS FURX SD40-2 Pack (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\MSTS FURX SD40-2 Pack) (Version: - )
MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)
MTA P32AC-DM Engine Set 1.0.0 (HKLM-x32\...\MTA P32AC-DM Engine Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Northern California Scenery (HKLM-x32\...\MegaScenery - Northern California_is1) (Version: 1.0 - PC Aviator Inc.)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pacific Northwest Scenery (HKLM-x32\...\MegaScenery - Pacific Northwest_is1) (Version: 1.0 - PC Aviator Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Phoenix (HKLM-x32\...\MegaCity - Phoenix_is1) (Version: 1 - PC Aviator Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.)
RBMN Covered Hoppers 1.0.0 (HKLM-x32\...\RBMN Covered Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Real Environment Xtreme for FS2004 Overdrive (HKLM-x32\...\{BA1DF5FA-905A-4BD5-9AE8-A8EFB4156DE3}) (Version: 1.5.2010.1210 - Real Environment Simulations, Inc.)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RivaTuner Statistics Server 5.1.1 (HKLM-x32\...\RTSS) (Version: 5.1.1 - Unwinder)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Route_Riter v7.5 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Route_Riter v7.5) (Version: - )
Saitek SD6 Programming Software 6.5.2.0 (HKLM\...\{FDA5412D-288C-4969-875A-8BE62471B3F9}) (Version: 6.5.2.0 - Saitek)
ScaleRail (HKLM-x32\...\ScaleRail1.77) (Version: 1.77 - 3DTrains)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shape Viewer (HKLM-x32\...\{88DA244E-4CEA-49E4-AD6A-301B65131E25}) (Version: 2.2.0.237 - )
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Sims 3 - Nude Clothes Females (HKLM-x32\...\xSIMS_Nude_Clothes_Females) (Version: - )
Sims 3 - Nude Clothes Males (HKLM-x32\...\xSIMS_Nude_Clothes_Males) (Version: - )
Sims 3 - Nude Skins (HKLM-x32\...\xSIMS_Nude_Skins) (Version: - )
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Solution for Real Terrain 0.5.2 (HKLM-x32\...\Solution for Real Terrain) (Version: 0.5.2 - Andres Blaho)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
South Dakota Soybean Set 1.0.0 (HKLM-x32\...\South Dakota Soybean Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Southern California (HKLM-x32\...\MegaScenery - Southern California_is1) (Version: 2 - PC Aviator Inc.)
SP WEST COLTON (HKLM-x32\...\SP WEST COLTON1.0) (Version: 1.0 - 3D Train Stuff Llc.)
Sprint SmartView (HKLM\...\{84E0D40C-ED8E-48B2-83D2-4C11AB246F4A}) (Version: 2.61.0038.0 - Sprint)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TGATool2A version 4.00.34 (HKLM-x32\...\TGATool2A_is1) (Version: - Martin Wright)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Train Sim Interface Quick Fix (HKLM-x32\...\Product_Name) (Version: - )
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
Train Store V3.2 (HKLM-x32\...\Train Store V3.2) (Version: - )
Trinity Blue Long Door Coal Hoppers 1.0.0 (HKLM-x32\...\Trinity Blue Long Door Coal Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Trinity Green Long Door Coal Hoppers 1.0.0 (HKLM-x32\...\Trinity Green Long Door Coal Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
Unity Web Player (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Washington State Grain Train Set 1.0.0 (HKLM-x32\...\Washington State Grain Train Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
01-05-2015 22:16:53 Scheduled Checkpoint
14-05-2015 15:46:45 Scheduled Checkpoint
22-05-2015 23:18:13 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2015-05-03 21:03 - 00450716 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D2DB103-239E-4F5D-952A-CC0A028EE975} - System32\Tasks\HPCeeScheduleForBuddy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2FB3A019-A7D1-409B-B77D-824952DD0D19} - System32\Tasks\UpdateService => C:\Users\Buddy\AppData\Local\Temp\SoftUpdater.exe [2014-05-01] () <==== ATTENTION
Task: {3B0E084C-C431-445D-A6DF-4CB87AC718DF} - System32\Tasks\GPUSpeed => C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\run.vbs [2014-11-15] ()
Task: {479B84A9-39DB-4C99-8D81-69A6E4C272AE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-15] (Microsoft Corporation)
Task: {5860EBE5-2357-414D-92DA-454DE4058A79} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cbfirefighter@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {5A09F8D1-E584-4C34-9B0E-C3473291CB77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {5E63CA13-7E20-4FCB-B2D3-D64179434275} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {781226D6-D2EB-4AA6-A490-F6A500DC980C} - System32\Tasks\Video Plus => C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe [2013-12-11] ()
Task: {7A50FFC0-7FC9-4DA3-BF3D-CF2F28729120} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {87671C73-51A6-40DC-B3C2-C7EB4E38B314} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8EBD0E2C-9CED-466D-BF19-3438AC173F5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {901A4E88-D6CF-4E0F-9645-8F4A7ADDD4EE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {B7420405-353E-479A-A4DE-8FFD9DD899C2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {C9C75B91-C6C9-4675-83B1-428BE69FFF4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CEFDAA50-B9C2-459D-8313-3F8272A7F5A8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {CFA97F28-2817-4D7E-9FE0-F521FFC929B5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-02-12] (RealNetworks, Inc.)
Task: {E8FA0463-F03A-48B2-B16F-A9E1F4A9A09A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {EABA2279-3500-46D2-8D24-0FA2CF6AC3BC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBuddy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2013-11-28 22:52 - 2015-05-11 21:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-07 18:25 - 2011-02-07 18:25 - 00092504 _____ () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 16:29 - 2014-02-12 16:29 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-12-11 14:53 - 2013-12-11 14:53 - 00590848 _____ () C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-28 23:37 - 2013-11-28 23:37 - 00120224 _____ () C:\Users\Buddy\AppData\Local\assembly\dl3\2YDOPDMC.BP8\EWR9MVJO.29R\12e5dede\0057376b_1086cd01\HPItunesModule.DLL
2014-03-28 18:29 - 2014-03-28 18:29 - 06801920 _____ () C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
2014-10-28 12:09 - 2014-10-28 12:09 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2015-04-01 06:43 - 2015-03-27 21:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-01-14 21:36 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-05-30 11:08 - 2012-05-30 11:08 - 00120424 _____ () C:\Program Files (x86)\Sprint\Sprint SmartView\RC_Pac.dll
2012-05-30 11:08 - 2012-05-30 11:08 - 00071272 _____ () C:\Program Files (x86)\Sprint\Sprint SmartView\RC_Eap.dll
2013-01-14 21:30 - 2012-07-18 02:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-10-28 12:09 - 2014-10-28 12:09 - 00571992 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Buddy\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Buddy\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0018E68C-E0F7-43D9-B185-C06B8452510E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7B3AB0FE-CD04-4783-AC31-E977097C3253}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C6A9BD3F-35B5-4FCB-A1B7-1085132F796E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5F672B45-96F7-4188-B157-868DCAECA043}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [UDP Query User{5181A3A4-D0DF-409C-9438-17EEBEC7EC37}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{E50FFBDF-E22C-468A-8302-B84270F70645}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{0AE12153-9030-4641-A41D-5508C42AD69A}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B0888CCB-89B3-4C22-87DA-B85FB80742E4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6CC8E0A0-7CEA-4476-AB42-C36A81E64705}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E7A0E439-F1CF-44F2-988F-15E1E8EEAD47}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9D28541-1353-493E-9CEF-F68A98A4D31D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D73FABD6-08D3-48A9-9415-9522A425A846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6ED82E29-8E27-42C0-BEBF-3A7774FB3DF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C020EBF-E70E-462A-BF95-21FD4414E0E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41B83A9C-2A26-45B9-9B13-11FE575B9A45}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D58560E-BFF7-490D-8E2C-197D8A63FB39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B1C8AC19-72BF-417C-A112-9BD9AF723FF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F7B79E01-1D50-425B-AF82-C78D9F791B7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{325571EC-B8AB-4D1A-B9DF-E18D8DF2F8F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{8140A7E0-42F7-41F4-AF5A-B950508C5A69}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8E11ADBE-22CB-4726-9E89-CFB947F8CE83}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{4071FA56-FBE0-474D-A1CA-AF6EE0F67D1C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7B888F92-8387-4D59-97EF-95BC0C83764A}] => (Allow) LPort=2869
FirewallRules: [{5744481E-2BC3-45B1-92A7-729EA036FD80}] => (Allow) LPort=1900
FirewallRules: [{5A59DE3A-B052-4E36-B533-C9CDEF4320B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3027A9D6-7479-457C-85AC-9AE4DABF3512}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{148B68C8-AA35-4189-8CC9-D35F0D1969D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{33CD255A-DECB-4E0C-9CF9-99FF99D2466E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{7E8BD4B9-6F87-487A-86A6-1350ED53D5BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{2C3E6A3A-D31B-4F3F-B020-CA35541E50A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{EEB216BF-04C6-4A45-A05C-34F9E6FA9054}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{98FC052F-4FD6-4683-B02E-1608F1EFC5BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [TCP Query User{8949387A-640F-4F2A-925C-76EA30C06333}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{938CDC07-5B67-4AA5-9364-3A284FA26E13}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{9C4D818E-19E3-4AF2-9933-C18267CF0AE8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{3D1253C2-EEBE-49B3-BE34-CFAF88A1E868}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{621B51B8-CBD6-4751-A962-41C643A94042}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{41403454-C9EB-4C6A-8F49-2A57AFEAA94D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9E949E53-BF66-454D-9801-D907A329E5B9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F5A4165D-2C23-4318-A015-1CDCF408D282}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{4409A616-7C9D-4658-841C-3115F5270682}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [UDP Query User{D43D453D-626C-4942-8260-AC47A2144A8A}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [{1613D331-2FD2-4784-93CC-D90BAA086AF8}] => (Allow) LPort=3333
FirewallRules: [{26DEA898-6BB6-4CF4-82D7-A2FEB4DF0F01}] => (Allow) LPort=44444
FirewallRules: [{078D6F8E-3AB9-47C1-AA5F-E2DC0DD15279}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
FirewallRules: [{07EE2F87-0271-49F3-BC11-295A92B84B3B}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
FirewallRules: [{E9FCD414-6C31-4030-BE6E-6D35B19F6947}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [{35026531-6F3D-4A97-A943-E475E6CF79DE}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [TCP Query User{2BE81EF6-4D45-4659-B242-55ECEFFE1265}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
FirewallRules: [UDP Query User{57797C42-034C-4814-84ED-4835334B6F95}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
FirewallRules: [TCP Query User{040D88EB-BD80-42D8-BC28-97B83C8D39A1}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [UDP Query User{3B28208E-655C-4A10-97D0-0A4FDDE73F4D}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [{83BE2977-8ABB-4D0F-AA49-C6A696FAA619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE90B2C-0A2D-4056-BC13-CB8DED8EFFFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C51B0B40-9CFD-4A50-A570-1931CD2A1C04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{823C250D-A618-442C-8E8B-CDC9B7A60886}] => (Allow) LPort=53000
FirewallRules: [{D66489E7-1660-4397-A792-153894A61A5D}] => (Allow) LPort=52000
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sprint\Sprint SmartView\SwiApiMux.exe] => Enabled:SwiApiMux
==================== Faulty Device Manager Devices =============
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (05/23/2015 08:11:44 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1018) (User: )
Description: ASP.NET_64_2.0.50727
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: ASP.NET_64_2.0.507274
Error: (05/23/2015 04:54:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
System errors:
=============
Error: (05/23/2015 09:06:08 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
Error: (05/23/2015 09:06:02 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
Error: (05/23/2015 09:02:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Registration Service service failed to start due to the following error:
%%1053
Error: (05/23/2015 09:02:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Registration Service service to connect.
Error: (05/23/2015 09:02:16 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: N:\Device\HarddiskVolume142
Error: (05/23/2015 09:00:32 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
Error: (05/23/2015 07:58:44 AM) (Source: DCOM) (EventID: 10010) (User: I5MSTS)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (05/22/2015 11:23:27 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: N:\Device\HarddiskVolume172
Error: (05/22/2015 11:20:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Update for Windows 8.1 for x64-based Systems (KB3035583).
Error: (05/22/2015 10:30:39 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume N:.
A corruption was found in a file system index structure. The file reference number is 0x10000000fb1fb. The name of the file is "\TRAINS\TRAINSET\UP_AC45CCTE_7995". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
Microsoft Office:
=========================
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (05/23/2015 08:11:44 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1018) (User: )
Description: ASP.NET_64_2.0.50727
Error: (05/23/2015 08:11:44 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: ASP.NET_64_2.0.507274
Error: (05/23/2015 04:54:58 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
CodeIntegrity Errors:
===================================
Date: 2015-05-23 09:35:20.678
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:35:20.507
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:39.984
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:39.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:39.667
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:24.111
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:23.950
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:23.790
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:23.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:16.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 8147.3 MB
Available physical RAM: 5409.1 MB
Total Pagefile: 8547.3 MB
Available Pagefile: 1192.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:909.93 GB) (Free:385.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.76 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (BACKUP) (Fixed) (Total:111.79 GB) (Free:45.1 GB) NTFS
Drive i: (STAR_TREK_TO1_D9) (CDROM) (Total:6.52 GB) (Free:0 GB) UDF
Drive m: (MSTS and FS backups) (Fixed) (Total:931.51 GB) (Free:42.27 GB) NTFS
Drive n: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:682.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB9ADFE0)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 114.5 GB) (Disk ID: 551E5BB7)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 40E5F13B)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End of log ============================
:snwelcome:
Download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) and save it to your desktop, right click on it and select RUN AS ADMINISTRATOR
Checkmark the following boxes:
Flush DNS
Reset IE Proxy Settings
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
=========================================================
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) To your Desktop
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
Do not click on any links in the top Advertisment.
http://i24.photobucket.com/albums/c30/ken545/AdwCleaner4.201_zpsxrbk2llq.jpg (http://s24.photobucket.com/user/ken545/media/AdwCleaner4.201_zpsxrbk2llq.jpg.html)
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
===============================================================================
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
===============================================================================
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop. <---------
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/MBAM2010601022_zpsyvzbaddn.jpg (http://s24.photobucket.com/user/ken545/media/MBAM2010601022_zpsyvzbaddn.jpg.html)
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
MiniToolBox by Farbar Version: 11-05-2015 01
Ran by Buddy (administrator) on 24-05-2015 at 09:23:15
Running from "C:\Users\Buddy\Desktop"
Microsoft Windows 8.1 (X64)
Model: p7-1423w Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
**** End of log ****
# AdwCleaner v4.205 - Logfile created 24/05/2015 at 09:29:59
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Buddy - I5MSTS
# Running from : C:\Users\Buddy\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Buddy\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Buddy\AppData\Local\DriverTuner
File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
*************************
AdwCleaner[R0].txt - [2270 bytes] - [24/05/2015 09:27:44]
AdwCleaner[S0].txt - [1717 bytes] - [24/05/2015 09:29:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1776 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.8 (05.23.2015:2)
OS: Windows 8.1 x64
Ran by Buddy on Sun 05/24/2015 at 9:37:15.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-799792450-1319612783-380193225-1001
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/24/2015 at 9:38:48.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<?xml version="1.0" encoding="UTF-8"?>
-<logs>
<record subtype="Malware Protection" result="Starting" last_modified_tag="cd2dca81-976c-46d4-b839-0b2644f5fc76" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T08:36:43.023143-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malware Protection" result="Started" last_modified_tag="fbb4da74-888d-4d40-a0ca-2fcbcd9b9568" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T08:36:43.085646-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="886baf8e-6d5e-415e-89c9-2f6cf7e07fc9" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T08:36:43.085646-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Started" last_modified_tag="88ea2007-8b67-4b6a-bcbd-7928cc9ecc3d" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T08:37:56.323477-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" last_modified_tag="685bea03-6bb4-425b-b697-0a79ed1ed64d" systemname="I5MSTS" username="SYSTEM" type="Detection" source="Protection" datetime="2015-05-24T08:40:45.825218-06:00" LoggingEventType="0" severity="debug" port="49393" malwaretype="IP" ip="109.95.112.201" domain="" direction="Outbound" process="C:\Ares\Ares.exe"/>
<record subtype="Malicious Website Protection" last_modified_tag="71116aea-265f-4205-bb3d-f0cb411129b4" systemname="I5MSTS" username="SYSTEM" type="Detection" source="Protection" datetime="2015-05-24T08:40:46.115926-06:00" LoggingEventType="0" severity="debug" port="49393" malwaretype="IP" ip="109.95.112.201" domain="" direction="Outbound" process="C:\Ares\Ares.exe"/>
<record subtype="Malicious Website Protection" last_modified_tag="d51e8c47-1b08-4bb5-9a08-eb1bf16da063" systemname="I5MSTS" username="SYSTEM" type="Detection" source="Protection" datetime="2015-05-24T08:40:58.336117-06:00" LoggingEventType="0" severity="debug" port="49403" malwaretype="IP" ip="109.95.112.201" domain="" direction="Outbound" process="C:\Ares\Ares.exe"/>
<record last_modified_tag="23a23c76-736d-42ac-b9a4-28ad04202b6d" systemname="I5MSTS" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-05-24T09:21:44.387004-06:00" LoggingEventType="1" severity="debug" toVersion="2015.5.24.3" name="Malware Database" fromVersion="2015.5.23.5"/>
<record subtype="Refresh" result="Starting" last_modified_tag="5bf16bec-ed1c-4c22-a8c0-98fabfcad485" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:21:44.401013-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="15415044-6936-4024-958f-14af5d10afa3" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:21:44.406017-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="3db5b9dd-ae0f-4739-8199-1b13642261b8" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:21:44.499079-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Refresh" result="Success" last_modified_tag="faaf154a-da12-461e-8801-63c8e8296d50" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:21:49.588065-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="e67d2d4e-c5c2-4d61-ae02-9737075f3789" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:21:49.602074-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Started" last_modified_tag="63d1b5b5-83f4-4ea8-b5fe-09028a342ff7" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:21:49.825346-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malware Protection" result="Starting" last_modified_tag="11055d44-39bb-4b28-8159-26acc4091275" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:31:45.079664-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malware Protection" result="Started" last_modified_tag="a0f72e63-5f09-4423-82d3-d5f85d42335a" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:31:45.079664-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="c41e6021-7af1-47e3-a65e-b68df4ee9661" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:31:45.126542-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Started" last_modified_tag="cf6b1bec-e8e8-4ae5-b9c6-e1716b9c0a95" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:33:00.897558-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Stopping" last_modified_tag="e070eeb4-ba37-478a-b82f-0bc996cf23dc" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:36:33.526116-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Stopped" last_modified_tag="37d9e2fa-67f3-42f2-8969-acbdc020ca2c" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:36:33.610580-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malware Protection" result="Stopping" last_modified_tag="ca6c8adf-3aa9-4a4c-9dad-234dfdeaea6b" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:36:33.615582-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malware Protection" result="Stopped" last_modified_tag="ccd8d07b-cc3a-4328-824b-2cb0b14a8f38" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:36:34.058876-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malware Protection" result="Starting" last_modified_tag="b791f945-19a2-4c59-838f-6748a6544dc0" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:49:09.022811-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malware Protection" result="Started" last_modified_tag="9f7d1d73-abbe-44c3-bdf4-e22f55393c36" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:49:09.054062-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Starting" last_modified_tag="ce10245c-2ebe-4fe0-9433-5838dc22c16c" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:49:09.069688-06:00" LoggingEventType="2" severity="debug"/>
<record subtype="Malicious Website Protection" result="Started" last_modified_tag="e4d589ec-8b94-4406-ade6-39bc68609428" systemname="I5MSTS" username="SYSTEM" type="Protection" source="Protection" datetime="2015-05-24T09:50:26.196773-06:00" LoggingEventType="2" severity="debug"/>
<record last_modified_tag="6f654416-fde5-4639-8f12-7c3cae32ea84" systemname="I5MSTS" username="SYSTEM" type="Scan" source="Manual" datetime="2015-05-24T10:10:28.490389-06:00" LoggingEventType="6" severity="debug" starttime="2015-05-24T09:53:32-06:00" scantype="threat" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="1015"/>
</logs>
Hi, doing good so far but you just posted the Protection log, I need to see the log that shows what Malwarebytes removed. If it didn't find anything to remove just let me know but if it did you can find the log like this
Open Malwarebytes and on the Dashboard click on History....then Application Logs ....Then Scan log and select the date of the scan you just ran....then click Export and on the dropdown list select Copy to Clipboard and paste it into this thread
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/24/2015
Scan Time: 9:53:32 AM
Logfile:
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.05.24.03
Rootkit Database: v2015.05.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Buddy
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373225
Time Elapsed: 16 min, 55 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Good, thanks. Things running any better ??
Open up FRST64, make sure there is a checkmark in Additions, run a new scan and post both new logs please
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Buddy (administrator) on I5MSTS on 24-05-2015 11:42:09
Running from C:\Users\Buddy\Desktop
Loaded Profiles: Buddy (Available Profiles: Buddy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sprint\Sprint SmartView\SwiCardDetect64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
(Saitek) C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Ares Development Group) C:\Ares\Ares.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Landstar) C:\Users\Buddy\AppData\Local\Apps\2.0\XOYYKMK7.03A\PPER3WQC.LN1\dire..tion_0000000000000000_0001.0000_94cfc10d76be32b6\DirectScan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ConBuilder) C:\CONBUILDER 5.7\X_cbupdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sprint) C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
(SmithMicro Inc.) C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
() C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\CCP\EVE\launcher\launcher.exe
() C:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.878305.win32\launcher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM-x32\...\Run: [ProfilerU] => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [357376 2008-08-28] (Saitek)
HKLM-x32\...\Run: [SaiMfd] => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [194560 2008-08-28] (Saitek)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296520 2014-10-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sprint SmartView] => C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe [69632 2012-07-13] (Sprint)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [ares] => C:\Ares\Ares.exe [3404288 2014-06-29] (Ares Development Group)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Run: [DirectScan] => C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landstar\Imaging\DirectScan.appref-ms
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-05-22]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ConBuilder - Auto Update.lnk [2013-11-21]
ShortcutTarget: ConBuilder - Auto Update.lnk -> C:\CONBUILDER 5.7\cbupdate.exe (ConBuilder)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-04-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-10-28]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-799792450-1319612783-380193225-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-799792450-1319612783-380193225-1001] => http=127.0.0.1:44444;https=127.0.0.1:44444
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {7BD59B51-BF68-424C-AB94-97D5E2BF4112} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-02-12] (RealDownloader)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-02-12] (RealDownloader)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-799792450-1319612783-380193225-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Buddy\AppData\Roaming\Mozilla\Firefox\Profiles\502ygpxx.default
FF Homepage: https://www.yahoo.com/
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-11-23] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-10-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-02-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-10-28] (RealPlayer Cloud)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-799792450-1319612783-380193225-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Buddy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-10-28]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 CASprint; C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [124520 2012-05-30] (SmithMicro Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-04-19] (Creative Labs) []
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) []
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-26] (Creative Technology Ltd)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-18] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [92504 2011-02-07] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141336 2014-10-28] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-12] () []
R3 SprintRcAppSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe [120424 2012-05-30] (SmithMicro Inc.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-09-19] (IDT, Inc.) []
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sprint\Sprint SmartView\SwiCardDetect64.exe [307568 2010-09-22] (Sierra Wireless, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21600 2013-03-28] (Advanced Micro Devices, Inc.)
S3 bcm; C:\Windows\system32\DRIVERS\drxvi314_64.sys [416000 2012-03-20] (Beceem Communications Inc.)
S3 bcmbusctr; C:\Windows\System32\drivers\BcmBusCtr_64.sys [64000 2012-03-20] (Beceem Communications Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1065728 2014-11-26] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 PCTINDIS5X64; C:\WINDOWS\SYSTEM32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 SaiK0836; C:\Windows\System32\drivers\SaiK0836.sys [172040 2010-06-17] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SWNC5E00; C:\Windows\system32\DRIVERS\SWNC5E00.sys [285696 2010-10-19] (Sierra Wireless Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 11:42 - 2015-05-24 11:42 - 00024756 _____ () C:\Users\Buddy\Desktop\FRST.txt
2015-05-24 11:42 - 2015-05-24 11:42 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-799792450-1319612783-380193225-1001
2015-05-24 09:36 - 2015-05-24 09:36 - 02720636 _____ (Thisisu) C:\Users\Buddy\Desktop\JRT.exe
2015-05-24 09:32 - 2015-05-24 11:41 - 00000000 ____D () C:\Users\Buddy\Desktop\malware removal
2015-05-24 09:27 - 2015-05-24 09:30 - 00000000 ____D () C:\AdwCleaner
2015-05-24 09:22 - 2015-05-24 09:22 - 00403456 _____ (Farbar) C:\Users\Buddy\Desktop\MiniToolBox.exe
2015-05-23 21:29 - 2015-05-24 11:42 - 00000000 ____D () C:\FRST
2015-05-23 08:03 - 2015-05-23 08:03 - 00002151 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-05-23 08:03 - 2015-05-11 20:34 - 00571024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-05-23 08:01 - 2015-05-23 08:02 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-05-23 08:00 - 2015-05-13 00:52 - 00195912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-05-23 08:00 - 2015-05-13 00:52 - 00031552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 42718864 _____ () C:\WINDOWS\system32\nvcompiler.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 37741712 _____ () C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 30478992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 16145176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 14455296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 13263568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 10972304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-05-23 08:00 - 2015-05-12 00:27 - 02932368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 02599056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01898312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435286.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435286.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01099808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00982672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00974480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00939080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00878816 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00502896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00408208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00407296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00364176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00150832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-05-23 08:00 - 2015-05-12 00:27 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-05-23 01:51 - 2015-05-23 01:51 - 02108416 _____ (Farbar) C:\Users\Buddy\Desktop\FRST64.exe
2015-05-22 23:00 - 2015-05-22 23:00 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-I5MSTS-Windows-8.1-(64-bit).dat
2015-05-22 22:58 - 2015-05-22 22:58 - 00002253 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-22 22:58 - 2015-05-22 22:58 - 00000000 ____D () C:\RegBackup
2015-05-22 22:58 - 2015-05-22 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-22 22:58 - 2015-05-22 22:58 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-05-22 22:57 - 2015-05-22 22:57 - 04720448 _____ () C:\Users\Buddy\Desktop\tweaking.com_registry_backup_setup.exe
2015-05-22 21:17 - 2015-05-23 08:57 - 00636807 _____ () C:\Users\Buddy\Documents\untitled_AutoSave.gcs
2015-05-18 15:02 - 2015-05-18 15:02 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-18 15:02 - 2015-05-18 15:02 - 00000000 ____D () C:\Users\Buddy\AppData\Roaming\Canon
2015-05-15 16:26 - 2015-04-30 14:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 16:26 - 2015-04-30 14:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 13:38 - 2015-04-09 18:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-15 13:38 - 2015-04-09 18:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-15 13:38 - 2015-03-17 11:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-15 13:38 - 2015-03-08 20:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-15 13:37 - 2015-04-30 17:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-15 13:37 - 2015-04-30 16:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-15 13:37 - 2015-03-19 19:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-15 13:37 - 2015-03-03 19:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-15 13:37 - 2015-03-03 19:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-15 13:37 - 2015-01-29 18:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-15 13:37 - 2014-11-14 00:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-15 13:36 - 2015-04-24 15:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-15 13:36 - 2015-04-13 16:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-15 13:36 - 2015-04-09 19:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-15 13:36 - 2015-04-09 18:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-15 13:36 - 2015-04-09 18:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-15 13:36 - 2015-04-08 16:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-15 13:36 - 2015-04-02 18:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-15 13:36 - 2015-04-02 18:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-15 13:36 - 2015-04-01 16:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-15 13:36 - 2015-04-01 16:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-15 13:36 - 2015-03-31 21:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-15 13:36 - 2015-03-31 20:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-15 13:36 - 2015-03-12 20:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-15 13:36 - 2015-03-12 19:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-15 13:36 - 2015-03-12 18:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-15 13:36 - 2015-03-05 20:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-15 13:36 - 2015-03-04 17:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-15 13:36 - 2015-02-17 17:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-15 13:35 - 2015-04-21 11:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-15 13:35 - 2015-04-21 10:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-15 13:35 - 2015-04-21 10:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-15 13:35 - 2015-04-21 10:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-15 13:35 - 2015-04-21 10:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-15 13:35 - 2015-04-21 10:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-15 13:35 - 2015-04-21 10:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-15 13:35 - 2015-04-21 10:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-15 13:35 - 2015-04-21 10:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-15 13:35 - 2015-04-21 10:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-15 13:35 - 2015-04-21 10:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-15 13:35 - 2015-04-21 10:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-15 13:35 - 2015-04-21 10:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-15 13:35 - 2015-04-21 10:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-15 13:35 - 2015-04-21 10:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-15 13:35 - 2015-04-21 09:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-15 13:35 - 2015-04-21 09:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-15 13:35 - 2015-04-21 09:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-15 13:35 - 2015-04-21 09:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-15 13:35 - 2015-04-21 09:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-15 13:35 - 2015-04-21 09:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-15 13:35 - 2015-04-21 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-15 13:35 - 2015-04-21 09:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-15 13:35 - 2015-04-21 09:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-15 13:35 - 2015-04-21 09:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-15 13:35 - 2015-04-21 09:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-15 13:35 - 2015-04-21 09:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-15 13:35 - 2015-04-21 09:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-15 13:35 - 2015-04-21 09:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-15 13:35 - 2015-04-21 09:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-15 13:35 - 2015-04-21 09:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-15 13:35 - 2015-04-21 09:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-15 13:35 - 2015-04-21 09:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-15 13:35 - 2015-04-21 09:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-15 13:35 - 2015-04-21 09:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-15 13:35 - 2015-04-21 09:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-15 13:35 - 2015-04-21 09:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-15 13:35 - 2015-04-21 08:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-15 13:35 - 2015-04-21 08:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-15 13:35 - 2015-03-29 23:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-15 13:35 - 2015-03-26 21:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-15 13:35 - 2015-03-26 20:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-15 13:35 - 2015-03-26 20:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-15 13:35 - 2015-03-12 22:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-15 13:35 - 2015-03-12 22:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-15 13:35 - 2015-03-12 18:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-15 13:35 - 2015-03-10 19:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-15 13:35 - 2015-03-10 19:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-15 13:35 - 2015-03-05 21:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-15 13:35 - 2015-03-05 20:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-14 18:01 - 2015-05-24 09:49 - 00003308 _____ () C:\WINDOWS\System32\Tasks\UpdateService
2015-05-14 14:45 - 2015-05-14 14:45 - 00000344 _____ () C:\Users\Buddy\Desktop\DirectScan.appref-ms
2015-05-14 14:45 - 2015-05-14 14:45 - 00000204 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-05-14 14:45 - 2015-05-14 14:45 - 00000000 ____D () C:\Users\Buddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landstar
2015-05-04 19:49 - 2015-05-04 19:49 - 00000000 ____D () C:\01timetableedit13
2015-05-03 21:03 - 2013-08-22 07:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150503-210304.backup
2015-05-01 16:52 - 2015-05-23 20:35 - 1644374269 _____ () C:\Users\Buddy\Desktop\OpenRailsDump.csv
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 11:40 - 2013-11-28 22:51 - 01473649 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-24 11:37 - 2015-03-25 10:16 - 00000782 _____ () C:\Users\Public\Desktop\EVE Online.lnk
2015-05-24 11:37 - 2015-03-25 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVE
2015-05-24 11:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-24 10:23 - 2014-11-14 12:42 - 00000000 ____D () C:\Users\Buddy\Desktop\My Shared Folder
2015-05-24 09:55 - 2013-09-29 22:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-24 09:53 - 2013-05-16 22:14 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{28F553E7-2424-4A2E-90CE-EE7D974AD797}
2015-05-24 09:51 - 2014-04-21 21:17 - 00000000 __RDO () C:\Users\Buddy\OneDrive
2015-05-24 09:50 - 2014-09-12 09:26 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-24 09:50 - 2014-09-10 23:38 - 00000000 ____D () C:\Users\Buddy\AppData\Local\Deployment
2015-05-24 09:50 - 2013-08-22 08:46 - 00377577 _____ () C:\WINDOWS\setupact.log
2015-05-24 09:48 - 2013-11-28 22:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 09:48 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-24 09:48 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-24 09:32 - 2014-10-29 11:16 - 00003358 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001
2015-05-24 09:32 - 2014-10-29 11:16 - 00003302 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001
2015-05-24 08:36 - 2015-04-04 19:16 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForBuddy.job
2015-05-24 08:35 - 2013-09-29 21:55 - 00496270 _____ () C:\WINDOWS\PFRO.log
2015-05-23 20:35 - 2013-05-17 09:04 - 00000000 ____D () C:\Users\Buddy\AppData\Roaming\Open Rails
2015-05-23 16:53 - 2014-11-08 12:35 - 00000000 ____D () C:\01 OPEN RAILS 2833
2015-05-23 09:11 - 2015-04-04 19:16 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForBuddy
2015-05-23 09:10 - 2013-12-02 09:09 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-23 08:03 - 2013-11-28 22:51 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-23 08:03 - 2013-11-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-23 01:43 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-23 00:15 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-23 00:11 - 2015-04-06 21:24 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-23 00:11 - 2015-04-06 21:24 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-22 23:24 - 2013-01-14 21:33 - 00000000 ____D () C:\ProgramData\Temp
2015-05-18 18:04 - 2015-04-05 20:00 - 00000313 _____ () C:\Users\Buddy\Desktop\PRB TIMETABLE NOTES.txt
2015-05-18 16:36 - 2015-04-18 15:16 - 00014336 _____ () C:\Users\Buddy\Desktop\PRB DISPATCH.xls
2015-05-18 14:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-15 18:45 - 2013-08-22 08:44 - 04921672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 18:45 - 2013-08-07 10:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 18:45 - 2013-08-07 10:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 18:41 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 18:41 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 16:26 - 2013-11-15 23:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-15 16:23 - 2013-05-16 22:44 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-15 16:22 - 2013-08-07 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 16:20 - 2013-09-29 21:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 17:53 - 2014-04-20 20:16 - 00000910 _____ () C:\Users\Buddy\Desktop\FFEDITC_UNICODE.lnk
2015-05-13 00:52 - 2014-05-21 23:21 - 01558848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-05-12 00:27 - 2015-04-01 06:45 - 22945424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-05-12 00:27 - 2015-04-01 06:45 - 15048816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-05-12 00:27 - 2015-04-01 06:45 - 01050256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-05-12 00:27 - 2014-11-10 10:55 - 11790144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-05-12 00:27 - 2014-09-19 22:56 - 15858728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 17540416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 12849056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 03363224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 02971776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-05-12 00:27 - 2013-11-21 17:57 - 00031710 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-05-11 21:30 - 2013-11-28 22:52 - 06872392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-05-11 21:30 - 2013-11-28 22:52 - 03490448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-05-11 21:30 - 2013-11-28 22:52 - 00937288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-05-11 21:30 - 2013-11-28 22:52 - 00385352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-05-11 21:30 - 2013-11-28 22:52 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-05-11 21:30 - 2013-11-21 17:33 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-05-11 11:01 - 2013-11-28 22:52 - 04391871 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-05-05 11:59 - 2015-03-22 06:43 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 11:59 - 2015-03-22 06:43 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-02 10:58 - 2013-11-28 22:55 - 00000000 ____D () C:\Users\Buddy
2015-05-01 15:07 - 2014-09-12 09:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-01 15:00 - 2014-09-12 09:43 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-04-28 00:17 - 2014-09-12 09:26 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-28 00:17 - 2014-09-12 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-28 00:17 - 2014-09-12 09:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
==================== Files in the root of some directories =======
2014-11-14 16:50 - 2014-11-14 16:50 - 0000132 _____ () C:\Users\Buddy\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-05-17 08:58 - 2015-04-16 17:41 - 0000000 _____ () C:\Users\Buddy\AppData\Roaming\FileIn.cns
2013-05-17 08:58 - 2015-04-16 17:41 - 0000000 _____ () C:\Users\Buddy\AppData\Roaming\FileOut.cns
2014-10-08 16:39 - 2014-11-13 11:36 - 0005120 _____ () C:\Users\Buddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-02 15:55 - 2014-10-02 15:55 - 0000017 _____ () C:\Users\Buddy\AppData\Local\resmon.resmoncfg
2015-05-14 14:45 - 2015-05-14 14:45 - 0000204 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-01-14 21:55 - 2013-01-14 21:55 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\Buddy\AppData\Local\Temp\bitool.dll
C:\Users\Buddy\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Buddy\AppData\Local\Temp\Itibiti_Knctr_B.exe
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Buddy\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Buddy\AppData\Local\Temp\nvStInst.exe
C:\Users\Buddy\AppData\Local\Temp\Quarantine.exe
C:\Users\Buddy\AppData\Local\Temp\SoftUpdater.exe
C:\Users\Buddy\AppData\Local\Temp\sp64126.exe
C:\Users\Buddy\AppData\Local\Temp\sqlite3.dll
C:\Users\Buddy\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 10:12
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Buddy at 2015-05-24 11:42:57
Running from C:\Users\Buddy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-799792450-1319612783-380193225-500 - Administrator - Disabled)
Buddy (S-1-5-21-799792450-1319612783-380193225-1001 - Administrator - Enabled) => C:\Users\Buddy
Guest (S-1-5-21-799792450-1319612783-380193225-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1994 BN Aluminum Grain Cars 1.0.0 (HKLM-x32\...\1994 BN Aluminum Grain Cars 1.0.0) (Version: 1.0.0 - Tigertrains.com)
2 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\2 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
3 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\3 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
4 Bay UP Ribbed Hoppers 1.0.0 (HKLM-x32\...\4 Bay UP Ribbed Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
52' Darling Tanker Set 1.0.0 (HKLM-x32\...\52' Darling Tanker Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
52' DRPX Tanker Set 1.0.0 (HKLM-x32\...\52' DRPX Tanker Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
Abacus CoPilot Pro (HKLM-x32\...\{69050DD3-976A-4818-9E30-C785A4C6A141}) (Version: 4.00.0003 - Abacus Software)
AceIt v1.3.1 (HKLM-x32\...\AceIt_is1) (Version: - Scott M. Miller)
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Agrium Covered Hopper Set A 1.0.0 (HKLM-x32\...\Agrium Covered Hopper Set A 1.0.0) (Version: 1.0.0 - Tigertrains.com)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amtrak ExpressTrak Reefers 1.0.0 (HKLM-x32\...\Amtrak ExpressTrak Reefers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Amtrak P32AC-DM Engine Pack 1.0.1 (HKLM-x32\...\Amtrak P32AC-DM Engine Pack 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Amtrak U.S. Mail Boxcar Set 1.0.0 (HKLM-x32\...\Amtrak U.S. Mail Boxcar Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 3.1.8.4045 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.8.4045 - Ares)
Atlanta (HKLM-x32\...\MegaCity - Atlanta_is1) (Version: 1 - PC Aviator Inc.)
ATSF Seligman Route 2.0 (HKLM-x32\...\ATSF Seligman Route 2.0) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BN & ATSF Tank Cars 1.0.0 (HKLM-x32\...\BN & ATSF Tank Cars 1.0.0) (Version: 1.0.0 - Tigertrains.com)
BNSF Ore Trainset #1 1.0.3 (HKLM-x32\...\BNSF Ore Trainset #1 1.0.3) (Version: 1.0.3 - Tigertrains.com)
BNSF Ore Trainset 1.0.2 (HKLM-x32\...\BNSF Ore Trainset 1.0.2) (Version: 1.0.2 - Edstrainsonline.com)
BNSF Seligman Route 2.0 Upgrade (HKLM-x32\...\BNSF Seligman Route 2.0 Upgrade) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon MX360 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CLS DC10 (HKLM-x32\...\CLS DC10) (Version: - )
Coal Country: The Orin Line (HKLM-x32\...\{89EF5B71-BFB4-400E-ABD6-A331A153F304}_is1) (Version: 1.0 - van Birgelen)
ConBuilder (HKLM-x32\...\ConBuilder) (Version: 5.7.7.1 - ConBuilder)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dallas (HKLM-x32\...\MegaCITY - Dallas_is1) (Version: 1.0 - PC Aviator Inc.)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Data Rescue PC3 v110714 (HKLM-x32\...\Data Rescue PC3_is1) (Version: v110714 - Prosoft Engineering, Inc.)
Denver (HKLM-x32\...\MegaCITY - Denver_is1) (Version: 1.0 - PC Aviator Inc.)
DirectScan (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\cb59a91e7790dee5) (Version: 1.0.0.163 - Landstar)
DOCX Trinity 4460 cu.ft. Hoppers 1.0.0 (HKLM-x32\...\DOCX Trinity 4460 cu.ft. Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DWC Bulkhead Set 1.0.0 (HKLM-x32\...\DWC Bulkhead Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
EMD 645E3 Turbo Charged Soundset (HKLM-x32\...\EMD 645E3 Turbo Charged Soundset) (Version: - )
EVE Online (HKLM-x32\...\{C8101096-8241-44C3-9D30-FFC38FF60DB9}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{F66A87E9-5BC1-4E9E-9411-9A15136A132E}) (Version: 3.0.0 - CCP Games Ltd.)
EVGA OC Scanner X 3.4.0 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version: - EVGA)
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farming Simulator 2013 (HKLM-x32\...\Steam App 220260) (Version: - Giants Software)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Feather River Route (HKLM-x32\...\Feather River Routev1.03) (Version: v1.03 - 3DTrains)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Flight1 Downloader (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Flight1 Downloader) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Freight Sound Package 1.0.7 (HKLM-x32\...\Freight Sound Package 1.0.7) (Version: 1.0.7 - Tigertrains.com)
FSGenesis Appalachians & Northeast 38m Terrain (HKLM-x32\...\FSGenesis Appalachians & Northeast 38m Terrain) (Version: - )
FSGenesis Texas & Southeast 38m Terrain (HKLM-x32\...\FSGenesis Texas & Southeast 38m Terrain) (Version: - )
FSGenesis The Great Plains 38m Terrain (HKLM-x32\...\FSGenesis The Great Plains 38m Terrain) (Version: - )
FSGenesis The Rockies 38m Terrain (HKLM-x32\...\FSGenesis The Rockies 38m Terrain) (Version: - )
FSGenesis The West Coast 38m Terrain (HKLM-x32\...\FSGenesis The West Coast 38m Terrain) (Version: - )
FSGenesis Yukon Territory 38.2m Terrain (HKLM-x32\...\FSGenesis Yukon Territory 38.2m Terrain) (Version: - )
GE FDL-12 ES44 Soundset (HKLM-x32\...\GE FDL-12 ES44 Soundset) (Version: - )
GE FDL-16 V1.0 Soundset (HKLM-x32\...\GE FDL-16 V1.0 Soundset) (Version: - )
Google Earth (HKLM-x32\...\{6DB7AD00-F781-11DF-9EEF-001279CD8240}) (Version: 6.0.0.1735 - Google)
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Johnstown America Autocarriers AMTK 1.0.1 (HKLM-x32\...\Johnstown America Autocarriers AMTK 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Johnstown America Autocarriers CNA 1.0.2 (HKLM-x32\...\Johnstown America Autocarriers CNA 1.0.2) (Version: 1.0.2 - Tigertrains.com)
Johnstown America Autocarriers CP 1.0.1 (HKLM-x32\...\Johnstown America Autocarriers CP 1.0.1) (Version: 1.0.1 - Tigertrains.com)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metrolink CEM Rotem Coaches & CabCar (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Metrolink CEM Rotem Coaches & CabCar) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.4330.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSTS FURX SD40-2 Pack (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\MSTS FURX SD40-2 Pack) (Version: - )
MSTS Patch 1.8.0521 EN (HKLM-x32\...\{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}) (Version: 1.8.052113 - George)
MTA P32AC-DM Engine Set 1.0.0 (HKLM-x32\...\MTA P32AC-DM Engine Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Northern California Scenery (HKLM-x32\...\MegaScenery - Northern California_is1) (Version: 1.0 - PC Aviator Inc.)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Pacific Northwest Scenery (HKLM-x32\...\MegaScenery - Pacific Northwest_is1) (Version: 1.0 - PC Aviator Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Phoenix (HKLM-x32\...\MegaCity - Phoenix_is1) (Version: 1 - PC Aviator Inc.)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.)
RBMN Covered Hoppers 1.0.0 (HKLM-x32\...\RBMN Covered Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Real Environment Xtreme for FS2004 Overdrive (HKLM-x32\...\{BA1DF5FA-905A-4BD5-9AE8-A8EFB4156DE3}) (Version: 1.5.2010.1210 - Real Environment Simulations, Inc.)
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
RivaTuner Statistics Server 5.1.1 (HKLM-x32\...\RTSS) (Version: 5.1.1 - Unwinder)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Route_Riter v7.5 (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\Route_Riter v7.5) (Version: - )
Saitek SD6 Programming Software 6.5.2.0 (HKLM\...\{FDA5412D-288C-4969-875A-8BE62471B3F9}) (Version: 6.5.2.0 - Saitek)
ScaleRail (HKLM-x32\...\ScaleRail1.77) (Version: 1.77 - 3DTrains)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shape Viewer (HKLM-x32\...\{88DA244E-4CEA-49E4-AD6A-301B65131E25}) (Version: 2.2.0.237 - )
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Sims 3 - Nude Clothes Females (HKLM-x32\...\xSIMS_Nude_Clothes_Females) (Version: - )
Sims 3 - Nude Clothes Males (HKLM-x32\...\xSIMS_Nude_Clothes_Males) (Version: - )
Sims 3 - Nude Skins (HKLM-x32\...\xSIMS_Nude_Skins) (Version: - )
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Solution for Real Terrain 0.5.2 (HKLM-x32\...\Solution for Real Terrain) (Version: 0.5.2 - Andres Blaho)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
South Dakota Soybean Set 1.0.0 (HKLM-x32\...\South Dakota Soybean Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Southern California (HKLM-x32\...\MegaScenery - Southern California_is1) (Version: 2 - PC Aviator Inc.)
SP WEST COLTON (HKLM-x32\...\SP WEST COLTON1.0) (Version: 1.0 - 3D Train Stuff Llc.)
Sprint SmartView (HKLM\...\{84E0D40C-ED8E-48B2-83D2-4C11AB246F4A}) (Version: 2.61.0038.0 - Sprint)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TGATool2A version 4.00.34 (HKLM-x32\...\TGATool2A_is1) (Version: - Martin Wright)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Train Sim Interface Quick Fix (HKLM-x32\...\Product_Name) (Version: - )
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)
Train Store V3.2 (HKLM-x32\...\Train Store V3.2) (Version: - )
Trinity Blue Long Door Coal Hoppers 1.0.0 (HKLM-x32\...\Trinity Blue Long Door Coal Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Trinity Green Long Door Coal Hoppers 1.0.0 (HKLM-x32\...\Trinity Green Long Door Coal Hoppers 1.0.0) (Version: 1.0.0 - Tigertrains.com)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
TweakUAC (HKLM-x32\...\TweakUAC_is1) (Version: 1.1 - WinAbility Software Corp.)
Unity Web Player (HKU\S-1-5-21-799792450-1319612783-380193225-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Washington State Grain Train Set 1.0.0 (HKLM-x32\...\Washington State Grain Train Set 1.0.0) (Version: 1.0.0 - Tigertrains.com)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
01-05-2015 22:16:53 Scheduled Checkpoint
14-05-2015 15:46:45 Scheduled Checkpoint
22-05-2015 23:18:13 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2015-05-03 21:03 - 00450716 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D2DB103-239E-4F5D-952A-CC0A028EE975} - System32\Tasks\HPCeeScheduleForBuddy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {32602108-B553-4955-9383-7B8E62A2C2AD} - System32\Tasks\UpdateService => C:\Users\Buddy\AppData\Local\Temp\SoftUpdater.exe [2014-05-01] () <==== ATTENTION
Task: {3B0E084C-C431-445D-A6DF-4CB87AC718DF} - System32\Tasks\GPUSpeed => C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\run.vbs [2014-11-15] ()
Task: {5860EBE5-2357-414D-92DA-454DE4058A79} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cbfirefighter@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {5A09F8D1-E584-4C34-9B0E-C3473291CB77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {5E63CA13-7E20-4FCB-B2D3-D64179434275} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {66E3473F-2175-4640-8F29-8B9F90D2DC05} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {781226D6-D2EB-4AA6-A490-F6A500DC980C} - System32\Tasks\Video Plus => C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe [2013-12-11] ()
Task: {7A50FFC0-7FC9-4DA3-BF3D-CF2F28729120} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {87671C73-51A6-40DC-B3C2-C7EB4E38B314} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8A0B53D3-7C3A-44C7-9E02-D27B1C4F40F1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {8EBD0E2C-9CED-466D-BF19-3438AC173F5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AAF85BC4-FDFC-4625-B028-DBB660A0C86E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-15] (Microsoft Corporation)
Task: {B7420405-353E-479A-A4DE-8FFD9DD899C2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {C9C75B91-C6C9-4675-83B1-428BE69FFF4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CEFDAA50-B9C2-459D-8313-3F8272A7F5A8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {CFA97F28-2817-4D7E-9FE0-F521FFC929B5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-02-12] (RealNetworks, Inc.)
Task: {EABA2279-3500-46D2-8D24-0FA2CF6AC3BC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-799792450-1319612783-380193225-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForBuddy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2013-11-28 22:52 - 2015-05-11 21:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-07 18:25 - 2011-02-07 18:25 - 00092504 _____ () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 16:29 - 2014-02-12 16:29 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-12-11 14:53 - 2013-12-11 14:53 - 00590848 _____ () C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-11-28 23:37 - 2013-11-28 23:37 - 00120224 _____ () C:\Users\Buddy\AppData\Local\assembly\dl3\2YDOPDMC.BP8\EWR9MVJO.29R\12e5dede\0057376b_1086cd01\HPItunesModule.DLL
2014-03-28 18:29 - 2014-03-28 18:29 - 06801920 _____ () C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
2015-05-14 14:59 - 2015-05-14 15:06 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-04-27 17:09 - 2015-04-27 17:09 - 02789672 _____ () C:\Program Files (x86)\CCP\EVE\launcher\launcher.exe
2015-04-27 17:09 - 2015-04-27 17:09 - 00469800 _____ () C:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.878305.win32\launcher.exe
2014-10-28 12:09 - 2014-10-28 12:09 - 00867928 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2015-04-01 06:43 - 2015-03-27 21:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-01-14 21:36 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-05-30 11:08 - 2012-05-30 11:08 - 00120424 _____ () C:\Program Files (x86)\Sprint\Sprint SmartView\RC_Pac.dll
2012-05-30 11:08 - 2012-05-30 11:08 - 00071272 _____ () C:\Program Files (x86)\Sprint\Sprint SmartView\RC_Eap.dll
2013-01-14 21:30 - 2012-07-18 02:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-10-28 12:09 - 2014-10-28 12:09 - 00571992 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2015-04-16 15:53 - 2015-04-16 15:53 - 00008192 _____ () C:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.878305.win32\launcher_helper.dll
2015-04-16 15:53 - 2015-04-16 15:53 - 20252160 _____ () C:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.878305.win32\libcef.dll
2015-04-16 15:53 - 2015-04-16 15:53 - 01093646 _____ () C:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.878305.win32\avcodec-53.dll
2015-04-16 15:53 - 2015-04-16 15:53 - 00117262 _____ () C:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.878305.win32\avutil-51.dll
2015-04-16 15:53 - 2015-04-16 15:53 - 00184846 _____ () C:\Program Files (x86)\CCP\EVE\launcher\appdata\EVE_Online_Launcher-2.2.878305.win32\avformat-53.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Buddy\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Buddy\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0018E68C-E0F7-43D9-B185-C06B8452510E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7B3AB0FE-CD04-4783-AC31-E977097C3253}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C6A9BD3F-35B5-4FCB-A1B7-1085132F796E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5F672B45-96F7-4188-B157-868DCAECA043}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [UDP Query User{5181A3A4-D0DF-409C-9438-17EEBEC7EC37}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{E50FFBDF-E22C-468A-8302-B84270F70645}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{0AE12153-9030-4641-A41D-5508C42AD69A}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B0888CCB-89B3-4C22-87DA-B85FB80742E4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6CC8E0A0-7CEA-4476-AB42-C36A81E64705}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E7A0E439-F1CF-44F2-988F-15E1E8EEAD47}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9D28541-1353-493E-9CEF-F68A98A4D31D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D73FABD6-08D3-48A9-9415-9522A425A846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6ED82E29-8E27-42C0-BEBF-3A7774FB3DF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C020EBF-E70E-462A-BF95-21FD4414E0E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41B83A9C-2A26-45B9-9B13-11FE575B9A45}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D58560E-BFF7-490D-8E2C-197D8A63FB39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B1C8AC19-72BF-417C-A112-9BD9AF723FF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F7B79E01-1D50-425B-AF82-C78D9F791B7D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{325571EC-B8AB-4D1A-B9DF-E18D8DF2F8F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{8140A7E0-42F7-41F4-AF5A-B950508C5A69}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8E11ADBE-22CB-4726-9E89-CFB947F8CE83}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{4071FA56-FBE0-474D-A1CA-AF6EE0F67D1C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7B888F92-8387-4D59-97EF-95BC0C83764A}] => (Allow) LPort=2869
FirewallRules: [{5744481E-2BC3-45B1-92A7-729EA036FD80}] => (Allow) LPort=1900
FirewallRules: [{5A59DE3A-B052-4E36-B533-C9CDEF4320B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3027A9D6-7479-457C-85AC-9AE4DABF3512}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{148B68C8-AA35-4189-8CC9-D35F0D1969D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{33CD255A-DECB-4E0C-9CF9-99FF99D2466E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{7E8BD4B9-6F87-487A-86A6-1350ED53D5BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{2C3E6A3A-D31B-4F3F-B020-CA35541E50A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RailWorks\RailWorks.exe
FirewallRules: [{EEB216BF-04C6-4A45-A05C-34F9E6FA9054}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{98FC052F-4FD6-4683-B02E-1608F1EFC5BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [TCP Query User{8949387A-640F-4F2A-925C-76EA30C06333}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{938CDC07-5B67-4AA5-9364-3A284FA26E13}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{9C4D818E-19E3-4AF2-9933-C18267CF0AE8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{3D1253C2-EEBE-49B3-BE34-CFAF88A1E868}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{621B51B8-CBD6-4751-A962-41C643A94042}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{41403454-C9EB-4C6A-8F49-2A57AFEAA94D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9E949E53-BF66-454D-9801-D907A329E5B9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F5A4165D-2C23-4318-A015-1CDCF408D282}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{4409A616-7C9D-4658-841C-3115F5270682}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [UDP Query User{D43D453D-626C-4942-8260-AC47A2144A8A}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [{1613D331-2FD2-4784-93CC-D90BAA086AF8}] => (Allow) LPort=3333
FirewallRules: [{26DEA898-6BB6-4CF4-82D7-A2FEB4DF0F01}] => (Allow) LPort=44444
FirewallRules: [{078D6F8E-3AB9-47C1-AA5F-E2DC0DD15279}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
FirewallRules: [{07EE2F87-0271-49F3-BC11-295A92B84B3B}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoDrivers\GPU\cudaminer.exe
FirewallRules: [{E9FCD414-6C31-4030-BE6E-6D35B19F6947}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [{35026531-6F3D-4A97-A943-E475E6CF79DE}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [TCP Query User{2BE81EF6-4D45-4659-B242-55ECEFFE1265}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
FirewallRules: [UDP Query User{57797C42-034C-4814-84ED-4835334B6F95}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
FirewallRules: [TCP Query User{040D88EB-BD80-42D8-BC28-97B83C8D39A1}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [UDP Query User{3B28208E-655C-4A10-97D0-0A4FDDE73F4D}C:\ares\ares.exe] => (Allow) C:\ares\ares.exe
FirewallRules: [{83BE2977-8ABB-4D0F-AA49-C6A696FAA619}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FAE90B2C-0A2D-4056-BC13-CB8DED8EFFFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C51B0B40-9CFD-4A50-A570-1931CD2A1C04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{F387DF9F-BDAD-488B-86AD-59DB76542C0F}] => (Allow) LPort=53000
FirewallRules: [{C1D0471F-C6F1-4819-8DF4-7B84682B14B5}] => (Allow) LPort=52000
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sprint\Sprint SmartView\SwiApiMux.exe] => Enabled:SwiApiMux
==================== Faulty Device Manager Devices =============
Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/24/2015 08:36:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6418.0, time stamp: 0x500e5a2c
Faulting module name: STacSV64.exe, version: 1.0.6418.0, time stamp: 0x500e5a2c
Exception code: 0xc0000005
Fault offset: 0x00000000000233c8
Faulting process id: 0x390
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
Faulting package full name: STacSV64.exe4
Faulting package-relative application ID: STacSV64.exe5
Error: (05/23/2015 10:28:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x41b4
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:28:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x4040
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x432c
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:28:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x3b7c
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:27:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x389c
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:27:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x4308
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:26:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x3d70
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x42d8
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
Error: (05/23/2015 10:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 6.3.9600.17415, time stamp: 0x54504134
Faulting module name: CFHD.dll, version: 8.6.3.670, time stamp: 0x52e94e95
Exception code: 0xc0000005
Fault offset: 0x0000000000004947
Faulting process id: 0x41b8
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5
System errors:
=============
Error: (05/24/2015 09:52:33 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
Error: (05/24/2015 09:52:27 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
Error: (05/24/2015 09:49:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Registration Service service failed to start due to the following error:
%%1053
Error: (05/24/2015 09:49:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Registration Service service to connect.
Error: (05/24/2015 09:48:38 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: N:\Device\HarddiskVolume122
Error: (05/24/2015 09:47:53 AM) (Source: DCOM) (EventID: 10010) (User: I5MSTS)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (05/24/2015 09:47:52 AM) (Source: DCOM) (EventID: 10010) (User: I5MSTS)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (05/24/2015 09:47:50 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
Error: (05/24/2015 09:39:35 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056
Error: (05/24/2015 09:37:36 AM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
Microsoft Office:
=========================
Error: (05/24/2015 08:36:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: STacSV64.exe1.0.6418.0500e5a2cSTacSV64.exe1.0.6418.0500e5a2cc000000500000000000233c839001d0962efd647119C:\Program Files\IDT\WDM\STacSV64.exeC:\Program Files\IDT\WDM\STacSV64.exe4456cd01-0222-11e5-bebc-6c3be537120d
Error: (05/23/2015 10:28:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c0000005000000000000494741b401d095da1ef62702C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll5cd17786-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:28:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c00000050000000000004947404001d095da1e7cebeeC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll5c4fe50b-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:28:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c00000050000000000004947432c01d095da1e17738fC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll5bd67087-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:28:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c000000500000000000049473b7c01d095da1d7f9796C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll5b6fa63b-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:27:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c00000050000000000004947389c01d095d9e14ebea5C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll1f40abad-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:27:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c00000050000000000004947430801d095d9e053e068C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll1e71c6e9-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:26:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c000000500000000000049473d7001d095d9dc7c114dC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll1a59b5f7-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c0000005000000000000494742d801d095d9dbf8ef21C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll19d478a4-01cd-11e5-bebb-6c3be537120d
Error: (05/23/2015 10:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.1741554504134CFHD.dll8.6.3.67052e94e95c0000005000000000000494741b801d095d9db83d51bC:\WINDOWS\system32\DllHost.exeC:\WINDOWS\system32\CFHD.dll19558904-01cd-11e5-bebb-6c3be537120d
CodeIntegrity Errors:
===================================
Date: 2015-05-24 09:26:06.058
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-24 09:26:05.895
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-24 09:22:50.861
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-24 09:22:50.698
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 21:36:57.078
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 21:36:56.913
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 21:36:56.740
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:35:20.678
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:35:20.507
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-05-23 09:11:39.984
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 8147.3 MB
Available physical RAM: 5520.01 MB
Total Pagefile: 8611.3 MB
Available Pagefile: 3970.35 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:909.93 GB) (Free:412.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.76 GB) (Free:2.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (BACKUP) (Fixed) (Total:111.79 GB) (Free:45.1 GB) NTFS
Drive i: (STAR_TREK_TO1_D9) (CDROM) (Total:6.52 GB) (Free:0 GB) UDF
Drive n: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:682.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB9ADFE0)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 114.5 GB) (Disk ID: 551E5BB7)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 40E5F13B)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End of log ============================
still getting the popup for randomly for both, and then the redirect shortly after the popup. Event is not occurring with every website as it was previously. Very hard reading online news, and it occurs with high frequency when I access elvastower.com.
Open up Notepad and copy and paste this in, starting with Start and ending with End
Start
CloseProcesses:
CreateRestorePoint:
ProxyEnable: [S-1-5-21-799792450-1319612783-380193225-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-799792450-1319612783-380193225-1001] => http=127.0.0.1:44444;https=127.0.0.1:44444
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-05-03 21:03 - 2013-08-22 07:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150503-210304.backup
Task: {781226D6-D2EB-4AA6-A490-F6A500DC980C} - System32\Tasks\Video Plus => C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe [2013-12-11] ()
C:\Users\Buddy\AppData\Roaming\VideoPlus
FirewallRules: [{E9FCD414-6C31-4030-BE6E-6D35B19F6947}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [{35026531-6F3D-4A97-A943-E475E6CF79DE}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [TCP Query User{2BE81EF6-4D45-4659-B242-55ECEFFE1265}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
FirewallRules: [UDP Query User{57797C42-034C-4814-84ED-4835334B6F95}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
Name the file Fixlist and save it to your desktop where you have FRST64 or the fix wont work, after its saved on your desktop, open up FRST64 and click on FIX (Not Scan ), it wont take long, after your system reboots you will find a FIXLOG on your desktop, post it please and let me know if it made a difference
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Buddy at 2015-05-24 13:23:23 Run:1
Running from C:\Users\Buddy\Desktop
Loaded Profiles: Buddy (Available Profiles: Buddy)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
ProxyEnable: [S-1-5-21-799792450-1319612783-380193225-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-799792450-1319612783-380193225-1001] => http=127.0.0.1:44444;https=127.0.0.1:44444
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-05-03 21:03 - 2013-08-22 07:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150503-210304.backup
Task: {781226D6-D2EB-4AA6-A490-F6A500DC980C} - System32\Tasks\Video Plus => C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe [2013-12-11] ()
C:\Users\Buddy\AppData\Roaming\VideoPlus
FirewallRules: [{E9FCD414-6C31-4030-BE6E-6D35B19F6947}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [{35026531-6F3D-4A97-A943-E475E6CF79DE}] => (Allow) C:\Users\Buddy\AppData\Roaming\VideoPlus\VideoPlus.exe
FirewallRules: [TCP Query User{2BE81EF6-4D45-4659-B242-55ECEFFE1265}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
FirewallRules: [UDP Query User{57797C42-034C-4814-84ED-4835334B6F95}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe] => (Block) C:\users\buddy\appdata\roaming\videoplus\videoplus.exe
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\S-1-5-21-799792450-1319612783-380193225-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
C:\WINDOWS\system32\Drivers\etc\hosts.20150503-210304.backup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{781226D6-D2EB-4AA6-A490-F6A500DC980C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{781226D6-D2EB-4AA6-A490-F6A500DC980C}" => key Removed successfully
C:\Windows\System32\Tasks\Video Plus => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Video Plus" => key Removed successfully
C:\Users\Buddy\AppData\Roaming\VideoPlus => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9FCD414-6C31-4030-BE6E-6D35B19F6947} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35026531-6F3D-4A97-A943-E475E6CF79DE} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2BE81EF6-4D45-4659-B242-55ECEFFE1265}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{57797C42-034C-4814-84ED-4835334B6F95}C:\users\buddy\appdata\roaming\videoplus\videoplus.exe => value Removed successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 37.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog 13:25:38 ====
I have been browsing yahoo news, and elvastower, where I seemed to have the most occurrence of the problem. It appears to have been eliminated. I've not had a popup or redirect in at least 30 minutes. Thank you for your help!
Great, we need to run a free online virus scanner to make sure everything is gone
Do this first as it will speed up the scan
Double click on AdwCleaner.exe to run the tool again.
Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
Still with me, the ESET scan is optional but its best to run it , it may or may not pickup other entries that need to be removed, it will guarantee a clean computer