Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My PC is infected with Maleware Wonderlandads...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My PC is infected with Maleware Wonderlandads...

Unread postby Devo » February 28th, 2017, 4:21 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by Clive (administrator) on DEAN-PC (28-02-2017 20:11:47)
Running from C:\Users\Clive\Downloads
Loaded Profiles: Clive (Available Profiles: Clive)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ALCPU) C:\Program Files\Core Temp\Core Temp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.7.1\WsAppService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3D PCIe Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe [976896 2012-12-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\Run: [GoogleChromeAutoLaunch_4574893E465E3CD524026381CCDC7A50] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C3B2EE96-FB07-4276-8785-152A85F8C33F}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
SearchScopes: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\g8bf64i0.default [2017-02-28]
FF Homepage: Mozilla\Firefox\Profiles\g8bf64i0.default -> hxxp://www.google.com/firefox
FF Keyword.URL: Mozilla\Firefox\Profiles\g8bf64i0.default -> hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\g8bf64i0.default -> Google
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\g8bf64i0.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\g8bf64i0.default -> hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\g8bf64i0.default -> Google
FF NewTab: Mozilla\Firefox\Profiles\g8bf64i0.default -> about:newtab
FF Extension: (Firefox Hotfix) - C:\Users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\g8bf64i0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-26]
FF Extension: (Adblock Plus) - C:\Users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\g8bf64i0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-26]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=app&cd=2Xz ... 884353&ir=
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/ie?out ... n&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default [2017-02-28]
CHR Extension: (BetterTTV) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Drive) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Twitch Smilies) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccecjkhlgopmlenoacdhfgaiccbfphnc [2016-02-14]
CHR Extension: (Adblock Plus) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (Google Search) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Twitch Live) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcjibojeokeogfofjgaajlobobagbeg [2017-02-05]
CHR Extension: (ReChat for Twitch™) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-03-03]
CHR Extension: (Twitch Now) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2016-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-13]
CHR Extension: (Chrome Media Router) - C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/deta ... gcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/deta ... gcejdaefmi

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-09-09] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [384000 2014-08-04] (ASUSTeK Computer Inc.) [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-02-25] ()
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2013-09-13] (Creative Technology Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [409128 2017-02-23] (EasyAntiCheat Ltd)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-19] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.7.1\WsAppService.exe [404480 2016-02-17] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [237056 2010-03-24] (AVEO Corp)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-12-17] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-12-17] (Corsair)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1049880 2013-09-13] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-09-13] (Creative Technology Ltd)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-08-04] (ASUSTeK Computer Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236432 2016-12-02] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2017-02-28] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-02] (AO Kaspersky Lab)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 ALSysIO; \??\C:\Users\Clive\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 20:11 - 2017-02-28 20:11 - 02423296 _____ (Farbar) C:\Users\Clive\Downloads\FRST64 (1).exe
2017-02-28 20:11 - 2017-02-28 20:11 - 00023297 _____ C:\Users\Clive\Downloads\FRST.txt
2017-02-28 20:11 - 2017-02-28 20:11 - 00000000 ____D C:\FRST
2017-02-28 20:08 - 2017-02-28 20:08 - 02423296 _____ (Farbar) C:\Users\Clive\Downloads\FRST64.exe
2017-02-28 18:02 - 2017-02-28 18:02 - 00000000 ____D C:\Users\Clive\ansel
2017-02-27 07:30 - 2009-06-10 21:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20170227-073004.backup
2017-02-27 07:04 - 2017-02-27 07:04 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-27 06:58 - 2017-02-27 07:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-27 06:58 - 2017-02-27 07:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-27 06:58 - 2017-02-27 06:58 - 00001399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-27 06:58 - 2017-02-27 06:58 - 00001387 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-27 06:58 - 2017-02-27 06:58 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-02-27 06:58 - 2017-02-27 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-27 06:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-02-26 14:10 - 2017-02-26 14:10 - 00000000 ____D C:\Users\Clive\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2017-02-26 09:32 - 2017-02-26 09:32 - 00000000 _____ C:\autoexec.bat
2017-02-25 22:15 - 2017-02-25 22:17 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-25 20:56 - 2017-02-27 17:16 - 00000000 ____D C:\AdwCleaner
2017-02-25 20:27 - 2017-02-25 20:27 - 00001451 _____ C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-25 20:27 - 2017-02-25 20:27 - 00001417 _____ C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-02-25 13:24 - 2017-02-25 20:41 - 00000000 ____D C:\Users\Clive\AppData\LocalLow\Unity
2017-02-25 13:24 - 2017-02-25 20:41 - 00000000 ____D C:\Users\Clive\AppData\Local\Unity
2017-02-25 13:23 - 2017-02-25 13:24 - 00003606 _____ C:\Windows\System32\Tasks\waycnewscombymonsm
2017-02-25 12:51 - 2017-02-25 12:51 - 00000000 ____D C:\Users\Clive\AppData\Local\TslGame
2017-02-24 19:22 - 2017-02-24 19:22 - 00000000 ____D C:\Users\Clive\AppData\Roaming\EasyAntiCheat
2017-02-24 19:21 - 2017-02-23 22:37 - 00409128 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-02-16 06:16 - 2017-02-09 22:39 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-16 06:14 - 2017-02-10 00:52 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 34937280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 28212280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 16398896 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 14674896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 14373824 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-16 06:14 - 2017-02-10 00:52 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 11019704 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 09305984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 08990072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437866.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437866.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00961080 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00611384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-16 06:14 - 2017-02-10 00:52 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-10 20:38 - 2017-02-02 16:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-10 20:38 - 2017-02-02 16:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-10 20:38 - 2017-02-02 14:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-10 20:38 - 2016-12-31 15:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-10 20:38 - 2016-12-31 15:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-10 20:38 - 2016-12-31 15:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-10 20:38 - 2016-12-31 15:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-10 20:38 - 2016-12-31 15:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-10 20:38 - 2016-12-31 15:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-09 07:18 - 2017-01-23 23:04 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-09 07:18 - 2017-01-23 23:04 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-09 07:18 - 2017-01-20 16:36 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-09 07:18 - 2017-01-20 16:36 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-09 07:18 - 2017-01-20 16:36 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-09 07:18 - 2017-01-20 16:36 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-09 07:15 - 2017-01-20 18:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 19:58 - 2016-02-13 11:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-28 18:18 - 2016-02-12 23:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-28 18:12 - 2016-02-13 00:24 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-28 18:10 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-28 18:10 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-28 18:08 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-28 18:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-02-28 18:03 - 2016-02-13 00:53 - 00000000 ____D C:\Program Files\Core Temp
2017-02-28 18:02 - 2016-02-12 23:09 - 00000000 ____D C:\Users\Clive
2017-02-28 18:02 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-27 17:12 - 2016-02-13 13:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-27 17:12 - 2016-02-13 13:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-27 16:23 - 2016-02-13 21:38 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-27 09:38 - 2016-02-13 12:32 - 00000000 ____D C:\Users\Clive\AppData\Roaming\Vso
2017-02-27 09:38 - 2016-02-13 00:28 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-27 08:40 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2017-02-27 06:49 - 2016-02-13 12:33 - 00001041 _____ C:\Users\Clive\AppData\Roaming\vso_ts_preview.xml
2017-02-26 14:21 - 2016-02-13 13:56 - 00002175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-26 14:18 - 2016-02-12 23:58 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-26 09:36 - 2016-02-13 15:00 - 00000000 ____D C:\Windows\Panther
2017-02-25 20:53 - 2016-02-12 23:09 - 00000000 ____D C:\Users\Clive\AppData\Local\VirtualStore
2017-02-25 20:26 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-25 13:24 - 2009-07-14 03:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-25 13:23 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-02-25 13:15 - 2016-02-21 06:51 - 00000934 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-02-25 12:51 - 2016-05-29 19:19 - 00000000 ____D C:\Users\Clive\AppData\Local\UnrealEngine
2017-02-25 12:51 - 2016-02-13 00:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-25 04:45 - 2016-02-13 00:35 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-24 19:22 - 2016-02-13 13:30 - 00000000 ____D C:\Users\Clive\AppData\Local\Ubisoft Game Launcher
2017-02-23 22:25 - 2016-02-13 21:39 - 00000000 ____D C:\Windows\system32\MRT
2017-02-22 06:11 - 2016-02-13 11:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 06:12 - 2016-02-13 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2017-02-18 20:31 - 2016-02-13 11:12 - 00000000 ____D C:\Users\Clive\AppData\Roaming\vlc
2017-02-16 06:58 - 2016-02-13 11:35 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-16 06:58 - 2016-02-13 11:35 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-16 06:58 - 2016-02-13 11:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-16 06:58 - 2016-02-13 11:35 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-16 06:58 - 2016-02-13 11:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-16 06:16 - 2016-11-23 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-16 06:16 - 2016-03-12 17:37 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-16 06:16 - 2016-02-13 00:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-11 22:46 - 2016-02-13 11:19 - 00000000 ____D C:\Users\Clive\AppData\Roaming\uTorrent
2017-02-11 07:10 - 2016-11-25 06:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-11 07:10 - 2016-02-12 23:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-10 21:15 - 2016-02-14 17:52 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-10 21:15 - 2016-02-14 17:52 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-10 00:52 - 2016-11-23 07:55 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-10 00:52 - 2016-10-27 20:47 - 19110088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-02-10 00:52 - 2016-10-27 20:47 - 16510160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-02-10 00:52 - 2016-10-27 20:47 - 13377072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-10 00:52 - 2016-10-27 20:47 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-10 00:52 - 2016-10-27 20:47 - 03583560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-10 00:52 - 2016-10-27 20:47 - 00042606 _____ C:\Windows\system32\nvinfo.pb
2017-02-09 23:13 - 2016-11-23 07:50 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-09 22:57 - 2016-11-23 07:56 - 07791217 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 22:57 - 2016-11-23 07:56 - 06403640 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 22:57 - 2016-11-23 07:56 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 22:57 - 2016-11-23 07:56 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 22:57 - 2016-11-23 07:56 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 22:57 - 2016-11-23 07:56 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 22:57 - 2016-11-23 07:56 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 22:57 - 2016-11-23 07:56 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-09 07:19 - 2016-02-13 00:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 07:16 - 2016-11-23 07:50 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-09 07:15 - 2016-12-15 13:58 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-09 07:15 - 2016-11-23 07:50 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-09 07:15 - 2016-11-23 07:50 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-09 07:15 - 2016-11-23 07:50 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-09 07:15 - 2016-11-23 07:50 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-09 07:15 - 2016-11-23 07:50 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-09 07:15 - 2016-02-13 00:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-02-13 12:32 - 2016-02-13 12:32 - 0099384 _____ () C:\Users\Clive\AppData\Roaming\inst.exe
2016-02-13 12:32 - 2016-02-13 12:32 - 0007859 _____ () C:\Users\Clive\AppData\Roaming\pcouffin.cat
2016-02-13 12:32 - 2016-02-13 12:32 - 0001167 _____ () C:\Users\Clive\AppData\Roaming\pcouffin.inf
2016-02-13 12:32 - 2016-02-13 12:32 - 0000034 _____ () C:\Users\Clive\AppData\Roaming\pcouffin.log
2016-02-13 12:32 - 2016-02-13 12:32 - 0082816 _____ (VSO Software) C:\Users\Clive\AppData\Roaming\pcouffin.sys
2016-02-13 12:33 - 2017-02-27 06:49 - 0001041 _____ () C:\Users\Clive\AppData\Roaming\vso_ts_preview.xml
2016-02-12 23:17 - 2016-02-12 23:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-23 07:12 - 2016-11-23 07:12 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-15 13:58 - 2017-01-25 06:18 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 13:58 - 2017-01-24 08:21 - 0004984 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-25 20:11

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Clive (28-02-2017 20:11:58)
Running from C:\Users\Clive\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-02-12 23:09:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4195537059-3487191388-2212901996-500 - Administrator - Disabled)
Clive (S-1-5-21-4195537059-3487191388-2212901996-1000 - Administrator - Enabled) => C:\Users\Clive
Guest (S-1-5-21-4195537059-3487191388-2212901996-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4195537059-3487191388-2212901996-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.00.92 - ASUSTeK Computer Inc.)
Amazon Kindle (HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Arma 2 (HKLM\...\Steam App 33910) (Version: - Bohemia Interactive)
ARMA 2 Army of The Czech Republic - Data cache removal (HKLM-x32\...\A2ACR Data cache removal) (Version: - )
Arma 2: British Armed Forces (HKLM\...\Steam App 65700) (Version: - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM\...\Steam App 224580) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM\...\Steam App 219540) (Version: - )
Arma 2: Private Military Company (HKLM\...\Steam App 65720) (Version: - Bohemia Interactive)
Arma X: Anniversary Edition (HKLM-x32\...\Steam App 107430) (Version: - Bohemia Interactive)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version: - Bohemia Interactive)
Arma: Gold Edition (HKLM-x32\...\Steam App 65780) (Version: - Bohemia Interactive)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.24.00 (HKLM\...\AutoHotkey) (Version: 1.1.24.00 - Lexikos)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version: - Canon Inc.‎)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CCGLauncher version 0.0.0.9 (HKLM-x32\...\{78D51CE5-799C-4FCA-9635-6F61E19EA5E3}_is1) (Version: 0.0.0.9 - Custom Combat Gaming)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
ConvertXtoDVD 4.0.9.322 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
Core Temp 1.6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.6 - ALCPU)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.30 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cronus PRO 1.10 (HKLM-x32\...\Cronus PRO) (Version: 1.10 - CronusMAX Team)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DayZLauncher version 0.0.2.5 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1) (Version: 0.0.2.5 - Maca134)
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
Desolation Mod Launcher (HKLM-x32\...\Desolation Mod Launcher) (Version: 1.6 - OPTiX)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
EVGA PrecisionX 16 (HKLM-x32\...\{425A0AAA-B049-4356-A81E-E089BC5AE934}) (Version: 5.3.10 - EVGA Corporation)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
GRID Autosport (HKLM\...\Steam App 255220) (Version: - Codemasters Racing)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
K-Lite Codec Pack 12.2.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.6 - KLCP)
L.A. Noire (HKLM\...\Steam App 110800) (Version: - Team Bondi)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Mafia III (HKLM\...\Steam App 360430) (Version: - Hangar 13)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Miscreated (HKLM\...\Steam App 299740) (Version: - Entrada Interactive LLC)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.7.1.6246 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 en-GB)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
Rocksmith (HKLM\...\Steam App 205190) (Version: - Ubisoft - San Francisco)
Rocksmith 2014 (HKLM\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sound Blaster Recon3D PCIe (HKLM-x32\...\{CA0A90CB-F659-4E0B-B2A2-C8CF4B752AEC}) (Version: 1.01.26 - Creative Technology Limited)
Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{204FCF73-1450-407D-BCF9-1233EC5F5787}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
State of Decay: Year-One (HKLM\...\Steam App 329430) (Version: - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Tom Clancy's Ghost Recon Wildlands Open Beta (HKLM\...\Steam App 584210) (Version: - Ubisoft Paris)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zombie Army Trilogy (HKLM\...\Steam App 301640) (Version: - Rebellion)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E61F664-1E37-4EB6-9843-90877E9BBC01} - System32\Tasks\waycnewscombymonsm => Chrome.exe waycnews.com/bymonsm
Task: {0EFD051B-CD04-4F01-894E-3E374D14C6CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {202EA55C-6316-499C-98E0-1EA032581862} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {2A7E7382-B1D4-49BC-A849-C621AFFE7398} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {31F99FD2-CF38-4A00-8EDA-17BE60B6F981} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {337371BC-B23C-45CD-9E44-330013964FD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {4962D0FD-7272-4E5A-8074-1A095D4F7924} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-13] (Google Inc.)
Task: {5A790320-39E6-4CE4-9974-AB6E5FF3C10A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {659075D3-FC96-47DF-B257-205D8C7511F4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {67E706D9-40C8-4D6F-86CA-3C3F3C6AC909} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-16] (Adobe Systems Incorporated)
Task: {68BF30E5-2500-4DFB-8EED-E2860D91BED8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {6EE93B72-2DA4-4612-AB72-1C876BD93D85} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {7DCD9FE4-81E6-4D63-96A4-BF90A53E358D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {80ABBCF9-876C-4804-813C-A8EEEC3DBFE7} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-08-04] ()
Task: {90CD9B74-02A0-4ED0-8608-953DC35D5CA3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {9C1B1D1C-21CD-466E-9870-BEAFDC65B255} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {9DCDF1CC-F815-4086-B970-882B7962A8D2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] ()
Task: {B8D17668-6FEF-4EE7-833A-33F5CA95E73A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {BD2A9845-994C-4294-B80C-0C03F77D9583} - System32\Tasks\Core Temp Autostart Clive => C:\Program Files\Core Temp\Core Temp.exe [2017-02-18] (ALCPU)
Task: {CA52BA11-62BE-4702-BC25-834CA9DD434C} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {CF01BD28-15BB-437A-8EA5-24ED868B9750} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-03-27] ()
Task: {D1AF4DCA-E9E2-4427-8CC9-058B4C1892EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {E60EBBFE-23DA-4D67-B8A5-F3A806455CC9} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-08-04] (TODO: <Company name>)
Task: {F2960E85-B7A7-41C3-ABE2-4BB69DFA9CD1} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-09-11] (ASUSTeK Computer Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-12 23:14 - 2014-01-28 03:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-11-23 07:50 - 2017-01-20 18:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-23 07:50 - 2017-01-20 18:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-23 07:56 - 2017-02-09 22:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-02-12 23:30 - 2014-08-04 19:21 - 01271096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-02-12 23:29 - 2014-03-27 19:33 - 01430328 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2016-02-12 23:31 - 2014-08-01 14:58 - 01065272 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2016-02-12 23:31 - 2014-07-25 16:32 - 00036152 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2016-02-12 23:29 - 2014-09-09 10:14 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2016-02-12 23:14 - 2017-02-28 18:02 - 00034960 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-02-12 23:14 - 2014-01-28 03:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2016-11-23 07:50 - 2017-01-20 18:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-23 07:50 - 2017-01-20 18:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-23 07:50 - 2017-01-20 18:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00711680 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00856576 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00803840 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00807936 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2016-02-12 23:29 - 2014-03-27 19:32 - 05778096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2016-02-12 23:29 - 2014-02-24 17:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2016-02-12 23:29 - 2014-09-09 10:14 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2016-02-12 23:29 - 2014-09-09 10:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2016-02-12 23:30 - 2014-08-04 17:31 - 04239360 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2016-02-12 23:29 - 2014-02-25 16:53 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2016-02-12 23:29 - 2014-09-09 10:14 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2016-02-12 23:30 - 2014-08-04 09:25 - 00053248 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2016-02-12 23:30 - 2014-08-04 09:25 - 00278528 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2016-02-12 23:29 - 2014-09-09 02:14 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2017-02-02 22:09 - 2017-02-01 09:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 22:09 - 2017-02-01 09:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-03-23 10:04 - 2016-03-23 10:04 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2017-02-27 06:58 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-27 06:58 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-27 06:58 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-23 07:50 - 2017-01-20 18:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-11-23 07:50 - 2017-01-20 13:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-11-23 07:50 - 2017-01-20 13:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-11-23 07:50 - 2017-01-20 13:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-11-23 07:50 - 2017-01-20 13:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-11-23 07:50 - 2017-01-20 13:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-11-23 07:50 - 2017-01-20 13:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-11-23 07:50 - 2017-01-20 13:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-15 13:58 - 2017-01-20 13:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-27 06:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-02-27 06:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-02-12 23:31 - 2013-11-20 10:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2016-02-12 23:31 - 2013-07-02 10:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2016-02-12 23:30 - 2014-08-04 17:25 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll
2016-02-12 23:31 - 2014-04-10 15:23 - 00643584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMiniMsg.dll
2017-02-14 21:49 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Clive\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7931 more sites.

IE trusted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\...\123simsen.com -> www.123simsen.com

There are 7931 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2017-02-27 07:30 - 00454232 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15588 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4195537059-3487191388-2212901996-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9D737477-70EB-44C8-B901-FEC5FAADF568}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7328A69A-8691-4427-84AA-73387A882A18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB71B76F-82AE-40B3-AF83-B339F4807E30}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BC289633-E8D8-40CC-A647-8D6CF09F96EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2802A143-F2AD-49CC-A556-81E92D10889E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EA4E4EC6-654E-492D-8963-5F98E5B5F1FF}] => (Allow) G:\Steam Games\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{954AE725-F65B-4AB5-8259-D424BAFB2DFD}] => (Allow) G:\Steam Games\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{76EF57EC-5B5E-4E7F-8C68-60067BC80E04}] => (Allow) G:\Steam Games\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{B218C3CC-D90D-4301-AF18-AF6287645685}] => (Allow) G:\Steam Games\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{BEE4ADB9-C31F-4B15-8C56-2B865CF7E906}] => (Allow) C:\Users\Clive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EC1847D-7979-425E-BF65-233228CE97F5}] => (Allow) C:\Users\Clive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{396E7A90-C232-4D88-8DE0-8448F52FBF8F}] => (Allow) C:\Users\Clive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A344296B-5CF4-4BF4-81A1-BAAEF0851042}] => (Allow) C:\Users\Clive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB9239CE-54AA-4612-A00D-55DACC2C0271}] => (Allow) C:\Users\Clive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F21A5682-DE31-4DBC-A6E6-E3FD1ABD6008}] => (Allow) C:\Users\Clive\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C1D93DB6-82D3-4BEA-A66F-967A1D0D8B6A}] => (Allow) G:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{FD1EE811-693E-4BDA-A7DA-C80D1228D2BF}] => (Allow) G:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{774A4C04-1FA5-4C7B-AF2D-57CA4C5311BE}] => (Allow) G:\Steam Games\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{488608C9-2C6E-4B6D-856D-8F2520FD7045}] => (Allow) G:\Steam Games\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{2B9C6C12-C575-4B9D-9252-02E1DC38255E}] => (Allow) G:\Steam Games\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{E85C75F1-0154-445A-A85A-7474AF3D8F8B}] => (Allow) G:\Steam Games\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{D65B6966-06B0-45FA-B49A-61CD5E8B0964}] => (Allow) G:\Steam Games\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{C386048C-2E06-4747-AB6E-E0B587F52C8A}] => (Allow) G:\Steam Games\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{CFF729AA-4916-426C-8DCF-0AF8D9F7BC26}] => (Allow) G:\Steam Games\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{1906E993-93E6-4508-B166-E1228136CDDF}] => (Allow) G:\Steam Games\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{14A64ECE-7E09-4661-9DBB-99D768CDAD60}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{170F342F-B00F-409C-8C55-41F38F6AB39B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{921D6BF8-BADD-40CC-8F7F-95666F8F9440}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{6A0914FF-4A3A-40EE-B58C-571456284315}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{5845ABB8-6952-44EC-9E79-1E257E4E94E7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{A966F31B-5285-49E4-A289-DA5D92E2E55D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{F360F43F-7CF2-466D-B112-A33C35AB6F62}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{DA7912F7-9DF9-4434-BF69-3367789A1453}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{2E016160-D7FC-4DD0-8367-367ABE04ABA6}] => (Allow) G:\Steam Games\steamapps\common\Rocksmith\Rocksmith.exe
FirewallRules: [{DE757549-DD12-4D7D-ABE3-169A9F192441}] => (Allow) G:\Steam Games\steamapps\common\Rocksmith\Rocksmith.exe
FirewallRules: [{E6FD6DB5-ABEA-4693-9E5C-CA061D4D868E}] => (Allow) G:\Steam Games\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{8DD98172-2876-4A13-AA54-12343FC01502}] => (Allow) G:\Steam Games\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{7D940024-929C-492F-8A7C-04B4F7771A53}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{8DA55BA4-2F10-470E-852E-CEE82A67052D}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\BAF\datacachepreprocessor.exe
FirewallRules: [{EC967EE0-E537-4273-8A58-9AE5CA4A9BC2}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{4C5F8665-576F-44CF-AF96-5B025FD12911}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{AED2BD21-3C09-437A-96E8-A01B1FF1F155}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{901BA971-1658-49E6-91DA-4AACE13CA24B}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{75376BDB-08CF-47B0-9D0F-01AC117658D2}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{E116A2C6-0D67-4FFB-B1AD-E0D49A909EC5}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\ACR\datacachepreprocessor.exe
FirewallRules: [{ACAFA26B-4F5E-4E2C-9078-F631857B1D4A}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{4C122C3F-DEEA-44DE-BFF1-47FD4F7CACCD}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\DLCsetup\PMC\datacachepreprocessor.exe
FirewallRules: [{683E731D-FEBF-4106-B121-E7405D56A7E9}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{085EF49D-0E39-4786-9A37-0D88F05DB5DA}] => (Allow) G:\Steam Games\steamapps\common\ARMA 2 Operation Arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{8C1C84FD-4F54-4A64-A07F-4AE68A31D8CF}] => (Allow) G:\Steam Games\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{B732725B-95AE-4FD0-AC1B-6AAC2E764A4A}] => (Allow) G:\Steam Games\steamapps\common\L.A.Noire\LANLauncher.exe
FirewallRules: [{23822C71-E6DE-48A9-8043-6228AAE46018}] => (Allow) G:\Steam Games\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [{067C84DB-5E11-46AF-B1CC-74938B2BD2A0}] => (Allow) G:\Steam Games\steamapps\common\Miscreated\Miscreated.exe
FirewallRules: [{FD33A61B-6C0D-43C1-AE4A-A894A1C0CFB4}] => (Allow) G:\Steam Games\steamapps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{75B470AB-C835-4486-8AD4-59B86BC7EF2E}] => (Allow) G:\Steam Games\steamapps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe
FirewallRules: [{B1E89441-B2A7-446C-A465-5E4379B9BD26}] => (Allow) G:\Steam Games\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{86726FDE-39DF-4037-BB51-887680462ACE}] => (Allow) G:\Steam Games\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{E2163F1A-A4AF-44D6-946A-7AF2B2594F65}] => (Allow) G:\Steam Games\steamapps\common\GRID Autosport\GRIDAutosport.exe
FirewallRules: [{536D060E-F7C0-4D9C-8DAE-23C2F71C87C1}] => (Allow) G:\Steam Games\steamapps\common\GRID Autosport\GRIDAutosport.exe
FirewallRules: [{345FBAB4-DE39-44EE-9645-DBA47AED9444}] => (Allow) G:\Steam Games\steamapps\common\Mafia III\launcher.exe
FirewallRules: [{03E285D9-ECBE-4E4F-B108-6785F4BAC8B4}] => (Allow) G:\Steam Games\steamapps\common\Mafia III\launcher.exe
FirewallRules: [{AFF5F887-E58C-4D5A-BB39-C06341062C90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{0BAC3575-66C5-4FFA-A9DD-FD16604152CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8A5DA64D-7405-4B07-B590-63D7EDEEB656}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{105CB361-0116-4B37-B788-DFA3DB9FF082}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF67345E-316C-4AA8-8EFF-32DFF203E84F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B8351C9A-5F75-43C3-A8BD-A18556FAA42A}] => (Allow) G:\Steam Games\steamapps\common\State of Decay YOSE\StateOfDecay.exe
FirewallRules: [{C2DD8AA1-0946-4E32-840C-7A1C607BC7D6}] => (Allow) G:\Steam Games\steamapps\common\State of Decay YOSE\StateOfDecay.exe
FirewallRules: [{3DA05E55-4791-4DC9-9B12-6FA4281B6173}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{070BA44B-C4D3-4A57-B325-1074B1C866F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{98F4136B-A9E4-4F13-8B02-31B80129FC70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9EF6FAEC-1146-4047-BEB4-11EBB5B05131}] => (Allow) G:\Steam Games\steamapps\common\Tom Clancy's Ghost Recon Wildlands Open Beta\GRW.exe
FirewallRules: [{B79F33EF-D31E-4BA7-A8CF-B5279CE70A0B}] => (Allow) G:\Steam Games\steamapps\common\Tom Clancy's Ghost Recon Wildlands Open Beta\GRW.exe
FirewallRules: [{F345C3B6-A98E-43A5-A7F7-5B600ECA86E1}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{E8D709B2-6DA8-4C54-8078-2F992072740F}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

21-02-2017 06:18:50 Windows Update
23-02-2017 22:23:50 Windows Update
25-02-2017 12:51:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
25-02-2017 12:51:19 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
25-02-2017 12:51:23 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
25-02-2017 12:51:30 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
25-02-2017 19:29:29 Windows Modules Installer
28-02-2017 07:45:09 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2017 06:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/28/2017 08:53:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/28/2017 06:39:19 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\nero\nero 12\nero burning rom\NeroCmd.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\nero\nero 12\nero burning rom\SMC\SMC.MANIFEST" on line 3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/28/2017 06:37:34 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\nero\nero 12\nero burning rom\NeroCmd.exe.Manifest".Error in manifest or policy file "c:\program files (x86)\nero\nero 12\nero burning rom\SMC\SMC.MANIFEST" on line 3.
Component identity found in manifest does not match the identity of the component requested.
Reference is SMC,processorArchitecture="x86",type="win32",version="8.2.0.0".
Definition is SMC,processorArchitecture="x86",type="win32",version="12.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/28/2017 06:34:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/27/2017 05:17:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/27/2017 05:16:22 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/27/2017 05:16:22 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/27/2017 05:16:22 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/27/2017 05:16:22 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (02/28/2017 06:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/28/2017 06:02:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (02/28/2017 08:53:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/28/2017 08:53:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (02/28/2017 06:34:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/28/2017 06:34:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (02/27/2017 05:17:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/27/2017 05:17:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (02/27/2017 05:16:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/27/2017 05:16:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


CodeIntegrity:
===================================
Date: 2016-02-12 23:54:13.497
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 23:54:13.496
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 23:54:13.495
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-02-12 23:54:13.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 24%
Total physical RAM: 16325.84 MB
Available physical RAM: 12309.93 MB
Total Virtual: 32649.87 MB
Available Virtual: 28101.66 MB

==================== Drives ================================

Drive c: (ASUS) (Fixed) (Total:238.37 GB) (Free:65.41 GB) NTFS
Drive d: (ASUS) (Fixed) (Total:465.75 GB) (Free:235.52 GB) NTFS
Drive e: (ASUS) (Fixed) (Total:465.75 GB) (Free:355.74 GB) NTFS
Drive f: (ASUS) (Fixed) (Total:465.75 GB) (Free:212.19 GB) NTFS
Drive g: (ASUS) (Fixed) (Total:465.75 GB) (Free:104.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: DA01EFC4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 920BC0C3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Hi All...
I am new to this forum. Now i am not a total newb when it comes to computers. But this has got me baffled i clicked on a dodgy patch the other day to fix a game. and now i have ended up with this dreaded wonderlandads on my PC.
Apparently it only affect Browsers. I have deleted all of the software that was downloaded. I have followed many guids how to clean google chrome because that is what is affected. Tabs keep opening on there own, every so often.
I have not had any luck removing this problem. I have searched high and low and i can not find a trace of it anywhere on my PC. I have used Malewarebytes Spybot search and destroy Adwcleaner and a few others and nothing has turned up.
I have kaspersky internet security installed that keeps blocking the tabs from actually conecting to a site. I have done a full system scan and nothing.
So if anyone can help shed some light on this little problem i would be muchly appreciative many thanks...

Dean.

Above are the files that was needed thank you...
Devo
Active Member
 
Posts: 5
Joined: February 28th, 2017, 2:43 pm
Advertisement
Register to Remove

Re: My PC is infected with Maleware Wonderlandads...

Unread postby mAL_rEm018 » March 2nd, 2017, 3:46 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello Devo,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: My PC is infected with Maleware Wonderlandads...

Unread postby Devo » March 2nd, 2017, 4:49 pm

Hi mAL
OK i understand and i will do what you ask. If I am not sure i will ask you. Thank you for helping me, you know that this is a Browser problem google chrome. But it affects all browsers on my PC. It keeps opening TABS that go to dodgy URL's. I have run google chrome clean up tool and Reset it a few times. I have also run Malewarebytes And AdwCleaner, but no fix. I have searched the registry also all programs, System 32 and numerous other tasks.
Anyway i will be looking forward to hearing from you.

Thanks again

Dean...
Devo
Active Member
 
Posts: 5
Joined: February 28th, 2017, 2:43 pm

Re: My PC is infected with Maleware Wonderlandads...

Unread postby mAL_rEm018 » March 2nd, 2017, 5:58 pm

Hello Devo,

Please answer the following question..
  1. Is this computer used for any type of business purposes?
  2. I don't see any signs of Malwarebytes in your logs. Did you remove the program prior to runing the FRST scan?
    Devo wrote:I have also run Malewarebytes

Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Let's run a search using FRST..

  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wonderlandads;Wordinator;WordSurfer

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... SearchReg.txt
    • Please post it in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble with any of the steps?
  • Answer to my questions
  • SearchReg.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: My PC is infected with Maleware Wonderlandads...

Unread postby Devo » March 3rd, 2017, 9:39 am

Hi mAL
No my Computer is not used for any type of business, it is home use only. I used malewarebytes but i uninstalled it after i used it. Before i Scanned my PC with FRST. And no i had no problems with any of the Tasks that you have asked me to perform.


Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by Clive (03-03-2017 13:37:33)
Running from C:\Users\Clive\Downloads
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wonderlandads;Wordinator;WordSurfer" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "SweetIM" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

[HKEY_USERS\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_USERS\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]


===================== Search result for "SweetPacks" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

[HKEY_USERS\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_USERS\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

[HKEY_USERS\S-1-5-21-4195537059-3487191388-2212901996-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]

====== End of Search ======
Devo
Active Member
 
Posts: 5
Joined: February 28th, 2017, 2:43 pm

Re: My PC is infected with Maleware Wonderlandads...

Unread postby mAL_rEm018 » March 4th, 2017, 6:32 am

Hello Devo,

Devo wrote:No my Computer is not used for any type of business, it is home use only.

How did you obtain your license for Microsoft Office Enterprise 2007?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: My PC is infected with Maleware Wonderlandads...

Unread postby Devo » March 4th, 2017, 12:53 pm

Hi mAL

It was on my PC when i brought it.
Devo
Active Member
 
Posts: 5
Joined: February 28th, 2017, 2:43 pm

Re: My PC is infected with Maleware Wonderlandads...

Unread postby mAL_rEm018 » March 4th, 2017, 6:27 pm

Hello Devo,

Please run the following scans..

MGA Diagnostics
  • Please download and save the following tool to your Desktop: Link.
  • Right-click on MGADiag.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Continue. The diagnosis will now begin.
  • When the process is over, click Copy.
  • Open Notepad and paste the contents.
  • Save this file as MGADiag.txt.
  • Post the content on MGADiag.txt in your next reply.


CKScanner
  • Please download following tool to your Desktop: Link
  • Right-Click on CKScanner.exe and select "Run as Administrator" to run it...if UAC prompts, please allow it.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.


-----------------------------------------
In your next reply, I would like to see..
  • MGADiag,txt
  • CKFiles.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: My PC is infected with Maleware Wonderlandads...

Unread postby NonSuch » March 7th, 2017, 8:18 pm

Due to a failure to respond for 72 hours or more, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 335 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware