Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Malware from Hell linked to Adobe Flash Player

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
AmateurGeek
Newbie


Joined: 04 Nov 2015
Last Visit: 11 Nov 2015
Posts: 2

PostPosted: Wed Nov 11, 2015 3:24 am    Post subject: Malware from Hell linked to Adobe Flash Player Reply with quote

I have re-installed Windows almost every day for the past fortnight fighting off an awful Malware infection that causes a repeating sound of a USB device being plugged in.

I bought a new hard drive (SSD) as one computer tech I spoke to said that a failing hard drive could be the problem.
However the problems continue:

When I downloaded Adobe Flash player for my browser (after a fresh installation of Windows 8.1) , the continuous sound of the USB entering started repeating. I hadn't even installed the player yet. It was when the download finished. This might be a clue, given the recent security breaches found in Adobe Flash player.

Sometimes my keyboard just stops working - no letters come up on the screen.
But rebooting usually works. If it doesn't, I have a hard time re-installing windows as it requires entering the registration code, so I have to use the restore function.

Every 20 minutes or so, my mouse pointer freezes for about 5 seconds.

Do these symptoms give any clue as to where the malware is hiding.
This is by far the worst one I have encountered.

In summary, I have scanned with almost anti-malware program and found nothing, reinstalled windows (yes, with re-formatting of both my hard drives), bought a new hard drive, reset the bios, reset the modem.

Apart from throwing this computer out the window, does anyone have any better ideas?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Wed Nov 11, 2015 8:32 am    Post subject: Reply with quote

By the sounds of your symptoms it does not seem likely that they have a malware based cause, however we'd need to run some scans before I could be confident of saying that for sure.


  • Download FRST to your Desktop (if your computer is a 32 bit machine).
  • Download FRST64 to your Desktop. (if your computer is a 64 bit machine)
  • Double click Frst.exe to launch it.
  • FRST will start to run.

    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.



(Since the logs are usually quite long, you should post each one separately, otherwise they may get cut short by the forum post size limiter)
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
AmateurGeek
Newbie


Joined: 04 Nov 2015
Last Visit: 11 Nov 2015
Posts: 2

PostPosted: Wed Nov 11, 2015 1:40 pm    Post subject: Thanks for a response Reply with quote

Here are the files:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by John (administrator) on LOUNGE (12-11-2015 07:35:04)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\PureVPN\purevpn.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134792 2015-09-09] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2976532127-393094700-2450792652-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-20] (Piriform Ltd)
HKU\S-1-5-21-2976532127-393094700-2450792652-1001\...\MountPoints2: {2d966acf-8781-11e5-824f-806e6f6e6963} - "E:\ShelExec.exe" open.htm
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2015-11-10]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FE76E006-67F8-4431-A509-FE5EE2617D3E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\iz7dgjx5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-28] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\iz7dgjx5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [31872 2015-10-13] (The OpenVPN Project)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3722912 2015-09-09] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-22] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-14] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-19] (Qualcomm Atheros Communications, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-12] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [461792 2015-09-09] (Check Point Software Technologies Ltd.)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-11-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-11-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-22] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 07:35 - 2015-11-12 07:35 - 00010523 _____ C:\Users\John\Downloads\FRST.txt
2015-11-12 07:34 - 2015-11-12 07:35 - 00000000 ____D C:\FRST
2015-11-12 07:34 - 2015-11-12 07:34 - 02198528 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-11-12 07:15 - 2015-11-12 07:33 - 00021449 _____ C:\Windows\WindowsUpdate.log
2015-11-12 07:12 - 2015-11-12 07:12 - 497733810 _____ C:\Windows\MEMORY.DMP
2015-11-12 07:12 - 2015-11-12 07:12 - 00296936 _____ C:\Windows\Minidump\111215-6843-01.dmp
2015-11-12 00:24 - 2015-11-12 00:24 - 00606643 _____ C:\Users\John\Downloads\Autoruns.zip
2015-11-12 00:24 - 2015-11-12 00:24 - 00000000 ____D C:\Users\John\Downloads\Autoruns
2015-11-11 12:05 - 2015-11-12 07:12 - 00000000 ____D C:\Windows\Minidump
2015-11-11 06:00 - 2015-11-10 22:48 - 00000000 ____D C:\Windows\Panther
2015-11-11 02:41 - 2015-11-11 02:58 - 00000000 ____D C:\Users\John\Downloads\Mr.Holmes.2015.HDRip.XViD-ETRG
2015-11-10 23:21 - 2015-11-11 03:17 - 00000000 ____D C:\Users\John\Downloads\300 Rise of an Empire (2014)
2015-11-10 23:21 - 2015-11-11 03:12 - 00000000 ____D C:\Users\John\Downloads\Focus (2015)
2015-11-10 23:20 - 2015-11-10 23:48 - 1002496198 _____ C:\Users\John\Downloads\American Sniper (2014) DvD Scr Rip - X264 lottery.mkv
2015-11-10 23:19 - 2015-11-10 23:19 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
2015-11-10 23:19 - 2015-11-10 23:19 - 00000000 ____D C:\Users\John\AppData\Local\pip
2015-11-10 23:19 - 2015-11-10 23:19 - 00000000 ____D C:\Python34
2015-11-10 23:12 - 2015-11-11 07:34 - 00000000 ____D C:\Users\John\AppData\Roaming\qBittorrent
2015-11-10 23:12 - 2015-11-10 23:19 - 00000000 ____D C:\Users\John\AppData\Local\qBittorrent
2015-11-10 23:12 - 2015-11-10 23:18 - 00001055 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2015-11-10 23:12 - 2015-11-10 23:13 - 13620780 _____ (The qBittorrent project) C:\Users\John\Downloads\qbittorrent_3.2.5_setup.exe
2015-11-10 23:11 - 2015-11-12 07:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-10 23:11 - 2015-11-10 23:18 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-11-10 23:11 - 2015-11-10 23:11 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-10 23:11 - 2015-11-10 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-10 23:11 - 2015-10-27 02:56 - 13607278 _____ (The qBittorrent project) C:\Users\John\Desktop\qbittorrent_3.2.4_setup.exe
2015-11-10 23:10 - 2015-11-10 23:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-10 23:10 - 2015-11-10 23:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-10 23:10 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-10 23:10 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-10 23:10 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-10 23:07 - 2015-11-10 23:08 - 22908888 _____ (Malwarebytes ) C:\Users\John\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-10 22:47 - 2015-11-10 22:47 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-11-10 22:47 - 2015-11-10 22:47 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-10 22:47 - 2015-11-10 22:47 - 00000000 ____D C:\Program Files\CCleaner
2015-11-10 22:46 - 2015-11-10 22:46 - 06762072 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup511.exe
2015-11-10 22:30 - 2015-11-10 22:30 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2015-11-10 22:30 - 2015-11-10 22:30 - 00000000 ____D C:\Users\John\AppData\Local\Macromedia
2015-11-10 22:27 - 2015-11-11 20:29 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-11-10 22:22 - 2015-11-10 22:22 - 00000000 ____D C:\Users\John\AppData\Local\IsolatedStorage
2015-11-10 22:21 - 2015-11-10 23:18 - 00000000 ____D C:\ProgramData\purevpn
2015-11-10 22:21 - 2015-11-10 22:21 - 00001083 _____ C:\Users\Public\Desktop\PureVPN.lnk
2015-11-10 22:21 - 2015-11-10 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureVPN
2015-11-10 22:21 - 2015-11-10 22:21 - 00000000 ____D C:\Program Files (x86)\PureVPN
2015-11-10 22:21 - 2015-10-13 15:23 - 00039040 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-11-10 22:20 - 2015-11-10 22:26 - 00000000 ____D C:\Users\John\AppData\Local\Mozilla
2015-11-10 22:20 - 2015-11-10 22:20 - 00000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2015-11-10 22:19 - 2015-11-10 22:20 - 12746888 _____ (PureVPN ) C:\Users\John\Downloads\purevpn_setup.exe
2015-11-10 22:19 - 2015-11-10 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-10 22:19 - 2015-11-10 22:19 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-10 22:19 - 2015-11-10 22:19 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-10 22:19 - 2015-11-10 22:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-10 21:15 - 2015-11-10 21:16 - 00430818 _____ C:\Windows\system32\Drivers\vsconfig.xml
2015-11-10 21:15 - 2015-11-10 21:15 - 00000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2015-11-10 21:15 - 2015-11-10 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-11-10 21:14 - 2015-11-10 21:15 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2015-11-10 21:14 - 2015-11-10 21:14 - 00000000 ____D C:\ProgramData\CheckPoint
2015-11-10 21:13 - 2015-11-10 21:14 - 01160032 _____ (Web application ) C:\Users\John\Downloads\ZoneAlarm.exe
2015-11-10 21:12 - 2015-11-10 21:12 - 00003814 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1447150341
2015-11-10 21:12 - 2015-11-10 21:12 - 00001147 _____ C:\Users\Public\Desktop\Opera.lnk
2015-11-10 21:12 - 2015-11-10 21:12 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-11-10 21:12 - 2015-11-10 21:12 - 00000000 ____D C:\Users\John\AppData\Roaming\Opera Software
2015-11-10 21:12 - 2015-11-10 21:12 - 00000000 ____D C:\Users\John\AppData\Local\Opera Software
2015-11-10 21:11 - 2015-11-11 22:50 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2015-11-10 21:11 - 2015-11-10 21:12 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-10 21:10 - 2015-11-10 21:10 - 00000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-10 21:10 - 2015-11-10 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-10 21:10 - 2015-11-10 21:10 - 00000000 ____D C:\Program Files\VideoLAN
2015-11-10 21:09 - 2015-11-10 21:09 - 00000024 _____ C:\Windows\SetupTemp.ini
2015-11-10 21:09 - 2015-11-10 21:09 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-11-10 21:09 - 2015-11-10 21:09 - 00000000 ____D C:\Windows\LastGood
2015-11-10 21:09 - 2015-11-10 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
2015-11-10 21:09 - 2015-11-10 21:09 - 00000000 ____D C:\Program Files\VIA
2015-11-10 21:09 - 2013-12-16 19:48 - 00033456 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys
2015-11-10 21:09 - 2013-12-10 12:29 - 01998104 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL
2015-11-10 21:09 - 2013-12-10 12:29 - 01727256 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL
2015-11-10 21:09 - 2013-11-01 12:21 - 27646720 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-11-10 21:09 - 2013-11-01 12:21 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-11-10 21:09 - 2013-11-01 12:21 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-11-10 21:09 - 2013-11-01 12:21 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-11-10 21:09 - 2013-10-11 20:46 - 00884400 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2015-11-10 21:09 - 2013-07-30 19:15 - 03322368 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2015-11-10 21:09 - 2013-07-22 17:40 - 00388096 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL
2015-11-10 21:09 - 2013-03-28 19:57 - 01845424 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2015-11-10 21:09 - 2012-12-11 21:01 - 00070776 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2015-11-10 21:09 - 2012-12-11 21:00 - 01161336 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2015-11-10 21:09 - 2012-12-11 21:00 - 00248952 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2015-11-10 21:09 - 2012-12-11 21:00 - 00123512 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2015-11-10 21:09 - 2012-12-11 21:00 - 00095352 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2015-11-10 21:09 - 2012-12-11 21:00 - 00092280 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2015-11-10 21:09 - 2012-12-11 21:00 - 00055416 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2015-11-10 21:09 - 2012-12-11 21:00 - 00027768 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2015-11-10 21:09 - 2011-12-15 16:16 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64H.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 07163744 _____ (Dolby Laboratories) C:\Windows\system32\EEP64A.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64H.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00433504 _____ (Dolby Laboratories) C:\Windows\system32\EED64A.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64H.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00137056 _____ (Dolby Laboratories) C:\Windows\system32\EEL64A.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64H.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\EEA64A.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64H.dll
2015-11-10 21:09 - 2011-12-15 16:16 - 00075104 _____ (Dolby Laboratories) C:\Windows\system32\EEG64A.dll
2015-11-10 21:09 - 2011-09-27 21:13 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL
2015-11-10 21:09 - 2011-09-27 21:13 - 00739328 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL
2015-11-10 21:09 - 2011-09-27 21:13 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL
2015-11-10 21:09 - 2011-09-27 21:13 - 00554496 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL
2015-11-10 21:09 - 2011-09-27 21:13 - 00057856 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL
2015-11-10 21:09 - 2010-10-26 21:54 - 00053760 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL
2015-11-10 21:08 - 2015-11-12 00:35 - 00000000 ____D C:\Users\John\AppData\Roaming\ClassicShell
2015-11-10 21:07 - 2015-11-10 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-11-10 21:07 - 2015-11-10 21:07 - 00000000 ____D C:\Program Files\Classic Shell
2015-11-10 20:55 - 2015-11-12 07:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-10 20:55 - 2015-11-10 20:55 - 00002149 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-11-10 20:55 - 2015-11-10 20:55 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-10 20:55 - 2015-11-10 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-10 20:55 - 2015-11-10 20:55 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-10 20:55 - 2015-11-10 20:55 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-11-10 20:55 - 2014-03-05 01:35 - 00062408 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-10 20:55 - 2014-03-05 01:35 - 00054216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-10 20:55 - 2014-03-05 00:06 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-10 20:55 - 2014-03-05 00:06 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-10 20:55 - 2014-03-05 00:05 - 03649185 _____ C:\Windows\system32\nvcoproc.bin
2015-11-10 20:55 - 2014-03-05 00:05 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-10 20:55 - 2014-03-05 00:05 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-10 20:55 - 2014-03-05 00:05 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-10 20:55 - 2014-03-04 22:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-10 20:54 - 2015-11-10 20:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-10 20:54 - 2015-11-10 20:54 - 00827226 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-10 20:54 - 2014-03-05 01:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-10 20:54 - 2014-03-05 01:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00484296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00409544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00377688 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-10 20:54 - 2014-03-05 01:35 - 00024544 _____ C:\Windows\system32\nvinfo.pb
2015-11-10 20:53 - 2015-11-10 20:53 - 00000000 ____D C:\Users\John\Desktop\VIA audio driver
2015-11-10 20:53 - 2015-11-10 20:53 - 00000000 ____D C:\Users\John\AppData\Roaming\Intel Corporation
2015-11-10 20:53 - 2015-04-05 19:56 - 00691912 _____ (Opera Software) C:\Users\John\Desktop\Opera_NI_stable.exe
2015-11-10 20:52 - 2015-11-10 20:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-10 20:38 - 2015-11-10 23:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2976532127-393094700-2450792652-1001
2015-11-10 20:37 - 2015-11-10 20:37 - 00000180 _____ C:\csb.log
2015-11-10 20:37 - 2015-11-10 20:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-11-10 20:37 - 2015-11-10 20:37 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-11-10 20:37 - 2015-11-10 20:37 - 00000000 ____D C:\VIA_XHCI
2015-11-10 20:37 - 2015-11-10 20:37 - 00000000 ____D C:\Program Files\GIGABYTE
2015-11-10 20:37 - 2015-11-10 20:37 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2015-11-10 20:37 - 2012-08-16 13:33 - 00645952 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-11-10 20:37 - 2012-07-19 20:21 - 00110744 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C63x64.sys
2015-11-10 20:37 - 2012-02-08 13:31 - 00008227 ____R C:\Windows\system32\Drivers\viahub3.cat
2015-11-10 20:37 - 2012-02-07 20:45 - 00008003 ____R C:\Windows\system32\Drivers\xhcdrv.cat
2015-11-10 20:37 - 2012-01-20 15:39 - 00254464 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\xhcdrv.sys
2015-11-10 20:37 - 2012-01-20 15:39 - 00205312 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\ViaHub3.sys
2015-11-10 20:37 - 2011-11-02 10:48 - 00021616 _____ C:\Windows\system32\Drivers\AppleCharger.sys
2015-11-10 20:37 - 2010-04-06 16:30 - 00031272 _____ C:\Windows\system32\AppleChargerSrv.exe
2015-11-10 20:37 - 2009-07-14 17:21 - 01721576 ____R (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2015-11-10 20:37 - 2009-07-14 17:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-11-10 20:36 - 2015-11-10 21:09 - 00001222 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2015-11-10 20:36 - 2015-11-10 20:36 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2015-11-10 20:36 - 2015-11-10 20:36 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2015-11-10 20:36 - 2015-11-10 20:36 - 00000000 ____D C:\Program Files (x86)\VIA
2015-11-10 20:36 - 2015-11-10 20:36 - 00000000 ____D C:\Program Files (x86)\Marvell
2015-11-10 20:36 - 2013-12-16 19:48 - 00691888 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2015-11-10 20:36 - 2012-06-28 19:54 - 00086016 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2015-11-10 20:36 - 2011-06-08 21:19 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2015-11-10 20:36 - 2007-04-11 18:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2015-11-10 20:35 - 2015-11-10 20:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-10 20:35 - 2015-11-10 20:37 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-10 20:35 - 2015-11-10 20:35 - 00000000 ____D C:\Users\John\AppData\Roaming\InstallShield
2015-11-10 20:35 - 2015-11-10 20:35 - 00000000 ____D C:\ProgramData\Intel
2015-11-10 20:35 - 2015-11-10 20:35 - 00000000 ____D C:\Program Files\Intel
2015-11-10 20:35 - 2015-11-10 20:35 - 00000000 ____D C:\Intel
2015-11-10 20:35 - 2012-07-04 13:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-11-10 20:35 - 2012-07-02 15:16 - 00062784 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2015-11-10 20:35 - 2012-06-25 10:42 - 00015168 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2015-11-10 20:34 - 2015-11-10 20:34 - 00000010 _____ C:\Windows\GSetup.ini
2015-11-10 20:34 - 2009-08-27 18:04 - 00207400 ____R () C:\Windows\GSetup.exe
2015-11-10 20:33 - 2015-11-10 20:33 - 00001442 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-10 20:33 - 2015-11-10 20:33 - 00000020 ___SH C:\Users\John\ntuser.ini
2015-11-10 20:33 - 2015-11-10 20:33 - 00000000 ____D C:\Users\John\AppData\Roaming\Adobe
2015-11-10 20:33 - 2015-11-10 20:33 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2015-11-10 20:33 - 2015-11-10 20:33 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2015-11-10 20:33 - 2015-11-10 20:33 - 00000000 ____D C:\Users\John
2015-11-10 20:33 - 2014-11-22 16:25 - 00000000 ___RD C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-10 20:33 - 2014-11-22 16:25 - 00000000 ___RD C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-10 20:33 - 2014-11-22 16:25 - 00000000 ___RD C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-10 20:33 - 2014-11-22 12:02 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-11-10 20:33 - 2014-11-22 12:02 - 00000369 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-11-10 20:33 - 2013-08-23 02:36 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-10 19:01 - 2015-11-10 19:01 - 00000000 __SHD C:\Recovery

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 07:16 - 2014-11-22 12:01 - 00820548 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-12 07:12 - 2013-08-23 01:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 00:00 - 2013-08-23 02:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-11 06:00 - 2013-08-23 02:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-11-10 23:17 - 2013-08-23 00:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-10 22:23 - 2013-08-23 02:36 - 00000000 ____D C:\Windows\tracing
2015-11-10 20:55 - 2013-08-23 02:36 - 00000000 ____D C:\Windows\Help
2015-11-10 20:38 - 2013-08-23 02:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-10 20:35 - 2013-08-23 02:36 - 00000000 ____D C:\Windows\system32\restore
2015-11-10 20:35 - 2013-08-23 02:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-10 19:01 - 2013-08-23 02:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-11-10 19:01 - 2013-08-23 00:36 - 00000000 __RHD C:\Users\Default

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 19:01

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by John (2015-11-12 07:35:23)
Running from C:\Users\John\Downloads
Windows 8.1 (X64) (2015-11-10 09:33:0Cool
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2976532127-393094700-2450792652-500 - Administrator - Disabled)
Guest (S-1-5-21-2976532127-393094700-2450792652-501 - Limited - Disabled)
John (S-1-5-21-2976532127-393094700-2450792652-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 33.0.1990.58 (HKLM-x32\...\Opera 33.0.1990.5Cool (Version: 33.0.1990.58 - Opera Software)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 5.13.1 - PureVPN)
Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
qBittorrent 3.2.5 (HKLM-x32\...\qBittorrent) (Version: 3.2.5 - The qBittorrent project)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
ZoneAlarm Firewall (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.0.522.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

10-11-2015 20:35:53 Installed Platform

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-23 00:25 - 2013-08-23 00:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {A136DC4A-1892-4621-A532-C608037207F1} - System32\Tasks\Opera scheduled Autoupdate 1447150341 => C:\Program Files (x86)\Opera\launcher.exe [2015-10-31] (Opera Software)
Task: {A1E3AB3E-EF86-484E-8320-88CF716E2F08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-20] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-11-10 20:55 - 2014-03-05 00:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-10 21:09 - 2012-11-14 18:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-11-10 21:09 - 2012-11-14 18:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-11-10 22:21 - 2015-10-13 16:32 - 02494592 _____ () C:\Program Files (x86)\PureVPN\purevpn.exe
2015-11-10 21:12 - 2015-10-31 00:06 - 60735608 _____ () C:\Program Files (x86)\Opera\33.0.1990.58\opera.dll
2015-11-10 21:12 - 2015-10-31 00:05 - 01919608 _____ () C:\Program Files (x86)\Opera\33.0.1990.58\libglesv2.dll
2015-11-10 21:12 - 2015-10-31 00:05 - 00081528 _____ () C:\Program Files (x86)\Opera\33.0.1990.58\libegl.dll
2015-11-10 20:37 - 2015-11-10 20:37 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\aff3455c2babb61a57f50a484284a7a2\PSIClient.ni.dll
2015-11-10 20:35 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2976532127-393094700-2450792652-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41857001-0416-4EF8-B6D1-F66BE743F76F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B3D6F947-63EC-4026-80A7-210DD808D3F6}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{32179B27-7487-44AD-9956-C9CADC4C8850}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1011DCFB-A4D4-48B1-9E1E-51AF7BDDF025}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{05B9A2CA-38DF-44C3-A3A9-996D2FA3BBA1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3FBE3F6-4639-4B86-B21D-B5D3460F287B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{610BBB4B-5A2A-4CB3-A379-F867E7753B53}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{1E162538-E096-4AD5-A208-D26C71700A26}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2015 07:12:44 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialised.

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/12/2015 07:12:44 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialised.

Context: Windows Application

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/12/2015 07:12:44 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialised.

Context: Windows Application, SystemIndex Catalogue

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/12/2015 07:12:44 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialised.

Context: Windows Application, SystemIndex Catalogue

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (11/12/2015 07:12:44 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialised.

Context: Windows Application

Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (11/12/2015 07:12:44 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalogue is corrupt. 0xc0041801 (0xc0041801)

Error: (11/12/2015 07:12:44 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
0x8e5e0210 (0x8e5e0210)

Error: (11/12/2015 07:12:44 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (3276) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00017.log.

Error: (11/10/2015 09:10:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=9a8645c4-8908-49bb-8eec-6671a533b17a;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (11/10/2015 09:10:46 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0x80072EE7
Sku Id=9a8645c4-8908-49bb-8eec-6671a533b17a


System errors:
=============
Error: (11/12/2015 07:12:49 AM) (Source: DCOM) (EventID: 10005) (User: Lounge)
Description: 1053WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/12/2015 07:12:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (11/12/2015 07:12:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (11/12/2015 07:12:49 AM) (Source: DCOM) (EventID: 10005) (User: Lounge)
Description: 1053WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/12/2015 07:12:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (11/12/2015 07:12:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (11/12/2015 07:12:49 AM) (Source: DCOM) (EventID: 10005) (User: Lounge)
Description: 1053WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/12/2015 07:12:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (11/12/2015 07:12:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (11/12/2015 07:12:49 AM) (Source: DCOM) (EventID: 10005) (User: Lounge)
Description: 1053WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8152.03 MB
Available physical RAM: 6359.73 MB
Total Virtual: 16344.03 MB
Available Virtual: 14082.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.27 GB) (Free:80.84 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 931.5 GB) (Disk ID: 6030F803)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 6030F81B)

Partition: GPT.

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Wed Nov 11, 2015 2:40 pm    Post subject: Reply with quote

Nothing of any real concern showing in the logs you've posted.

You might try uninstalling the following programs and see if they have any effect on your symptoms.

qBittorrent 3.2.5
PureVPN
ZoneAlarm Free Firewall

Use of any P2P/torrent programs is never a good idea, since they are the most frequently used conduit for transferring infections. Most security forums (ourselves included) will strongly recommend people to uninstall them.

VPN and Firewalls are more tightly integrated into an OS than most other programs, so when I see unusual and unexplained behaviour from a computer with no apparent malware, then it's worth seeing if removing them has any effect. They can always be re-installed if the symptoms do not disappear.

Caution .... once you've uninstalled ZA, be sure to enable Windows built in Firewall before connecting to the internet.

To be honest, I've no real confidence that what I've suggested will resolve your problems, but they're worth a shot.

I think it's much more likely that your problems are hardware related, but that's beyond the scope of this forum.

I can recommend sites that specialise in that kind of help if you wish.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat Nov 14, 2015 8:17 am    Post subject: Reply with quote

Quote:
Due to lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with Spyware Removal forum, post a new log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group