Too much time to shut down and power on

NullPointerException

Level 12
Thread author
Verified
Aug 25, 2014
580
I have described most of the details above. Any help is appreciated. I do not think it's malware or so, but still I think it's a software/hardware problems.
 

NullPointerException

Level 12
Thread author
Verified
Aug 25, 2014
580
I really doubt I was RATed or so. Or that BibleGateway had an exploit in it. But still here's the log.

(I DID find a strange cryptography string in registry but I deleted it with no results.)
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by Shade at 2015-05-10 16:47:28
Running from C:\Users\Shade\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

102 (S-1-5-21-3171145056-229118582-1774830325-1008 - Limited - Enabled) => C:\Users\102 // An account I created.
Administrator (S-1-5-21-3171145056-229118582-1774830325-500 - Administrator - Disabled)
Guest (S-1-5-21-3171145056-229118582-1774830325-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3171145056-229118582-1774830325-1003 - Limited - Enabled)
newadmin (S-1-5-21-3171145056-229118582-1774830325-1011 - Limited - Enabled) => C:\Users\newadmin // note, it's an account I created.
Shade (S-1-5-21-3171145056-229118582-1774830325-1010 - Administrator - Enabled) => C:\Users\Shade
UpdatusUser (S-1-5-21-3171145056-229118582-1774830325-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Minimal SYStem 1.0.10" (HKLM\...\MSYS-1.0_is1) (Version: 1.0.10 - MinGW)
µTorrent (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Apache Tomcat 8.0.15 (HKLM\...\nbi-tomcat-8.0.15.0.0) (Version: - )
Auslogics Disk Defrag Professional (HKLM\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.4.3.0 - Auslogics Software Pty Ltd)
BitTorrent (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
BOSS (HKLM\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Build Tools - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
EPUB File Reader (HKLM\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
ESET Smart Security (HKLM\...\{9EBF258F-F8BC-4FC2-8F9F-07D55B2157C5}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Fallout (HKLM\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.10 - GOG.com)
Fallout 3 Game of the Year Edition - DLCs (HKLM\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version: - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version: - Bethesda Softworks)
Fallout Mod Manager 0.13.21 (HKLM\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout New Vegas (HKLM\...\Fallout New Vegas_is1) (Version: - )
Fiddler (HKLM\...\Fiddler2) (Version: 4.4.8.0 - Telerik)
Five Nights at Freddy's (HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Five Nights at Freddy's) (Version: - )
GetGo Download Manager (HKLM\...\GetGoSoft_GetGoDM) (Version: 5.1.0.2224 - GetGo Software Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
IDA Demo v6.6 (HKLM\...\IDA Demo_is1) (Version: - Hex-Rays SA)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) // I know it's out of date and all...
Java 8 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
KC Softwares KCleaner (HKLM\...\KC Softwares KCleaner_is1) (Version: - KC Softwares)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
LOOT (HKLM\...\LOOT) (Version: 0.6.1 - LOOT Development Team)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Python 3.4.0 (HKLM\...\{a37f2d73-72d1-364d-ba5d-cea430bcc040}) (Version: 3.4.150 - Python Software Foundation)
PythonScript plugin for Notepad++ (HKLM\...\{5DCB60E0-AD70-4DEE-8E29-4475C3822101}) (Version: 1.0.2.0 - Dave Brotherstone)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Skyrim Performance Monitor (HKLM\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.66 - SirGarnon on Skyrim Nexus)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
SlimPDF Reader 1.0 (HKLM\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
System Requirements Lab CYRI (HKLM\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
The Elder Scrolls III Morrowind GOTY version 0.0.0.9 (HKLM\...\The Elder Scrolls III Morrowind GOTY_is1) (Version: 0.0.0.9 -
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wrye Bash (HKLM\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3171145056-229118582-1774830325-1010_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Shade\AppData\Local\Temp\FBD0.exe No File

==================== Restore Points =========================

03-03-2015 01:27:00 Scheduled Checkpoint
13-03-2015 00:13:49 Scheduled Checkpoint
22-03-2015 13:24:23 Scheduled Checkpoint
04-04-2015 13:58:13 Windows Modules Installer
06-04-2015 16:23:58 Installed Cepstral David 6.2.3
12-04-2015 15:26:19 Removed Cepstral David 6.2.3
16-04-2015 01:29:12 Windows Update
09-05-2015 01:51:44 Latest update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 09:47 - 2014-10-30 20:26 - 00000762 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0994A8BD-36B2-4E55-BF69-9953AE90EF0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {2B37DD35-6A62-4CA8-B194-C63EC2BE6917} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {2F94EC75-BFD1-42A1-BB83-75B9065F7AC2} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-8761-435E-9AAA-08063F7EB902} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics)
Task: {3D2775ED-46C4-4BAB-B88D-450230BB7DB7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {4CD43CFB-DBD6-40FC-9B27-8C8FFC7C3324} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe
Task: {74AE7DFC-B763-4918-8A68-F11924E1804C} - System32\Tasks\GoogleUpdateTaskMachineUA1d041d4114642d5 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {7735AEB2-0ED4-41A7-B68F-6593233FD40C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18] (Adobe Systems Incorporated)
Task: {914BA061-D948-4B3B-B037-134770298143} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-FD06-4FA3-B740-491EBD1F0DE5} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics)
Task: {9A128BFD-F83C-4929-8EA6-A4ABAABC388D} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-091D-489A-AF07-4211AF51C362} for Shade => D:\Disk Defrag Professional\DiskDefragPro.exe [2014-11-13] (Auslogics)
Task: {C9902214-0F35-4805-AD84-E70E394F6480} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {CBAAA410-11DC-41F6-9280-9B556E98BD26} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-02-03] (@ByELDI)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d041d4114642d5.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe6C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-24 08:34 - 2013-10-23 12:49 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-04-25 00:15 - 2015-03-10 12:07 - 00775680 _____ () D:\Steam\SDL2.dll
2015-04-25 00:15 - 2014-12-02 05:59 - 05002752 _____ () D:\Steam\v8.dll
2015-04-25 00:15 - 2015-04-14 05:14 - 02371776 _____ () D:\Steam\video.dll
2015-04-25 00:15 - 2014-12-02 05:59 - 01612800 _____ () D:\Steam\icui18n.dll
2015-04-25 00:15 - 2014-12-02 05:59 - 01210368 _____ () D:\Steam\icuuc.dll
2015-04-25 00:15 - 2014-12-02 03:01 - 02396672 _____ () D:\Steam\libavcodec-56.dll
2015-04-25 00:15 - 2014-12-02 03:01 - 00479744 _____ () D:\Steam\libavformat-56.dll
2015-04-25 00:15 - 2014-12-02 03:01 - 00332800 _____ () D:\Steam\libavresample-2.dll
2015-04-25 00:15 - 2014-12-02 03:01 - 00442880 _____ () D:\Steam\libavutil-54.dll
2015-04-25 00:15 - 2014-12-02 03:01 - 00485888 _____ () D:\Steam\libswscale-3.dll
2015-04-25 00:16 - 2015-04-14 05:14 - 00702656 _____ () D:\Steam\bin\chromehtml.DLL
2015-04-25 00:16 - 2015-02-25 07:28 - 34641288 _____ () D:\Steam\bin\libcef.dll
2015-04-25 00:16 - 2015-02-25 07:28 - 01709960 _____ () D:\Steam\bin\ffmpegsumo.dll
2015-04-30 21:30 - 2015-04-28 07:37 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 21:30 - 2015-04-28 07:37 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 21:30 - 2015-04-28 07:37 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
/* Nothing much interested below */

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" // I know little of this.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3171145056-229118582-1774830325-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\Shade\Documents\lulz-security.jpg /* nothing ; just an image.... */
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run: => "Malwarebytes Anti-Exploit"
HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\StartupApproved\StartupFolder: => "MagicDisc.lnk"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe // I know very little Windows 8, what is this?
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe // And this
FirewallRules: [{D1D44427-8759-4514-99B7-EC4BA6A33F87}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{99EB83FA-56E7-44F8-AE13-28D44B4CB4EF}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4F53B02D-FE77-4534-B09F-515EAC82D793}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BF03A5BA-D4DF-49F7-A622-00DF3C7B5943}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{445D1F3C-9152-4F83-B9F0-E2E641AB70CE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

// THIS is interesting.I can't read this really.
Error: (05/10/2015 11:18:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (05/09/2015 09:41:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2388) An attempt to open the file "C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/09/2015 09:41:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (05/09/2015 08:35:21 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (5048) An attempt to open the file "C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (05/09/2015 08:34:56 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (05/09/2015 00:49:09 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (05/07/2015 00:57:29 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (05/05/2015 00:26:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 390

Start Time: 01d0869bbcd5c2d2

Termination Time: 41

Application Path: C:\Windows\explorer.exe

Report Id: 112b35d0-f28f-11e4-b138-002421e6a1ab

Faulting package full name:

Faulting package-relative application ID:

Error: (05/02/2015 09:28:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error: (05/01/2015 05:47:49 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.


System errors:
=============
Error: (05/10/2015 00:37:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (05/10/2015 00:26:43 PM) (Source: DCOM) (EventID: 10010) (User: Linux)
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (05/10/2015 00:24:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:41:53 AM on ‎5/‎10/‎2015 was unexpected.

Error: (05/10/2015 11:17:57 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (05/09/2015 10:23:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (05/09/2015 09:40:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (05/09/2015 08:35:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (05/09/2015 02:28:21 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (05/09/2015 01:19:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/09/2015 01:19:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (05/10/2015 11:18:13 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (05/09/2015 09:41:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2388C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (05/09/2015 09:41:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (05/09/2015 08:35:21 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex5048C:\Users\Shade\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (05/09/2015 08:34:56 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (05/09/2015 00:49:09 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (05/07/2015 00:57:29 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description:

Error: (05/05/2015 00:26:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.2.9200.1662839001d0869bbcd5c2d241C:\Windows\explorer.exe112b35d0-f28f-11e4-b138-002421e6a1ab

Error: (05/02/2015 09:28:47 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (05/01/2015 05:47:49 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description:


CodeIntegrity Errors:
===================================
Date: 2014-12-01 11:31:39.792
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-12-01 11:31:39.605
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-12-01 11:31:39.277
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-12-01 11:31:35.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-12-01 11:31:34.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-12-01 11:31:30.339
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-12-01 11:31:28.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-11-29 12:01:14.600
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-11-29 12:01:13.693
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.

Date: 2014-11-29 12:01:08.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info ===========================

// Not really relevant so removed.

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:15.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Shade (administrator) on LINUX on 10-05-2015 16:54:37
Running from C:\Users\Shade\Downloads
Loaded Profiles: Shade (Available profiles: UpdatusUser & 102 & Shade & newadmin & Guest)
Platform: Microsoft Windows 8 Pro (X86) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Foxit Corporation) D:\Almost ALl Softwares\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Krzysztof Kowalczyk) C:\Program Files\SumatraPDF\SumatraPDF.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Shell] C:\Windows\explorer.exe, c:\windows\system32\explorer.exe [x ] ()
HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2124360 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3171145056-229118582-1774830325-1010\...\Run: [Steam] => D:\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-02-22]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-02-22]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2014-06-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3171145056-229118582-1774830325-1010\Software\Microsoft\Internet Explorer\Main,Start Page = http://jbh/
BHO: GetGo URLCatch -> {0315AA2C-10C7-4504-A1C4-F552ABA8A095} -> C:\Program Files\GetGo Software\GetGo Download Manager\URLCatch.dll [2014-09-22] (GetGo Software)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-07-19] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2014-02-22] (LastPass)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-07-19] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2014-02-22] (LastPass)
Toolbar: HKLM - GetGo Toolbar - {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll [2014-09-22] (GetGo Software)
Toolbar: HKU\S-1-5-21-3171145056-229118582-1774830325-1010 -> GetGo Toolbar - {075BBE29-FEC0-404A-A459-FF58713616FA} - C:\Program Files\GetGo Software\GetGo Download Manager\GGToolBand.dll [2014-09-22] (GetGo Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84F4B37D-668D-4506-ABB1-70FA9D5696E0}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-06-18] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Almost ALl Softwares\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Almost ALl Softwares\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-07-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-07-19] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass.dll [2014-02-22] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\searchplugins\duckduckgo.xml [2014-01-15]
FF Extension: Xmarks - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\foxmarks@kei.com [2014-04-06]
FF Extension: LastPass - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\support@lastpass.com [2014-04-06]
FF Extension: WOT - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-06]
FF Extension: ImageBlock - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\imageblock@hemantvats.com.xpi [2014-04-06]
FF Extension: DuckDuckGo Plus - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-06]
FF Extension: NoScript - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-06]
FF Extension: SEO Global For Google Search™ - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2014-04-06]
FF Extension: Adblock Plus - C:\Users\Shade\AppData\Roaming\Mozilla\Firefox\Profiles\hjnw3cpq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]
FF HKLM\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files\Fiddler2\FiddlerHook [2014-05-28]
FF HKLM\...\Firefox\Extensions: [{0DB87752-EDD2-4ddf-8AE4-A020088EF267}] - C:\Program Files\GetGo Software\GetGo Download Manager\GGMoz
FF Extension: GetGo Firefox Addon - C:\Program Files\GetGo Software\GetGo Download Manager\GGMoz [2014-10-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (uBlock Origin) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-09]
CHR Extension: (Bookmark Manager) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-09]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-05-09]
CHR Extension: (Google Wallet) - C:\Users\Shade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)
R2 FoxitCloudUpdateService; D:\Almost ALl Softwares\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [971968 2015-02-03] (@ByELDI) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-01-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [190368 2014-08-18] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [176448 2014-08-18] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [37928 2014-08-18] (ESET)
R0 epfwwfp; C:\WINDOWS\System32\DRIVERS\epfwwfp.sys [51288 2014-09-18] (ESET)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\drivers\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 MWAC; \??\C:\WINDOWS\system32\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [26208 2013-12-29] (SoftEther Project at University of Tsukuba, Japan.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2014-06-20] (Duplex Secure Ltd.)
R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S3 etvspanx; No ImagePath
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [52224 2012-07-26] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 16:54 - 2015-05-10 16:54 - 00014926 _____ () C:\Users\Shade\Downloads\FRST.txt
2015-05-10 16:47 - 2015-05-10 16:48 - 00028885 _____ () C:\Users\Shade\Downloads\Addition.txt
2015-05-10 16:45 - 2015-05-10 16:45 - 01141248 _____ (Farbar) C:\Users\Shade\Downloads\FRST.exe
2015-05-09 12:48 - 2015-05-09 12:48 - 00245248 _____ ([Fix-KB]) C:\Users\Shade\Downloads\DriveTidy.exe
2015-05-09 12:46 - 2015-05-09 12:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-09 12:46 - 2015-05-09 12:46 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-09 12:39 - 2015-05-09 12:44 - 16937048 _____ () C:\Users\Shade\Downloads\RogueKiller.exe
2015-05-09 12:39 - 2015-05-09 12:39 - 00243304 _____ () C:\Users\Shade\Downloads\Firefox Setup Stub 37.0.2.exe
2015-05-07 23:30 - 2015-05-07 23:30 - 00880272 _____ () C:\Users\Shade\Downloads\5183832.zip
2015-05-07 23:26 - 2015-05-07 23:28 - 08506106 _____ () C:\Users\Shade\Downloads\7467829 (1).zip
2015-05-07 23:22 - 2015-05-07 23:24 - 08506106 _____ () C:\Users\Shade\Downloads\7467829.zip
2015-05-07 23:13 - 2015-05-07 23:19 - 21204171 _____ () C:\Users\Shade\Downloads\9347966.zip
2015-05-07 22:49 - 2015-05-07 22:50 - 02998091 _____ () C:\Users\Shade\Downloads\8009311.zip
2015-05-05 00:49 - 2015-05-05 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-05 00:39 - 2015-05-05 00:41 - 03020968 _____ (Malwarebytes ) C:\Users\Shade\Downloads\mbae-setup-1.06.1.1019.exe
2015-05-04 20:21 - 2015-05-04 20:27 - 12618962 _____ () C:\Users\Shade\Downloads\6776237.rar
2015-05-04 20:21 - 2015-05-04 20:22 - 01464992 _____ () C:\Users\Shade\Downloads\4582693.zip
2015-05-04 20:18 - 2015-05-04 20:20 - 04992936 _____ () C:\Users\Shade\Downloads\3213950.zip
2015-05-04 20:15 - 2015-05-04 20:16 - 03360391 _____ () C:\Users\Shade\Downloads\7736572.zip
2015-05-04 20:15 - 2015-05-04 20:16 - 01505316 _____ () C:\Users\Shade\Downloads\9749772.rar
2015-05-04 20:15 - 2015-05-04 20:16 - 01243120 _____ () C:\Users\Shade\Downloads\8107830.rar
2015-05-04 20:13 - 2015-05-04 20:14 - 01901219 _____ () C:\Users\Shade\Downloads\6423029.rar
2015-05-04 20:10 - 2015-05-04 20:13 - 07542958 _____ () C:\Users\Shade\Downloads\997702.rar
2015-05-04 20:04 - 2015-05-04 20:09 - 10788824 _____ () C:\Users\Shade\Downloads\585658.zip
2015-05-04 19:54 - 2015-05-04 19:54 - 01118286 _____ () C:\Users\Shade\Downloads\8372739.rar
2015-05-04 19:46 - 2015-05-04 19:55 - 19729113 _____ () C:\Users\Shade\Downloads\4373875.zip
2015-05-04 19:23 - 2015-05-04 19:23 - 01026210 _____ () C:\Users\Shade\Downloads\1525597.zip
2015-05-04 19:15 - 2015-05-04 19:21 - 12943932 _____ () C:\Users\Shade\Downloads\8211324.zip
2015-05-04 18:33 - 2015-05-04 18:43 - 18376482 _____ () C:\Users\Shade\Downloads\4543353.zip
2015-05-04 01:52 - 2015-05-04 01:52 - 00000000 ____D () C:\Users\102\AppData\Local\CyberGhost
2015-05-03 23:16 - 2015-05-03 23:17 - 02090410 _____ () C:\Users\Shade\Downloads\5853680.zip
2015-05-02 14:02 - 2015-05-10 16:54 - 00000000 ____D () C:\FRST
2015-05-01 18:15 - 2015-05-01 18:24 - 10568854 _____ () C:\Users\Shade\Downloads\2523063.zip
2015-05-01 18:14 - 2015-05-01 18:14 - 00496811 _____ () C:\Users\Shade\Downloads\7681690.zip
2015-04-30 11:59 - 2015-04-30 11:59 - 00000199 _____ () C:\Users\Shade\Desktop\Dota 2.url
2015-04-29 23:06 - 2015-04-29 23:44 - 75108964 _____ () C:\Users\Shade\Downloads\TCP-IP 1-3.rar
2015-04-29 22:59 - 2015-04-29 23:05 - 10528829 _____ () C:\Users\Shade\Downloads\8545190 (1).rar
2015-04-29 22:50 - 2015-04-29 22:52 - 02461595 _____ () C:\Users\Shade\Downloads\9475366.rar
2015-04-29 22:40 - 2015-04-29 22:42 - 02611205 _____ () C:\Users\Shade\Downloads\4955320.rar
2015-04-29 22:30 - 2015-04-29 22:31 - 01585959 _____ () C:\Users\Shade\Downloads\1168073.zip
2015-04-29 22:26 - 2015-04-29 22:27 - 02680872 _____ () C:\Users\Shade\Downloads\8975653.rar
2015-04-29 22:25 - 2015-04-29 22:29 - 06363607 _____ () C:\Users\Shade\Downloads\2216738.rar
2015-04-28 01:10 - 2015-04-28 01:10 - 10266810 _____ () C:\Users\102\Downloads\bloomberg.xap
2015-04-28 00:03 - 2015-04-28 00:08 - 11653280 _____ () C:\Users\Shade\Downloads\Game_Engine_Architecture.pdf.crdownload
2015-04-27 20:47 - 2015-04-27 20:49 - 02907680 _____ () C:\Users\Shade\Downloads\9851083.rar
2015-04-27 20:24 - 2015-04-27 20:26 - 02937097 _____ () C:\Users\Shade\Downloads\3641627.zip
2015-04-27 20:22 - 2015-04-27 20:23 - 01463325 _____ () C:\Users\Shade\Downloads\3791426 (1).rar
2015-04-27 19:43 - 2015-04-27 20:07 - 26639952 _____ () C:\Users\Shade\Downloads\2289477.zip
2015-04-27 19:16 - 2015-04-27 19:29 - 05531120 _____ () C:\Users\Shade\Downloads\5709734.zip
2015-04-27 18:46 - 2015-05-06 11:05 - 00000017 _____ () C:\Users\102\Desktop\download.htm
2015-04-27 16:27 - 2015-04-27 16:30 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (7).exe
2015-04-27 16:26 - 2015-04-27 16:29 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (6).exe
2015-04-27 16:12 - 2015-04-27 16:12 - 00243304 _____ () C:\Users\102\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-27 15:55 - 2015-04-27 15:55 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup (2).exe
2015-04-27 15:54 - 2015-04-27 15:54 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup (1).exe
2015-04-27 13:39 - 2015-04-27 13:40 - 00880208 _____ (Google Inc.) C:\Users\102\Downloads\ChromeSetup.exe
2015-04-26 23:36 - 2015-04-26 23:46 - 17442080 _____ () C:\Users\Shade\Downloads\6824531.zip
2015-04-26 23:33 - 2015-04-26 23:33 - 01463325 _____ () C:\Users\Shade\Downloads\3791426.rar
2015-04-26 23:05 - 2015-04-26 23:32 - 50916235 _____ () C:\Users\Shade\Downloads\Rootkit_Arsenal Complete.zip
2015-04-26 22:12 - 2015-04-26 22:13 - 03666369 _____ () C:\Users\Shade\Downloads\3665826.rar
2015-04-26 21:56 - 2015-04-26 22:09 - 24028100 _____ () C:\Users\Shade\Downloads\9172544.rar
2015-04-26 21:55 - 2015-04-26 21:56 - 01661927 _____ () C:\Users\Shade\Downloads\1164480.zip
2015-04-26 14:42 - 2015-04-26 14:45 - 02184160 _____ () C:\Users\Shade\Downloads\Unconfirmed 610891.crdownload
2015-04-26 14:42 - 2015-04-26 14:43 - 01168193 _____ () C:\Users\Shade\Downloads\6941919.zip
2015-04-26 14:35 - 2015-04-26 14:41 - 06621030 _____ () C:\Users\Shade\Downloads\4356861.rar
2015-04-26 12:40 - 2015-04-26 12:41 - 00508640 _____ () C:\Users\Shade\Downloads\Unconfirmed 256089.crdownload
2015-04-26 12:38 - 2015-04-26 12:41 - 08708997 _____ () C:\Users\Shade\Downloads\Unconfirmed 512035.crdownload
2015-04-26 12:32 - 2015-04-26 12:33 - 03250022 _____ () C:\Users\Shade\Downloads\6546265.zip
2015-04-26 12:26 - 2015-04-26 12:30 - 07263070 _____ () C:\Users\Shade\Downloads\8859378.zip
2015-04-26 12:26 - 2015-04-26 12:29 - 05405401 _____ () C:\Users\Shade\Downloads\3114960.rar
2015-04-26 12:11 - 2015-04-26 12:16 - 10170290 _____ () C:\Users\Shade\Downloads\2270940.rar
2015-04-26 12:11 - 2015-04-26 12:16 - 10103303 _____ () C:\Users\Shade\Downloads\4431890.zip
2015-04-26 12:08 - 2015-04-26 12:10 - 06643947 _____ () C:\Users\Shade\Downloads\2398862.zip
2015-04-26 12:06 - 2015-04-26 12:08 - 03478881 _____ () C:\Users\Shade\Downloads\6756800.zip
2015-04-26 12:05 - 2015-04-26 12:07 - 04545672 _____ () C:\Users\Shade\Downloads\7247648.zip
2015-04-26 00:47 - 2015-04-26 00:49 - 10109071 _____ () C:\Users\Shade\Downloads\2220215.zip
2015-04-26 00:42 - 2015-04-26 00:45 - 10528829 _____ () C:\Users\Shade\Downloads\8545190.rar
2015-04-26 00:17 - 2015-04-26 00:23 - 19498908 _____ () C:\Users\Shade\Downloads\3835377.rar
2015-04-26 00:04 - 2015-04-26 00:04 - 00287646 _____ () C:\Users\Shade\Downloads\5411382.rar
2015-04-25 23:16 - 2015-04-25 23:18 - 02218755 _____ () C:\Users\Shade\Downloads\1860766.rar
2015-04-25 01:05 - 2015-04-25 01:05 - 00000199 _____ () C:\Users\Shade\Desktop\Team Fortress 2.url
2015-04-25 00:12 - 2015-04-25 00:12 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 00:12 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-25 00:12 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-25 00:12 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-24 14:48 - 2015-04-24 14:51 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (5).exe
2015-04-23 14:02 - 2015-04-23 14:04 - 00000277 _____ () C:\Users\newadmin\Desktop\notifications.txt
2015-04-23 13:58 - 2015-04-23 13:58 - 00000000 ____H () C:\Users\newadmin\Documents\Default.rdp
2015-04-23 13:57 - 2015-04-23 13:57 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\ESET
2015-04-23 13:57 - 2015-04-23 13:57 - 00000000 ____D () C:\Users\newadmin\AppData\Local\ESET
2015-04-23 13:53 - 2015-04-23 13:53 - 00000000 ____D () C:\Users\newadmin\AppData\Local\Google
2015-04-23 13:52 - 2015-04-23 13:52 - 00001430 _____ () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-23 13:52 - 2015-04-23 13:52 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Adobe
2015-04-23 13:52 - 2015-04-23 13:52 - 00000000 ____D () C:\Users\newadmin\AppData\Local\VirtualStore
2015-04-23 13:51 - 2015-04-23 13:53 - 00000000 ____D () C:\Users\newadmin
2015-04-23 13:51 - 2015-04-23 13:51 - 00000020 ___SH () C:\Users\newadmin\ntuser.ini
2015-04-23 13:51 - 2015-04-20 22:27 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-23 13:51 - 2014-07-14 23:49 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-23 13:51 - 2014-04-09 12:49 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Macromedia
2015-04-23 13:51 - 2014-03-30 00:13 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\IObit
2015-04-23 13:51 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-23 13:51 - 2012-07-26 12:23 - 00000000 ____D () C:\Users\newadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-22 18:40 - 2015-04-28 01:11 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (4).exe
2015-04-22 18:22 - 2015-04-22 18:22 - 00000623 _____ () C:\Users\102\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fallou 3 New Vegas.lnk
2015-04-22 14:56 - 2015-04-22 14:56 - 00281584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-21 23:34 - 2015-04-21 23:34 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (3).exe
2015-04-21 14:17 - 2015-04-21 14:17 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (2).exe
2015-04-21 14:17 - 2015-04-21 14:17 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight (1).exe
2015-04-21 14:14 - 2015-04-21 14:15 - 06958304 _____ (Microsoft Corporation) C:\Users\102\Downloads\Silverlight.exe
2015-04-20 22:32 - 2015-04-14 03:37 - 00791520 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-20 22:32 - 2015-04-14 03:37 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-20 22:27 - 2015-04-20 22:27 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-16 10:15 - 2015-04-16 10:15 - 00000000 ____D () C:\Users\102\AppData\Local\Steam
2015-04-16 01:48 - 2015-01-09 10:33 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-04-16 01:48 - 2015-01-09 05:22 - 00478296 _____ () C:\WINDOWS\system32\locale.nls
2015-04-16 01:23 - 2015-03-10 09:19 - 14373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-16 01:23 - 2015-03-10 09:19 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-16 01:23 - 2015-03-10 09:19 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-16 01:23 - 2015-03-10 09:19 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-16 01:23 - 2015-03-10 09:19 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-16 01:23 - 2015-03-10 09:19 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-16 01:23 - 2015-03-10 09:19 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-16 01:23 - 2015-03-10 09:19 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-16 01:23 - 2015-03-10 09:18 - 13767680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-16 01:23 - 2015-02-21 11:01 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-04-16 01:23 - 2015-02-21 11:01 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-04-16 01:23 - 2015-02-21 11:01 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-16 01:23 - 2015-02-21 11:00 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-16 01:23 - 2015-02-21 11:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-16 01:23 - 2015-02-21 11:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-04-16 01:23 - 2015-02-21 11:00 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-04-16 01:23 - 2015-02-21 11:00 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-16 01:23 - 2015-02-21 11:00 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-04-16 01:23 - 2015-02-21 11:00 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-04-16 01:23 - 2015-02-21 11:00 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-04-16 01:23 - 2015-02-21 10:59 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-16 01:23 - 2015-02-21 10:59 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-16 01:23 - 2015-02-21 10:59 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-16 01:23 - 2015-02-21 10:39 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-04-16 01:23 - 2015-02-21 10:37 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2015-04-16 01:23 - 2015-02-21 10:12 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-04-16 01:15 - 2015-03-17 10:19 - 05570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-16 01:15 - 2015-03-06 11:18 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-16 01:15 - 2015-02-03 04:48 - 00493256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-16 01:15 - 2015-01-15 15:30 - 01026560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-04-16 01:15 - 2015-01-15 15:30 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2015-04-16 01:14 - 2015-03-17 10:15 - 01474000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-16 01:14 - 2015-01-15 14:39 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-04-16 01:12 - 2015-03-23 09:14 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-16 01:12 - 2015-03-23 09:14 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-16 01:12 - 2015-03-23 09:14 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-16 01:12 - 2015-03-23 09:13 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-16 01:12 - 2015-03-23 09:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-16 01:12 - 2015-03-23 09:13 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-16 01:12 - 2015-03-23 03:33 - 00896000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-16 01:12 - 2014-12-08 10:34 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-16 01:12 - 2014-12-03 07:17 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-16 01:09 - 2015-03-06 11:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-16 01:07 - 2015-01-31 15:27 - 00038392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-16 01:07 - 2015-01-31 08:45 - 00238304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-16 01:06 - 2015-03-04 10:54 - 00011105 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2015-04-16 01:06 - 2015-03-04 10:53 - 00449848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2015-04-16 01:06 - 2015-03-04 10:53 - 00413208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2015-04-16 01:06 - 2015-03-04 10:23 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-16 01:06 - 2015-03-04 10:23 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-16 01:05 - 2014-09-18 04:54 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-04-16 01:04 - 2015-01-29 11:49 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-16 01:03 - 2015-02-13 04:47 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-16 01:03 - 2015-01-24 10:30 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-16 01:02 - 2015-03-14 12:03 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-16 01:01 - 2015-02-20 13:40 - 00035328 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-16 01:01 - 2015-02-20 12:54 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-16 00:58 - 2015-02-24 12:41 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-16 00:58 - 2015-02-17 10:43 - 17561600 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-16 00:58 - 2015-01-24 10:30 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-16 00:58 - 2015-01-24 09:30 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-16 00:58 - 2014-12-18 12:32 - 00038720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-04-16 00:58 - 2014-12-18 11:50 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-04-16 00:58 - 2014-12-18 11:49 - 00683520 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-04-16 00:58 - 2014-12-18 11:49 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-04-16 00:58 - 2014-11-26 10:20 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-16 00:57 - 2015-02-26 09:27 - 03401728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-16 00:56 - 2015-03-04 10:52 - 00256832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-16 00:56 - 2015-03-04 10:22 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-16 00:56 - 2015-01-24 10:30 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-10 20:58 - 2015-04-10 20:58 - 00178923 _____ () C:\Users\Shade\Documents\231050

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 16:53 - 2014-06-18 21:41 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-10 16:48 - 2015-02-06 11:43 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 16:30 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-10 16:03 - 2014-08-30 16:03 - 01301673 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-10 16:03 - 2014-06-13 23:17 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-10 15:43 - 2015-02-06 11:43 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 15:43 - 2014-06-01 08:52 - 00000508 _____ () C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job
2015-05-10 15:43 - 2014-03-29 23:10 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 12:24 - 2013-12-24 08:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-10 12:24 - 2012-07-26 11:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-09 21:41 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-09 13:15 - 2015-04-04 14:28 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-09 12:53 - 2015-04-04 14:07 - 00000000 ____D () C:\Users\Shade\AppData\Local\Deployment
2015-05-09 01:51 - 2012-07-26 12:13 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-09 01:50 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-08 23:52 - 2015-01-24 00:22 - 00000000 ____D () C:\Users\Shade\Desktop\Programming
2015-05-06 23:18 - 2015-03-27 00:52 - 00000000 ____D () C:\Program Files\HxD
2015-05-05 00:49 - 2014-01-05 22:36 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-05-02 14:02 - 2014-07-19 19:30 - 00000000 ____D () C:\Users\102\Documents\Fiddler2
2015-04-30 13:50 - 2014-06-27 09:33 - 00000000 ____D () C:\The Elder Scrolls III Morrowind GOTY
2015-04-30 11:59 - 2014-04-06 14:58 - 00000000 ____D () C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-28 09:02 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-04-28 01:09 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-27 18:39 - 2014-07-31 17:20 - 00000000 ____D () C:\Oblivion Elder Scrolls
2015-04-27 18:39 - 2014-06-24 00:37 - 00000000 ____D () C:\Users\102\Documents\Nexus Mod Manager
2015-04-26 14:27 - 2013-12-24 00:46 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-26 14:25 - 2014-09-25 11:47 - 00009714 _____ () C:\WINDOWS\setupact.log
2015-04-25 14:53 - 2014-09-08 12:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-25 00:12 - 2014-09-08 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 00:04 - 2013-12-26 18:22 - 00000000 ____D () C:\Program Files\Steam
2015-04-22 16:45 - 2015-04-06 01:34 - 00001430 _____ () C:\Users\102\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-22 16:25 - 2015-04-04 14:02 - 00001430 _____ () C:\Users\Shade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-20 22:33 - 2014-04-06 14:40 - 00000000 ____D () C:\Users\Shade
2015-04-20 22:27 - 2014-07-14 23:49 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-20 22:27 - 2012-07-26 12:23 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-19 14:38 - 2014-12-27 14:44 - 00000000 ____D () C:\Users\Shade\Desktop\Shubham
2015-04-16 01:42 - 2014-07-19 19:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 17:46 - 2013-12-26 18:22 - 00000000 ____D () C:\Program Files\Common Files\Steam

==================== Files in the root of some directories =======

2014-01-27 14:04 - 2014-01-27 14:23 - 50053120 _____ () C:\Program Files\GUT73BA.tmp
2014-02-22 14:58 - 2014-02-22 14:58 - 11149312 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe
2015-03-23 18:14 - 2015-03-23 18:14 - 0003317 _____ () C:\Users\Shade\AppData\Local\recently-used.xbel
2014-04-23 17:54 - 2014-04-23 17:54 - 0007605 _____ () C:\Users\Shade\AppData\Local\Resmon.ResmonCfg
2014-04-11 15:05 - 2014-04-11 15:05 - 0000003 _____ () C:\Users\Shade\AppData\Local\updater.log
2014-04-11 15:05 - 2014-09-28 17:00 - 0000059 _____ () C:\Users\Shade\AppData\Local\UserProducts.xml

Some content of TEMP:
====================
C:\Users\Shade\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-09 21:43

==================== End Of Log ============================
 

NullPointerException

Level 12
Thread author
Verified
Aug 25, 2014
580
I did run it just a few hours ago but it took so long I emergency shut down my system. It was stuck at 33% (but I did notice the circle was spinning and that my disk was being written on) and I gladly did not lose any data. Is there any other good disk checking software?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top