Dantini
Members-
Posts
10 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
-
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
Okay well thanks heaps for helping me, i'll let you know if and when i resolve the issue! thanks for your time Gringo, have a good one. -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
Hey Gringo, I would like to say that i very much appreciate your help up to this point. I ran the ESET scanner and cleaned up my start up applications. The ESET scanner found no results of anything suspicious on my PC at all, yet the freezing is still a problem. this is one of the errors i get after windows 'explorer.exe' is the reason for the freezing. I also get a different error if 'firefox plugin container' is the reason for the freezing. I have also once had a problem with 'sqlite3.dll' - This is not a recurring issue, the main ones are firefox plugin container and explorer.exe Recap- the problem has been happening since i purchased the PC, so I am confident it is a problem with either the initial software or software i put on the PC right at the beginning. The error often occurs while using the key command 'alt+tab' Your assistance so far has had a positive effect on the general running and efficiency of my PC, but it has not really done much for the freezing issue. Do you think we could attack it from a different angle? I feel like the programs you are giving me are not really hitting the spot for this particular issue, despite being very useful for cleaning my PC in general. Don't get me wrong, I do very much appreciate your help and hope that we can eventually get to the bottom of this issue, I am only trying to help us resolve this issue more quickly. I am happy to continue using any programs you ask me to, apologies for the delayed response. Thanks - Dantini. -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
I Ran CC Cleaner but it didnt give me a log, i did run it though. Here is the log from hijack this Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:16:33 PM, on 20/08/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\puush\puush.exe C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\The Dantini\Downloads\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Alcatel Limo ModemListener] C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe start O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [uTorrent] "C:\Users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe O4 - HKCU\..\Run: [f.lux] "C:\Users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe" O4 - HKCU\..\Run: [smartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" /m O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: Alcatel Limo Modem Device Helper - Unknown owner - C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @oem10.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 9576 bytes Here is the log from the malware bytes program, it seemed to find no problems Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 20/08/2014 Scan Time: 6:25:09 PM Logfile: mwb logs.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.20.02 Rootkit Database: v2014.08.16.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: The Dantini Scan Type: Threat Scan Result: Completed Objects Scanned: 436759 Time Elapsed: 9 min, 51 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) The PC has still been freezing, but it is beginning to freeze less frequently. Hopefully we can get to the bottom of this together, thanks for your constant support. -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
7-Zip 9.20 Action! Adobe Flash Player 14 Plugin Adobe Reader XI Advanced SystemCare 7 Aion Apple Application Support Apple Software Update µTorrent Awesomenauts Battle.net Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Clownfish for Skype Counter-Strike: Global Offensive Counter-Strike: Source CyberLink PowerDVD 10 D3DX10 DAEMON Tools Lite Driver Booster f.lux Firefall GameRanger GIGABYTE Smart Recovery Generator 1.0.20130705 GIGABYTE Voice Search 2.6.0 Google Chrome Google Update Helper Guild Wars 2 Hearthstone Hotkey 8.0122 INet Intel® Management Engine Components Intel® Processor Graphics Intel® SDK for OpenCL - CPU Only Runtime Package IObit Uninstaller Java 7 Update 51 Java Auto Updater K-Lite Mega Codec Pack 5.4.4 League of Legends LOLReplay Malwarebytes Anti-Malware version 2.0.2.1012 Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Movie Maker Mozilla Firefox 30.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT Redists MSVCRT110 MSXML 4.0 SP3 Parser (KB2758694) NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst NCSOFT Game Launcher NVIDIA PhysX Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Localization Component osu! Path of Exile PCSX2 - Playstation 2 Emulator Photo Common Photo Gallery Platform puush REALTEK Bluetooth Driver Realtek Ethernet Controller Driver Realtek PCIE Card Reader REALTEK Wireless LAN Driver Robocraft RuneScape Launcher 1.2.3 Rust Skype™ 6.16 StarCraft II Steam Street Legal Racing Redline Super Hexagon Surfing Protection Trials Fusion Trine 2 Unturned Uplay Vegas Pro 11.0 VIA Platform Device Manager VLC media player 2.1.3 Warcraft III Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Xiph.Org Open Codecs 0.85.17777 XSplit Broadcaster -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
Report from combofix CFScript. ComboFix 14-08-17.01 - The Dantini 18/08/2014 8:24.2.8 - x64 Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.16309.14630 [GMT 10:00] Running from: c:\users\The Dantini\Downloads\ComboFix.exe Command switches used :: c:\users\The Dantini\Desktop\CFScript.txt AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2014-07-17 to 2014-08-17 ))))))))))))))))))))))))))))))) . . 2014-08-17 22:42 . 2014-08-17 22:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-08-17 22:42 . 2014-08-17 22:42 -------- d-----w- c:\users\The Dantini\AppData\Local\temp 2014-08-17 22:42 . 2014-08-17 22:42 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp 2014-08-17 22:42 . 2014-08-17 22:42 -------- d-----w- c:\users\Guest\AppData\Local\temp 2014-08-17 22:42 . 2014-08-17 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-17 22:42 . 2014-08-17 22:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2014-08-17 11:56 . 2014-08-17 11:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\offreg.dll 2014-08-17 03:39 . 2014-08-17 03:39 -------- d-----w- c:\windows\ERUNT 2014-08-16 03:55 . 2010-08-29 22:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-16 03:54 . 2014-08-17 03:35 -------- d-----w- C:\AdwCleaner 2014-08-14 21:47 . 2014-08-14 11:30 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-08-14 21:47 . 2014-08-14 11:30 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-08-12 14:58 . 2014-08-17 03:34 -------- d-----w- C:\FRST 2014-08-02 13:36 . 2014-08-02 13:36 -------- d-----w- c:\users\The Dantini\AppData\Local\Red 5 Studios 2014-08-02 13:35 . 2014-08-02 13:35 -------- d-----w- c:\program files (x86)\Xiph.Org 2014-08-01 06:22 . 2014-08-01 06:22 -------- d-----w- c:\program files (x86)\NCSOFT 2014-08-01 06:21 . 2014-08-01 06:21 -------- d-----w- c:\program files (x86)\NCWest 2014-07-30 06:06 . 2014-07-30 06:06 -------- d-----w- c:\users\The Dantini\AppData\Roaming\Trine2 2014-07-27 21:47 . 2014-07-28 05:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-27 21:47 . 2014-07-27 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-07-27 21:47 . 2014-05-11 21:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-07-27 21:47 . 2014-05-11 21:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-07-27 21:47 . 2014-05-11 21:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-07-27 13:17 . 2014-07-27 13:17 -------- d-----w- c:\program files (x86)\Clownfish 2014-07-27 13:11 . 2014-07-27 13:11 -------- d-----w- c:\programdata\Screaming Bee 2014-07-27 03:51 . 2014-08-03 10:11 -------- d-----w- c:\program files (x86)\Warcraft III 2014-07-27 01:45 . 2014-07-27 01:45 -------- d-----w- c:\program files\Warcraft III 2014-07-24 05:41 . 2014-07-24 05:42 -------- d-----w- c:\program files (x86)\puush 2014-07-20 04:34 . 2014-07-20 04:34 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2014-07-20 04:34 . 2014-07-20 04:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys 2014-07-20 04:34 . 2014-07-20 04:34 1287168 ----a-w- c:\windows\system32\schedsvc.dll 2014-07-20 04:33 . 2014-07-20 04:33 628024 ----a-w- c:\windows\system32\NotificationUI.exe 2014-07-20 04:32 . 2014-02-17 03:41 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2014-07-20 04:26 . 2014-07-20 04:26 -------- d-----w- c:\users\The Dantini\AppData\Roaming\ProductData 2014-07-20 04:25 . 2014-07-20 04:25 -------- d-----w- c:\programdata\ProductData 2014-07-20 04:25 . 2014-07-20 04:25 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-07-20 02:35 . 2014-07-27 21:47 -------- d-----w- c:\users\The Dantini\AppData\Roaming\Malwarebytes 2014-07-20 02:35 . 2014-07-27 21:47 -------- d-----w- c:\programdata\Malwarebytes 2014-07-20 02:34 . 2014-07-20 04:26 -------- d-----w- c:\programdata\IObit 2014-07-20 02:34 . 2014-07-20 04:25 -------- d-----w- c:\users\The Dantini\AppData\Roaming\IObit 2014-07-20 02:33 . 2014-07-20 04:25 -------- d-----w- c:\program files (x86)\IObit 2014-07-20 02:29 . 2014-07-20 02:29 -------- d-----w- c:\users\The Dantini\AppData\Local\ElevatedDiagnostics 2014-07-20 02:21 . 2014-07-20 02:21 -------- d-----w- c:\users\The Dantini\AppData\Local\Diagnostics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-17 04:40 . 2014-07-17 04:40 21656 ----a-w- c:\windows\system32\drivers\evolve.sys 2014-07-09 13:01 . 2013-12-20 01:22 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2014-07-04 19:53 . 2014-07-04 19:53 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2014-07-01 10:09 . 2014-07-15 10:18 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\mpengine.dll 2014-06-26 07:40 . 2013-12-22 00:02 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-06-17 23:27 . 2014-07-15 10:17 1440256 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-17 23:24 . 2014-07-15 10:17 1557504 ----a-w- c:\windows\system32\osk.exe 2014-06-11 04:18 . 2014-07-15 10:17 4038144 ----a-w- c:\windows\system32\win32k.sys 2014-06-06 14:06 . 2014-07-15 10:14 596480 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 10:17 . 2014-07-15 10:14 497152 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-03 08:41 . 2014-02-18 07:17 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2014-06-02 22:33 . 2014-07-15 10:16 265216 ----a-w- c:\windows\system32\InkEd.dll 2014-05-29 23:31 . 2014-07-15 10:16 452608 ----a-w- c:\windows\SysWow64\SHCore.dll 2014-05-29 23:03 . 2014-07-15 10:16 588288 ----a-w- c:\windows\system32\SHCore.dll 2014-05-29 23:02 . 2014-07-15 10:16 439808 ----a-w- c:\windows\system32\lsm.dll 2014-05-29 23:02 . 2014-07-15 10:16 1281536 ----a-w- c:\windows\system32\lsasrv.dll 2014-05-29 22:24 . 2014-07-15 10:14 576512 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-02-18 07:20 220632 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-02-18 07:20 220632 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-02-18 07:20 220632 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-07 21444224] "uTorrent"="c:\users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-17 1329744] "Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584] "puush"="c:\program files (x86)\puush\puush.exe" [2014-07-24 567880] "f.lux"="c:\users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224] "Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-06-09 1315072] "SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2014-05-04 544544] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392] "Alcatel Limo ModemListener"="c:\program files (x86)\INet\BackgroundService\ModemListener.exe" [2012-03-22 125504] "NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-08-01 526240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\ LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2014-7-18 521216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 MpKsl5cffc3b3;MpKsl5cffc3b3; [x] R1 MpKslb8e12af5;MpKslb8e12af5; [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R3 AlcatelOTnet;AlcatelOT USB-NDIS miniport;c:\windows\system32\DRIVERS\AlcatelOTUsbnet.sys;c:\windows\SYSNATIVE\DRIVERS\AlcatelOTUsbnet.sys [x] R3 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x] R3 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x] R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x] R3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x] R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x] S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x] S2 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe [x] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x] S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-08-15 17:16 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2012-09-24 03:43 214664 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2014-08-17 c:\windows\Tasks\ASC7_SkipUac_The Dantini.job - c:\program files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-07-20 00:54] . 2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38] . 2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38] . 2014-07-20 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job - c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-20 07:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2014-07-20 04:25 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-02-18 07:20 244696 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-02-18 07:20 244696 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-02-18 07:20 244696 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-10 165872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-10 407536] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-10 444400] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-05-10 5675184] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352] "BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-05-07 253952] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\ FF - prefs.js: browser.search.selectedEngine - Google . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file) ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file) ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Completion time: 2014-08-18 15:35:50 ComboFix-quarantined-files.txt 2014-08-18 05:35 ComboFix2.txt 2014-08-17 12:01 . Pre-Run: 589,705,965,568 bytes free Post-Run: 590,133,432,320 bytes free . - - End Of File - - 49D0F6B9ECFBEA895BA9856E4D51D38D 5FB38429D5D77768867C76DCBDB35194 I had one small problem when the combofix was going - other than this i will let you know if i encounter any problems while running the PC tonight, I'll let you know if follow up if needed, thanks. -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
ComboFix 14-08-15.01 - The Dantini 17/08/2014 21:49:15.1.8 - x64 Microsoft Windows 8 6.2.9200.0.1252.61.1033.18.16309.13382 [GMT 10:00] Running from: c:\users\The Dantini\Downloads\ComboFix.exe AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\tmp . . ((((((((((((((((((((((((( Files Created from 2014-07-17 to 2014-08-17 ))))))))))))))))))))))))))))))) . . 2014-08-17 11:56 . 2014-08-17 11:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\offreg.dll 2014-08-17 11:54 . 2014-08-17 11:57 -------- d-----w- c:\users\The Dantini\AppData\Local\temp 2014-08-17 11:54 . 2014-08-17 11:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-08-17 11:54 . 2014-08-17 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-17 03:39 . 2014-08-17 03:39 -------- d-----w- c:\windows\ERUNT 2014-08-16 03:55 . 2010-08-29 22:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-16 03:54 . 2014-08-17 03:35 -------- d-----w- C:\AdwCleaner 2014-08-14 21:47 . 2014-08-14 11:30 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-08-14 21:47 . 2014-08-14 11:30 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-08-12 14:58 . 2014-08-17 03:34 -------- d-----w- C:\FRST 2014-08-02 13:36 . 2014-08-02 13:36 -------- d-----w- c:\users\The Dantini\AppData\Local\Red 5 Studios 2014-08-02 13:35 . 2014-08-02 13:35 -------- d-----w- c:\program files (x86)\Xiph.Org 2014-08-01 06:22 . 2014-08-01 06:22 -------- d-----w- c:\program files (x86)\NCSOFT 2014-08-01 06:21 . 2014-08-01 06:21 -------- d-----w- c:\program files (x86)\NCWest 2014-07-30 06:06 . 2014-07-30 06:06 -------- d-----w- c:\users\The Dantini\AppData\Roaming\Trine2 2014-07-27 21:47 . 2014-07-28 05:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-27 21:47 . 2014-07-27 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-07-27 21:47 . 2014-05-11 21:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-07-27 21:47 . 2014-05-11 21:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-07-27 21:47 . 2014-05-11 21:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-07-27 13:17 . 2014-07-27 13:17 -------- d-----w- c:\program files (x86)\Clownfish 2014-07-27 13:11 . 2014-07-27 13:11 -------- d-----w- c:\programdata\Screaming Bee 2014-07-27 03:51 . 2014-08-03 10:11 -------- d-----w- c:\program files (x86)\Warcraft III 2014-07-27 01:45 . 2014-07-27 01:45 -------- d-----w- c:\program files\Warcraft III 2014-07-24 05:41 . 2014-07-24 05:42 -------- d-----w- c:\program files (x86)\puush 2014-07-20 04:34 . 2014-07-20 04:34 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2014-07-20 04:34 . 2014-07-20 04:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys 2014-07-20 04:34 . 2014-07-20 04:34 1287168 ----a-w- c:\windows\system32\schedsvc.dll 2014-07-20 04:33 . 2014-07-20 04:33 628024 ----a-w- c:\windows\system32\NotificationUI.exe 2014-07-20 04:32 . 2014-02-17 03:41 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2014-07-20 04:26 . 2014-07-20 04:26 -------- d-----w- c:\users\The Dantini\AppData\Roaming\ProductData 2014-07-20 04:25 . 2014-07-20 04:25 -------- d-----w- c:\programdata\ProductData 2014-07-20 04:25 . 2014-07-20 04:25 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-07-20 02:35 . 2014-07-27 21:47 -------- d-----w- c:\users\The Dantini\AppData\Roaming\Malwarebytes 2014-07-20 02:35 . 2014-07-27 21:47 -------- d-----w- c:\programdata\Malwarebytes 2014-07-20 02:34 . 2014-07-20 04:26 -------- d-----w- c:\programdata\IObit 2014-07-20 02:34 . 2014-07-20 04:25 -------- d-----w- c:\users\The Dantini\AppData\Roaming\IObit 2014-07-20 02:33 . 2014-07-20 04:25 -------- d-----w- c:\program files (x86)\IObit 2014-07-20 02:29 . 2014-07-20 02:29 -------- d-----w- c:\users\The Dantini\AppData\Local\ElevatedDiagnostics 2014-07-20 02:21 . 2014-07-20 02:21 -------- d-----w- c:\users\The Dantini\AppData\Local\Diagnostics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-17 04:40 . 2014-07-17 04:40 21656 ----a-w- c:\windows\system32\drivers\evolve.sys 2014-07-09 13:01 . 2013-12-20 01:22 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2014-07-04 19:53 . 2014-07-04 19:53 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2014-07-01 10:09 . 2014-07-15 10:18 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08AA63B6-CE7B-4599-9FEF-1429B530C120}\mpengine.dll 2014-06-26 07:40 . 2013-12-22 00:02 96441528 ----a-w- c:\windows\system32\MRT.exe 2014-06-17 23:27 . 2014-07-15 10:17 1440256 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-17 23:24 . 2014-07-15 10:17 1557504 ----a-w- c:\windows\system32\osk.exe 2014-06-11 04:18 . 2014-07-15 10:17 4038144 ----a-w- c:\windows\system32\win32k.sys 2014-06-06 14:06 . 2014-07-15 10:14 596480 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 10:17 . 2014-07-15 10:14 497152 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-03 08:41 . 2014-02-18 07:17 589008 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2014-06-02 22:33 . 2014-07-15 10:16 265216 ----a-w- c:\windows\system32\InkEd.dll 2014-05-29 23:31 . 2014-07-15 10:16 452608 ----a-w- c:\windows\SysWow64\SHCore.dll 2014-05-29 23:03 . 2014-07-15 10:16 588288 ----a-w- c:\windows\system32\SHCore.dll 2014-05-29 23:02 . 2014-07-15 10:16 439808 ----a-w- c:\windows\system32\lsm.dll 2014-05-29 23:02 . 2014-07-15 10:16 1281536 ----a-w- c:\windows\system32\lsasrv.dll 2014-05-29 22:24 . 2014-07-15 10:14 576512 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-02-18 07:20 220632 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-02-18 07:20 220632 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-02-18 07:20 220632 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-07 21444224] "uTorrent"="c:\users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-17 1329744] "Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584] "puush"="c:\program files (x86)\puush\puush.exe" [2014-07-24 567880] "f.lux"="c:\users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224] "Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-06-09 1315072] "SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe" [2014-05-04 544544] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392] "Alcatel Limo ModemListener"="c:\program files (x86)\INet\BackgroundService\ModemListener.exe" [2012-03-22 125504] "NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-08-01 526240] . c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\ LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe -minimize [2014-7-18 521216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 MpKsl5cffc3b3;MpKsl5cffc3b3; [x] R1 MpKslb8e12af5;MpKslb8e12af5; [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R3 AlcatelOTnet;AlcatelOT USB-NDIS miniport;c:\windows\system32\DRIVERS\AlcatelOTUsbnet.sys;c:\windows\SYSNATIVE\DRIVERS\AlcatelOTUsbnet.sys [x] R3 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x] R3 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x] R3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x] R3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x] R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x] S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x] S2 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe;c:\program files (x86)\INet\BackgroundService\ServiceManager.exe [x] S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x] S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys;c:\windows\SYSNATIVE\drivers\VMfilt64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-08-15 17:16 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2012-09-24 03:43 214664 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll . Contents of the 'Scheduled Tasks' folder . 2014-08-17 c:\windows\Tasks\ASC7_SkipUac_The Dantini.job - c:\program files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-07-20 00:54] . 2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38] . 2014-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23 01:38] . 2014-07-20 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job - c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-20 07:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2014-07-20 04:25 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-02-18 07:20 244696 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-02-18 07:20 244696 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-02-18 07:20 244696 ----a-w- c:\users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-10 165872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-10 407536] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-10 444400] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-05-10 5675184] "IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352] "BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2013-05-07 253952] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\ FF - prefs.js: browser.search.selectedEngine - Google . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file) ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file) ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\IObit\Advanced SystemCare 7\Monitor.exe c:\program files (x86)\LOLReplay\LOLRecorder.exe . ************************************************************************** . Completion time: 2014-08-17 22:01:47 - machine was rebooted ComboFix-quarantined-files.txt 2014-08-17 12:01 . Pre-Run: 575,335,493,632 bytes free Post-Run: 589,744,427,008 bytes free . - - End Of File - - 288F1FD6418A00BEBF9E24DA38159871 5FB38429D5D77768867C76DCBDB35194 This is the log of what is happening. The pictures i sent you at the end of the last reply are what i often see after the computer unfreezes. Often it is when i have music playing on youtube or when i am playing a game, it never happens when i am doing nothing at all with no programs open. The problem has persisted to this point, i will let you know if it stops -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 8 x64 Ran by The Dantini on Sun 17/08/2014 at 13:39:17.50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\The Dantini\AppData\Roaming\mozilla\firefox\profiles\g41ps5c8.default\minidumps [1 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 17/08/2014 at 13:42:49.66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _________________________________________________________________________ # AdwCleaner v3.306 - Report created 17/08/2014 at 13:34:58 # Updated 15/08/2014 by Xplode # Operating System : Windows 8 (64 bits) # Username : The Dantini - DANTINI # Running from : C:\Users\The Dantini\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ParetoLogic Folder Deleted : C:\Users\The Dantini\AppData\Roaming\DriverCure Folder Deleted : C:\Users\The Dantini\AppData\Roaming\ParetoLogic Folder Deleted : C:\Users\The Dantini\Documents\Optimizer Pro File Deleted : C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys File Deleted : C:\Users\The Dantini\AppData\Roaming\LiveSupport.exe_log.txt File Deleted : C:\Users\The Dantini\AppData\Roaming\regsvr32.exe_log.txt File Deleted : C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\user.js File Deleted : C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage ***** [ Scheduled Tasks ] ***** Task Deleted : Driver Booster Update Task Deleted : Optimizer Pro Schedule ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Classes\pokki Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\ParetoLogic ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\prefs.js ] -\\ Google Chrome v36.0.1985.143 [ File : C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2921 octets] - [16/08/2014 13:55:09] AdwCleaner[R1].txt - [2981 octets] - [17/08/2014 13:34:55] AdwCleaner[s0].txt - [2861 octets] - [17/08/2014 13:34:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2921 octets] ########## below is a few of the error messages i get when my PC unfreezes -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01 Ran by The Dantini (administrator) on DANTINI on 15-08-2014 07:56:56 Running from C:\Users\The Dantini\Downloads Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (BitTorrent Inc.) C:\Users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe () C:\Program Files (x86)\puush\puush.exe (Flux Software LLC) C:\Users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe (LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe () C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Farbar) C:\Users\The Dantini\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5675184 2013-05-10] (VIA) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-23] (Intel Corporation) HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253952 2013-05-08] (Realtek Semiconductor Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-03] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [Alcatel Limo ModemListener] => C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe [125504 2012-03-23] () HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-08-01] (NCSOFT Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [uTorrent] => C:\Users\The Dantini\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-18] (BitTorrent Inc.) HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit) HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-07-24] () HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [f.lux] => C:\Users\The Dantini\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1315072 2014-06-09] (Bogdan Sharkov) HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\Run: [smartRAM] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Suo10_SmartRAM.exe [544544 2014-05-04] (IObit) HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\MountPoints2: {ced87b1f-035d-11e4-bec0-0090f5ec7852} - "E:\autorun.exe" HKU\S-1-5-21-3929598749-1145165358-2803149577-1002\...\MountPoints2: {e29f3489-0399-11e4-bec1-0090f5ec7852} - "E:\Launch.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-15] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-04-15] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay) ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => No File ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => No File ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://localoem.msn.com/?pc=SBJB SearchScopes: HKLM - DefaultScope {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; SearchScopes: HKLM - {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; SearchScopes: HKLM-x32 - DefaultScope {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; SearchScopes: HKLM-x32 - {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=SBJB; SearchScopes: HKCU - DefaultScope {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = SearchScopes: HKCU - {2702BAD6-0860-474E-A40B-BEFDBCB79777} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @real.com/nppl3260;version=6.0.12.449 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @spoon.net/Spoon Plugin 3.33 -> C:\Users\The Dantini\AppData\Local\Spoon\3.33.6.270\npMozillaSpoonPlugin.dll No File FF user.js: detected! => C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\user.js FF Extension: Advanced SystemCare Surfing Protection - C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\Extensions\ascsurfingprotection@iobit.com [2014-07-20] FF Extension: Adblock Plus Pop-up Addon - C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-12-30] FF Extension: Adblock Edge - C:\Users\The Dantini\AppData\Roaming\Mozilla\Firefox\Profiles\g41ps5c8.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-08-05] Chrome: ======= CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26] CHR Extension: (Google Wallet) - C:\Users\The Dantini\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit) R2 Alcatel Limo Modem Device Helper; C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe [53312 2012-03-14] () S3 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-08] (Realtek Semiconductor Corporation) [File not signed] S3 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [45056 2013-06-15] () [File not signed] S3 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-23] (Intel Corporation) S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation) S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S3 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [47104 2013-05-30] () [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AlcatelOTnet; C:\Windows\system32\DRIVERS\AlcatelOTUsbnet.sys [138752 2011-06-20] (TCT International Mobile Ltd) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-14] (Windows ® Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-05] (Disc Soft Ltd) S3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2014-07-17] (Echobit, LLC) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-04-15] (LogMeIn Inc.) S3 jrdusbser; C:\Windows\system32\DRIVERS\jrdusbser.sys [120832 2011-06-20] (TCT International Mobile Ltd) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation) S1 MpKsl5cffc3b3; No ImagePath S1 MpKslb8e12af5; No ImagePath S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [547032 2013-07-05] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2766408 2013-06-08] (Realtek Semiconductor Corporation ) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2013-12-23] () R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.) R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys [61112 2014-07-04] (StdLib) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 07:56 - 2014-08-15 07:57 - 00016350 _____ () C:\Users\The Dantini\Downloads\FRST.txt 2014-08-15 07:56 - 2014-08-15 07:56 - 02100224 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64(1).exe 2014-08-15 07:47 - 2014-08-14 21:30 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-15 07:47 - 2014-08-14 21:30 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-15 07:46 - 2014-08-15 07:46 - 00001412 _____ () C:\Windows\PFRO.log 2014-08-14 23:16 - 2014-08-14 23:51 - 00000082 _____ () C:\Users\The Dantini\Desktop\New Text Document.txt 2014-08-14 21:29 - 2014-08-14 21:29 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 21:29 - 2014-08-14 21:29 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 21:29 - 2014-08-14 21:29 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 21:29 - 2014-08-14 21:29 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 21:29 - 2014-08-14 21:29 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-13 00:58 - 2014-08-15 07:56 - 00000000 ____D () C:\FRST 2014-08-13 00:58 - 2014-08-13 00:58 - 02099712 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64.exe 2014-08-12 00:08 - 2014-08-12 00:08 - 00000457 _____ () C:\Users\The Dantini\Documents\Clownfish.log 2014-08-10 05:05 - 2014-08-10 05:05 - 00000000 ____D () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3 2014-08-10 05:03 - 2014-08-10 05:03 - 00220850 _____ () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3.rar 2014-08-09 19:55 - 2014-08-09 19:55 - 00024064 ___SH () C:\Users\The Dantini\Documents\Thumbs.db 2014-08-06 14:16 - 2014-08-06 20:05 - 441582379 ____R () C:\Users\The Dantini\Downloads\[PSX] Spyro 2 - Gateway To Glimmer [for www.p2p-world.dl.am].rar 2014-08-03 22:29 - 2014-08-03 22:29 - 00333137 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-03 22_29_17.938908.dmp 2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\Documents\Firefall 2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Red 5 Studios 2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org 2014-08-02 23:35 - 2014-08-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org 2014-08-02 14:44 - 2014-08-02 14:44 - 00362895 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-02 14_44_49.270845.dmp 2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT 2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NCSOFT 2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest 2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\Program Files (x86)\NCWest 2014-08-01 16:20 - 2014-08-01 16:20 - 05003264 _____ (NC Interactive, LLC) C:\Users\The Dantini\Downloads\AionInstaller.exe 2014-07-31 17:38 - 2014-07-31 17:38 - 00345599 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-31 17_38_51.721981.dmp 2014-07-30 16:06 - 2014-07-30 16:06 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Trine2 2014-07-30 15:32 - 2014-07-30 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 21:21 - 2014-07-29 21:21 - 00348657 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_21_04.182889.dmp 2014-07-29 21:20 - 2014-07-29 21:20 - 00356287 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_20_01.495347.dmp 2014-07-29 14:04 - 2014-07-29 14:44 - 00000000 ____D () C:\Users\The Dantini\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu] 2014-07-28 21:05 - 2014-07-28 21:05 - 00349239 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_29.640310.dmp 2014-07-28 21:05 - 2014-07-28 21:05 - 00336545 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_49.059147.dmp 2014-07-28 16:13 - 2014-07-28 16:13 - 00338689 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 16_13_53.915846.dmp 2014-07-28 07:47 - 2014-07-28 15:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-28 07:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-28 07:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-28 07:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-27 23:26 - 2014-07-27 23:26 - 00363871 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_26_27.329750.dmp 2014-07-27 23:23 - 2014-07-27 23:23 - 00330161 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_23_15.009458.dmp 2014-07-27 23:22 - 2014-07-27 23:22 - 00369449 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_19.061323.dmp 2014-07-27 23:22 - 2014-07-27 23:22 - 00336857 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_29.320673.dmp 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Skype Voice Records 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Clownfish Avatars 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Program Files (x86)\Clownfish 2014-07-27 23:16 - 2014-07-27 23:16 - 00681712 _____ (Shark Labs) C:\Users\The Dantini\Downloads\CFSetup355.exe 2014-07-27 23:11 - 2014-07-27 23:11 - 00000000 ____D () C:\ProgramData\Screaming Bee 2014-07-27 23:10 - 2014-07-27 23:10 - 00000000 ____D () C:\Users\The Dantini\Downloads\MorphVOX Pro v4.3.13 with addons + Crk 2014-07-27 13:51 - 2014-08-03 20:11 - 00000000 ____D () C:\Program Files (x86)\Warcraft III 2014-07-27 13:51 - 2014-07-27 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III 2014-07-27 11:45 - 2014-07-27 11:45 - 00000000 ____D () C:\Program Files\Warcraft III 2014-07-27 11:44 - 2014-07-27 11:44 - 02693591 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe 2014-07-27 11:44 - 2014-07-27 11:44 - 02687058 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe 2014-07-27 01:12 - 2014-07-27 01:14 - 78958693 _____ () C:\Users\The Dantini\Documents\League Final.wmv 2014-07-27 01:10 - 2014-07-27 01:11 - 13325069 _____ () C:\Users\The Dantini\Documents\League Final low.wmv 2014-07-26 01:35 - 2014-07-26 01:35 - 00597304 _____ () C:\Users\The Dantini\Downloads\flux-setup.exe 2014-07-24 15:41 - 2014-07-24 15:42 - 00000000 ____D () C:\Program Files (x86)\puush 2014-07-24 15:40 - 2014-07-24 15:41 - 01085440 _____ () C:\Users\The Dantini\Downloads\puush.msi 2014-07-22 20:13 - 2014-07-22 20:14 - 00000000 ____D () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191 2014-07-22 08:03 - 2014-07-22 08:03 - 00024088 _____ () C:\Users\The Dantini\Downloads\ps2usb.zip 2014-07-22 07:54 - 2014-07-22 07:54 - 00073536 _____ () C:\Users\The Dantini\Downloads\x360ce_lib64_r848_VS2010.zip 2014-07-22 07:52 - 2014-07-22 07:52 - 00804491 _____ () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191.zip 2014-07-20 16:59 - 2014-07-20 16:59 - 79126528 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-07-20 16:59 - 2014-07-20 16:59 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-07-20 16:59 - 2014-07-20 16:59 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-07-20 16:59 - 2014-07-20 16:59 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-07-20 14:34 - 2014-07-20 14:34 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-07-20 14:34 - 2014-07-20 14:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-07-20 14:34 - 2014-07-20 14:34 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2014-07-20 14:33 - 2014-07-20 14:33 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-07-20 14:32 - 2014-02-17 13:41 - 00027456 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe 2014-07-20 14:28 - 2014-07-20 14:28 - 78864384 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2014-07-20 14:28 - 2014-07-20 14:28 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iobit 2014-07-20 14:28 - 2014-07-20 14:28 - 00065536 _____ () C:\Windows\system32\config\SAM.iobit 2014-07-20 14:28 - 2014-07-20 14:28 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2014-07-20 14:26 - 2014-07-20 14:26 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ProductData 2014-07-20 14:25 - 2014-08-14 21:14 - 00000270 _____ () C:\Windows\Tasks\ASC7_SkipUac_The Dantini.job 2014-07-20 14:25 - 2014-07-20 14:25 - 00003106 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor 2014-07-20 14:25 - 2014-07-20 14:25 - 00002418 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-07-20 14:25 - 2014-07-20 14:25 - 00002382 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_The Dantini 2014-07-20 14:25 - 2014-07-20 14:25 - 00000306 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job 2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-07-20 12:36 - 2014-07-20 13:00 - 38612976 _____ (IObit ) C:\Users\The Dantini\Downloads\Advanced-SystemCare.exe 2014-07-20 12:35 - 2014-07-28 07:47 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Malwarebytes 2014-07-20 12:35 - 2014-07-28 07:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-20 12:34 - 2014-07-20 14:26 - 00000000 ____D () C:\ProgramData\IObit 2014-07-20 12:34 - 2014-07-20 14:25 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\IObit 2014-07-20 12:34 - 2014-07-20 12:34 - 00003170 _____ () C:\Windows\System32\Tasks\Driver Booster Update 2014-07-20 12:34 - 2014-07-20 12:34 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (The Dantini) 2014-07-20 12:34 - 2014-07-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2014-07-20 12:33 - 2014-07-20 14:25 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-07-20 12:30 - 2014-07-20 12:32 - 18070304 _____ (IObit ) C:\Users\The Dantini\Downloads\driver_booster_setup.exe 2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\Users\The Dantini\Downloads\Malwarebyte Anti-Malware v1.60.0.1800 Final with KEYGEN 2014-07-20 01:18 - 2014-07-20 01:18 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9(1).exe 2014-07-20 01:15 - 2014-07-20 01:15 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9.exe 2014-07-18 19:52 - 2014-07-28 11:22 - 00000000 ____D () C:\Users\The Dantini\Downloads\Supernatural Season 1 2014-07-18 19:52 - 2014-07-28 09:13 - 00000000 ____D () C:\Users\The Dantini\Downloads\Merlin Season 1 DVDRip XviD - DiGrX 2014-07-18 10:16 - 2014-08-14 23:21 - 01140053 _____ () C:\Windows\WindowsUpdate.log 2014-07-18 09:25 - 2014-07-31 07:43 - 00021684 _____ () C:\Users\The Dantini\AppData\Local\BTServer.log 2014-07-17 23:21 - 2014-07-17 23:21 - 00000000 ____D () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t} 2014-07-17 23:20 - 2014-07-17 23:21 - 06842744 _____ () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}.rar 2014-07-17 23:14 - 2014-08-02 20:39 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ParetoLogic 2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\DriverCure 2014-07-17 23:13 - 2014-07-17 23:14 - 05065008 _____ (ParetoLogic, Inc.) C:\Users\The Dantini\Downloads\RegCurePro.exe 2014-07-17 14:40 - 2014-07-17 14:40 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys 2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Echobit 2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\ProgramData\Echobit 2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Program Files\Echobit 2014-07-17 14:32 - 2014-07-17 14:32 - 03258328 _____ (Echobit LLC) C:\Users\The Dantini\Downloads\EvolveSetup.exe 2014-07-17 11:43 - 2014-07-17 11:43 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 00:20 - 2014-07-16 00:20 - 00422944 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 07:57 - 2014-08-15 07:56 - 00016350 _____ () C:\Users\The Dantini\Downloads\FRST.txt 2014-08-15 07:56 - 2014-08-15 07:56 - 02100224 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64(1).exe 2014-08-15 07:56 - 2014-08-13 00:58 - 00000000 ____D () C:\FRST 2014-08-15 07:54 - 2013-12-20 11:32 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\uTorrent 2014-08-15 07:53 - 2014-01-23 11:38 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-15 07:47 - 2012-07-26 17:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-15 07:46 - 2014-08-15 07:46 - 00001412 _____ () C:\Windows\PFRO.log 2014-08-15 07:46 - 2014-01-28 23:45 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-15 00:01 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\sru 2014-08-14 23:59 - 2013-12-21 08:01 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\TS3Client 2014-08-14 23:51 - 2014-08-14 23:16 - 00000082 _____ () C:\Users\The Dantini\Desktop\New Text Document.txt 2014-08-14 23:21 - 2014-07-18 10:16 - 01140053 _____ () C:\Windows\WindowsUpdate.log 2014-08-14 23:14 - 2014-01-23 11:38 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-14 21:42 - 2013-12-20 12:52 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3929598749-1145165358-2803149577-1002 2014-08-14 21:30 - 2014-08-15 07:47 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-14 21:30 - 2014-08-15 07:47 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-14 21:30 - 2012-07-26 17:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-08-14 21:29 - 2014-08-14 21:29 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 21:29 - 2014-08-14 21:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 21:29 - 2014-08-14 21:29 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 21:29 - 2014-08-14 21:29 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 21:29 - 2014-08-14 21:29 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 21:29 - 2014-08-14 21:29 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 21:29 - 2014-08-14 21:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-14 21:23 - 2013-12-20 11:20 - 00000000 ____D () C:\Users\The Dantini 2014-08-14 21:14 - 2014-07-20 14:25 - 00000270 _____ () C:\Windows\Tasks\ASC7_SkipUac_The Dantini.job 2014-08-14 20:57 - 2013-12-20 11:31 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Skype 2014-08-14 17:09 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-08-13 00:58 - 2014-08-13 00:58 - 02099712 _____ (Farbar) C:\Users\The Dantini\Downloads\FRST64.exe 2014-08-12 00:08 - 2014-08-12 00:08 - 00000457 _____ () C:\Users\The Dantini\Documents\Clownfish.log 2014-08-10 05:05 - 2014-08-10 05:05 - 00000000 ____D () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3 2014-08-10 05:03 - 2014-08-10 05:03 - 00220850 _____ () C:\Users\The Dantini\Downloads\mg_he_kill_ct_csgo_3.rar 2014-08-09 19:55 - 2014-08-09 19:55 - 00024064 ___SH () C:\Users\The Dantini\Documents\Thumbs.db 2014-08-09 01:20 - 2014-04-16 02:09 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Paint.NET 2014-08-08 23:14 - 2014-01-25 09:35 - 00000000 ____D () C:\Users\The Dantini\Desktop\Games 2014-08-07 20:19 - 2014-01-29 00:10 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-08-07 16:14 - 2013-12-21 09:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-08-06 20:05 - 2014-08-06 14:16 - 441582379 ____R () C:\Users\The Dantini\Downloads\[PSX] Spyro 2 - Gateway To Glimmer [for www.p2p-world.dl.am].rar 2014-08-03 22:29 - 2014-08-03 22:29 - 00333137 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-03 22_29_17.938908.dmp 2014-08-03 20:11 - 2014-07-27 13:51 - 00000000 ____D () C:\Program Files (x86)\Warcraft III 2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\Documents\Firefall 2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Red 5 Studios 2014-08-02 23:36 - 2014-08-02 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org 2014-08-02 23:35 - 2014-08-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org 2014-08-02 20:39 - 2014-07-17 23:14 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-08-02 20:37 - 2013-08-16 14:57 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-02 20:02 - 2014-06-25 22:24 - 00004994 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Dantini-The Dantini Dantini 2014-08-02 20:01 - 2014-02-14 06:41 - 00000000 ____D () C:\Program Files (x86)\Bandicam 2014-08-02 19:52 - 2012-07-26 17:28 - 00005598 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-02 17:16 - 2013-12-20 13:00 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\vlc 2014-08-02 14:44 - 2014-08-02 14:44 - 00362895 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-08-02 14_44_49.270845.dmp 2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT 2014-08-01 16:22 - 2014-08-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NCSOFT 2014-08-01 16:22 - 2013-08-16 14:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest 2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 ____D () C:\Program Files (x86)\NCWest 2014-08-01 16:20 - 2014-08-01 16:20 - 05003264 _____ (NC Interactive, LLC) C:\Users\The Dantini\Downloads\AionInstaller.exe 2014-08-01 02:14 - 2013-12-20 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-31 17:38 - 2014-07-31 17:38 - 00345599 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-31 17_38_51.721981.dmp 2014-07-31 07:43 - 2014-07-18 09:25 - 00021684 _____ () C:\Users\The Dantini\AppData\Local\BTServer.log 2014-07-30 16:06 - 2014-07-30 16:06 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Trine2 2014-07-30 15:32 - 2014-07-30 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 21:21 - 2014-07-29 21:21 - 00348657 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_21_04.182889.dmp 2014-07-29 21:20 - 2014-07-29 21:20 - 00356287 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-29 21_20_01.495347.dmp 2014-07-29 14:44 - 2014-07-29 14:04 - 00000000 ____D () C:\Users\The Dantini\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu] 2014-07-28 21:05 - 2014-07-28 21:05 - 00349239 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_29.640310.dmp 2014-07-28 21:05 - 2014-07-28 21:05 - 00336545 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 21_05_49.059147.dmp 2014-07-28 16:13 - 2014-07-28 16:13 - 00338689 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-28 16_13_53.915846.dmp 2014-07-28 15:53 - 2014-07-28 07:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-28 11:22 - 2014-07-18 19:52 - 00000000 ____D () C:\Users\The Dantini\Downloads\Supernatural Season 1 2014-07-28 09:13 - 2014-07-18 19:52 - 00000000 ____D () C:\Users\The Dantini\Downloads\Merlin Season 1 DVDRip XviD - DiGrX 2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-28 07:47 - 2014-07-28 07:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-28 07:47 - 2014-07-20 12:35 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Malwarebytes 2014-07-28 07:47 - 2014-07-20 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-27 23:26 - 2014-07-27 23:26 - 00363871 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_26_27.329750.dmp 2014-07-27 23:23 - 2014-07-27 23:23 - 00330161 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_23_15.009458.dmp 2014-07-27 23:22 - 2014-07-27 23:22 - 00369449 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_19.061323.dmp 2014-07-27 23:22 - 2014-07-27 23:22 - 00336857 _____ () C:\Users\The Dantini\Documents\ts3_clientui-win64-1405341092-2014-07-27 23_22_29.320673.dmp 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Skype Voice Records 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Users\The Dantini\Documents\Clownfish Avatars 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish 2014-07-27 23:17 - 2014-07-27 23:17 - 00000000 ____D () C:\Program Files (x86)\Clownfish 2014-07-27 23:16 - 2014-07-27 23:16 - 00681712 _____ (Shark Labs) C:\Users\The Dantini\Downloads\CFSetup355.exe 2014-07-27 23:11 - 2014-07-27 23:11 - 00000000 ____D () C:\ProgramData\Screaming Bee 2014-07-27 23:10 - 2014-07-27 23:10 - 00000000 ____D () C:\Users\The Dantini\Downloads\MorphVOX Pro v4.3.13 with addons + Crk 2014-07-27 19:39 - 2014-07-27 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III 2014-07-27 11:45 - 2014-07-27 11:45 - 00000000 ____D () C:\Program Files\Warcraft III 2014-07-27 11:44 - 2014-07-27 11:44 - 02693591 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe 2014-07-27 11:44 - 2014-07-27 11:44 - 02687058 _____ (Blizzard Entertainment) C:\Users\The Dantini\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe 2014-07-27 01:15 - 2014-06-01 12:20 - 00000000 ____D () C:\Users\The Dantini\Desktop\League Montage 2014-07-27 01:14 - 2014-07-27 01:12 - 78958693 _____ () C:\Users\The Dantini\Documents\League Final.wmv 2014-07-27 01:11 - 2014-07-27 01:10 - 13325069 _____ () C:\Users\The Dantini\Documents\League Final low.wmv 2014-07-27 01:10 - 2014-03-01 11:09 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Sony 2014-07-26 01:35 - 2014-07-26 01:35 - 00597304 _____ () C:\Users\The Dantini\Downloads\flux-setup.exe 2014-07-24 15:42 - 2014-07-24 15:41 - 00000000 ____D () C:\Program Files (x86)\puush 2014-07-24 15:41 - 2014-07-24 15:40 - 01085440 _____ () C:\Users\The Dantini\Downloads\puush.msi 2014-07-24 15:41 - 2013-12-21 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush 2014-07-22 20:14 - 2014-07-22 20:13 - 00000000 ____D () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191 2014-07-22 13:52 - 2014-06-30 10:01 - 00000000 ____D () C:\Windows\Minidump 2014-07-22 08:03 - 2014-07-22 08:03 - 00024088 _____ () C:\Users\The Dantini\Downloads\ps2usb.zip 2014-07-22 07:54 - 2014-07-22 07:54 - 00073536 _____ () C:\Users\The Dantini\Downloads\x360ce_lib64_r848_VS2010.zip 2014-07-22 07:52 - 2014-07-22 07:52 - 00804491 _____ () C:\Users\The Dantini\Downloads\x360ce.App-2.1.2.191.zip 2014-07-20 21:53 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\rescache 2014-07-20 17:05 - 2013-08-16 14:57 - 00000000 ____D () C:\ProgramData\Realtek 2014-07-20 16:59 - 2014-07-20 16:59 - 79126528 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-07-20 16:59 - 2014-07-20 16:59 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-07-20 16:59 - 2014-07-20 16:59 - 00065536 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-07-20 16:59 - 2014-07-20 16:59 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-07-20 14:34 - 2014-07-20 14:34 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-07-20 14:34 - 2014-07-20 14:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-07-20 14:34 - 2014-07-20 14:34 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2014-07-20 14:33 - 2014-07-20 14:33 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-07-20 14:33 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\restore 2014-07-20 14:32 - 2014-07-05 05:53 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\DAEMON Tools Lite 2014-07-20 14:32 - 2013-08-16 10:19 - 00000000 ____D () C:\Windows\Panther 2014-07-20 14:28 - 2014-07-20 14:28 - 78864384 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2014-07-20 14:28 - 2014-07-20 14:28 - 00311296 _____ () C:\Windows\system32\config\DEFAULT.iobit 2014-07-20 14:28 - 2014-07-20 14:28 - 00065536 _____ () C:\Windows\system32\config\SAM.iobit 2014-07-20 14:28 - 2014-07-20 14:28 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2014-07-20 14:26 - 2014-07-20 14:26 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ProductData 2014-07-20 14:26 - 2014-07-20 12:34 - 00000000 ____D () C:\ProgramData\IObit 2014-07-20 14:25 - 2014-07-20 14:25 - 00003106 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor 2014-07-20 14:25 - 2014-07-20 14:25 - 00002418 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator 2014-07-20 14:25 - 2014-07-20 14:25 - 00002382 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_The Dantini 2014-07-20 14:25 - 2014-07-20 14:25 - 00000306 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job 2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\ProductData 2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2014-07-20 14:25 - 2014-07-20 14:25 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-07-20 14:25 - 2014-07-20 12:34 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\IObit 2014-07-20 14:25 - 2014-07-20 12:33 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-07-20 14:25 - 2014-01-23 11:42 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Apple Computer 2014-07-20 13:00 - 2014-07-20 12:36 - 38612976 _____ (IObit ) C:\Users\The Dantini\Downloads\Advanced-SystemCare.exe 2014-07-20 12:34 - 2014-07-20 12:34 - 00003170 _____ () C:\Windows\System32\Tasks\Driver Booster Update 2014-07-20 12:34 - 2014-07-20 12:34 - 00002866 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (The Dantini) 2014-07-20 12:34 - 2014-07-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2014-07-20 12:32 - 2014-07-20 12:30 - 18070304 _____ (IObit ) C:\Users\The Dantini\Downloads\driver_booster_setup.exe 2014-07-20 12:29 - 2014-07-20 12:29 - 00000000 ____D () C:\Users\The Dantini\Downloads\Malwarebyte Anti-Malware v1.60.0.1800 Final with KEYGEN 2014-07-20 01:20 - 2014-02-09 12:18 - 00000000 ____D () C:\Users\The Dantini\Documents\LOLReplay 2014-07-20 01:18 - 2014-07-20 01:18 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9(1).exe 2014-07-20 01:18 - 2014-02-09 12:18 - 00001924 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk 2014-07-20 01:18 - 2014-02-09 12:18 - 00000000 ____D () C:\Program Files (x86)\LOLReplay 2014-07-20 01:15 - 2014-07-20 01:15 - 01519241 _____ () C:\Users\The Dantini\Downloads\LOLReplay-0.8.9.9.exe 2014-07-19 11:39 - 2014-07-11 19:53 - 1483106304 _____ () C:\Users\The Dantini\Downloads\Touching the Void.avi 2014-07-19 00:11 - 2013-12-21 08:09 - 00000050 _____ () C:\Users\The Dantini\jagex_cl_runescape_LIVE.dat 2014-07-18 09:12 - 2013-12-20 11:25 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Macromedia 2014-07-18 09:09 - 2014-06-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2014-07-18 09:09 - 2014-06-04 07:31 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-07-18 09:09 - 2014-03-09 13:11 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\.minecraft 2014-07-18 09:09 - 2014-02-05 17:55 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-18 09:09 - 2014-02-05 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-18 09:09 - 2014-01-28 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2014-07-18 09:09 - 2014-01-02 22:15 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2 2014-07-18 09:09 - 2013-12-21 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-07-18 09:09 - 2013-12-21 04:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-07-18 09:09 - 2013-08-16 14:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-07-18 09:09 - 2013-08-16 14:44 - 00000000 ____D () C:\Windows\tmp 2014-07-18 09:06 - 2013-12-22 11:18 - 00433664 ___SH () C:\Users\The Dantini\Downloads\Thumbs.db 2014-07-18 08:58 - 2013-12-20 11:35 - 00000844 _____ () C:\Users\The Dantini\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2014-07-17 23:21 - 2014-07-17 23:21 - 00000000 ____D () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t} 2014-07-17 23:21 - 2014-07-17 23:20 - 06842744 _____ () C:\Users\The Dantini\Downloads\ParetoLogic RegCure Pro 3.1.0.0 With Crack Free [DownSoftsFree]{h33t}.rar 2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\ParetoLogic 2014-07-17 23:14 - 2014-07-17 23:14 - 00000000 ____D () C:\Users\The Dantini\AppData\Roaming\DriverCure 2014-07-17 23:14 - 2014-07-17 23:13 - 05065008 _____ (ParetoLogic, Inc.) C:\Users\The Dantini\Downloads\RegCurePro.exe 2014-07-17 14:40 - 2014-07-17 14:40 - 00021656 _____ (Echobit, LLC) C:\Windows\system32\Drivers\evolve.sys 2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Users\The Dantini\AppData\Local\Echobit 2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\ProgramData\Echobit 2014-07-17 14:35 - 2014-07-17 14:35 - 00000000 ____D () C:\Program Files\Echobit 2014-07-17 14:32 - 2014-07-17 14:32 - 03258328 _____ (Echobit LLC) C:\Users\The Dantini\Downloads\EvolveSetup.exe 2014-07-17 11:43 - 2014-07-17 11:43 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-17 11:42 - 2014-01-04 11:46 - 03449344 ___SH () C:\Users\The Dantini\Desktop\Thumbs.db 2014-07-16 20:14 - 2014-03-19 17:13 - 00000000 ____D () C:\Users\The Dantini\Desktop\School 2014-07-16 00:20 - 2014-07-16 00:20 - 00422944 _____ () C:\Windows\system32\FNTCACHE.DAT Files to move or delete: ==================== C:\Users\The Dantini\jagex_cl_oldschool_LIVE.dat C:\Users\The Dantini\jagex_cl_runescape_LIVE.dat C:\Users\The Dantini\jagex_cl_runescape_LIVE1.dat C:\Users\The Dantini\random.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-12 21:40 ==================== End Of Log ============================ i couldn't see how to attatch the addition.txt so i have copy pasted it into here too, apologies for the delayed response. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01 Ran by The Dantini at 2014-08-15 07:57:33 Running from C:\Users\The Dantini\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit) Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC) Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.02 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.4427.02 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit) f.lux (HKCU\...\Flux) (Version: - ) Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios) GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies) GIGABYTE Smart Recovery Generator 1.0.20130705 (HKLM-x32\...\GIGABYTE Smart Recovery Generator) (Version: 1.0.20130705 - GIGABYTE TECHNOLOGY CO.,LTD.) GIGABYTE Voice Search 2.6.0 (HKLM-x32\...\GIGABYTE Voice Search) (Version: 2.6.0 - GIGABYTE TECHNOLOGY CO.,LTD.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hotkey 8.0122 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 8.0122 - NoteBook) Hotkey 8.0122 (x32 Version: 8.0122 - NoteBook) Hidden INet (HKLM-x32\...\Alcatel Limo INet_is1) (Version: - Alcatel) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation) Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit) iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden K-Lite Mega Codec Pack 5.4.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.4.4 - ) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.9 - www.leaguereplays.com) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version: - CyberConnect 2) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) NVIDIA Control Panel 311.54 (Version: 311.54 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 311.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.54 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.4.30523 - Grinding Gear Games) Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.754.754.071213 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27035 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0221 - ) Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam) RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Street Legal Racing Redline (HKLM-x32\...\Street Legal Racing Redline) (Version: - ) Super Hexagon (HKLM-x32\...\Steam App 221640) (Version: - Terry Cavanagh) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) Trials Fusion (HKLM-x32\...\Steam App 245490) (Version: - RedLynx, in collaboration with Ubisoft Shanghai, Ubisoft Kiev) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft) Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony) Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment) Windows Driver Package - Realtek Semiconductor Corp. (RtkBtFilter) Bluetooth (07/03/2013 1.3.754.3) (HKLM\...\9D213E34C23FED3511B7BC9A7BC56F95A9597E3D) (Version: 07/03/2013 1.3.754.3 - Realtek Semiconductor Corp.) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) XSplit Broadcaster (HKLM-x32\...\{641A9A78-643E-437E-9EA9-18AC8842B622}) (Version: 1.3.1401.0901 - SplitMediaLabs) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3929598749-1145165358-2803149577-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\The Dantini\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 27-07-2014 13:14:43 MorphVOX Pro 30-07-2014 06:05:23 Installed DirectX 01-08-2014 06:22:12 Installed Aion 02-08-2014 10:36:43 MorphVOX Pro 11-08-2014 08:05:38 Scheduled Checkpoint 14-08-2014 11:28:11 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 15:26 - 2014-08-09 20:22 - 00000388 ____A C:\Windows\system32\Drivers\etc\hosts 185.36.169.83 lq.eun1.lol.riotgames.com 185.36.169.83 lq.eu.lol.riotgames.com 185.36.169.83 lq.na1.lol.riotgames.com 185.36.169.83 lq.br.lol.riotgames.com 185.36.169.83 lq.tr.lol.riotgames.com 185.36.169.83 lq.ru.lol.riotgames.com 185.36.169.83 lq.la1.lol.riotgames.com 185.36.169.83 lq.oc1.lol.riotgames.com 185.36.169.83 lq.la2.lol.riotgames.com 185.36.169.83 lq.euw1.lol.riotgames.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2C3BCE44-7337-4A62-A3B3-3EBE541EE86C} - System32\Tasks\Driver Booster SkipUAC (The Dantini) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-06-04] (IObit) Task: {2E5FBB6B-2D13-48D3-9232-0AA05EEECE70} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-26] (Microsoft Corporation) Task: {34D3AF38-9C00-4661-8527-0E6691AD282B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.) Task: {38C60DF6-44AC-42CF-81E1-889690CE04C5} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-06-04] (IObit) Task: {3AB0CA00-73FD-457D-9AE6-46896D3FB6A9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-07-20] (Microsoft Corporation) Task: {451FE4BF-7696-403F-A889-4958EACC438A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Dantini-The Dantini Dantini => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe Task: {504FB620-8AA9-40E6-8F89-13DA44081DCC} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION Task: {53579C44-9C03-40DC-B31C-7CA2E20EDC31} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit) Task: {69CAEEF4-214F-468A-9741-4027D3A3488A} - System32\Tasks\ASC7_SkipUac_The Dantini => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-29] (IObit) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {FA646221-7FA3-4CAC-B761-6A3635B25254} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.) Task: {FEFAF56B-11B3-4632-BE0E-4B0464D23F5C} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-05-06] (IObit) Task: C:\Windows\Tasks\ASC7_SkipUac_The Dantini.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-05 00:58 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe 2014-07-24 15:42 - 2014-07-24 15:42 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe 2014-07-05 00:58 - 2012-03-23 09:25 - 00125504 _____ () C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe 2014-07-20 14:25 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll 2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-20 14:25 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madExcept_.bpl 2014-07-20 14:25 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madBasic_.bpl 2014-07-20 14:25 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\madDisAsm_.bpl 2014-07-20 14:25 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll 2012-07-26 09:29 - 2012-07-26 13:06 - 00924672 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll 2012-07-26 09:26 - 2012-07-26 13:06 - 00720384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL 2014-07-18 18:29 - 2014-07-18 18:29 - 00420352 _____ () C:\Program Files (x86)\LOLReplay\LOLUtils.dll 2014-07-30 15:32 - 2014-07-30 15:32 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "BtServer" HKLM\...\StartupApproved\Run: => "HDAudDeck" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKCU\...\StartupApproved\Run: => "Skype" ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Realtek Bluetooth 4.0 + High Speed Chip Description: Realtek Bluetooth 4.0 + High Speed Chip Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Realtek Semiconductor Corp. Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/15/2014 07:48:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -543. Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 454) (User: ) Description: Catalog Database (1036) Catalog Database: Database recovery/restore failed with unexpected error -543. Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: ) Description: Catalog Database (1036) Catalog Database: Database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb requires logfiles 220-221 (C:\Windows\system32\CatRoot2\edb000DC.log - C:\Windows\system32\CatRoot2\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 220 (Catalog Database0). Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: ) Description: Catalog Database (1036) Catalog Database: Database C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb requires logfiles 220-221 (C:\Windows\system32\CatRoot2\edb000DC.log - C:\Windows\system32\CatRoot2\edb.log) in order to recover successfully. Recovery could only locate logfiles up to 220 (Catalog Database0). Error: (08/14/2014 09:10:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528. Error: (08/14/2014 09:10:14 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Catalog Database (1120) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb000D3.log. Error: (08/14/2014 08:56:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91 Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91 Exception code: 0x80000003 Fault offset: 0x0000141b Faulting process id: 0x175c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (08/12/2014 01:40:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NS3FB.exe, version: 1.0.0.7, time stamp: 0x52e221a1 Faulting module name: gameoverlayrenderer.dll, version: 2.32.45.1, time stamp: 0x53c5d201 Exception code: 0xc0000005 Fault offset: 0x0005fb6a Faulting process id: 0x188 Faulting application start time: 0xNS3FB.exe0 Faulting application path: NS3FB.exe1 Faulting module path: NS3FB.exe2 Report Id: NS3FB.exe3 Faulting package full name: NS3FB.exe4 Faulting package-relative application ID: NS3FB.exe5 Error: (08/12/2014 00:04:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528. Error: (08/12/2014 00:04:53 AM) (Source: ESENT) (EventID: 455) (User: ) Description: Catalog Database (1136) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb000D3.log. System errors: ============= Error: (08/15/2014 07:54:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/15/2014 07:48:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/14/2014 09:38:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (08/14/2014 09:37:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/14/2014 09:10:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/14/2014 09:10:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/14/2014 03:55:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/14/2014 03:55:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/14/2014 08:12:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Error: (08/14/2014 08:12:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1058 Microsoft Office Sessions: ========================= Error: (08/15/2014 07:48:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -543 Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 454) (User: ) Description: Catalog Database1036Catalog Database: -543 Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: ) Description: Catalog Database1036Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb220221220C:\Windows\system32\CatRoot2\edb000DC.logC:\Windows\system32\CatRoot2\edb.logC:\Windows\system32\CatRoot2\edb000DC.log Error: (08/15/2014 07:48:06 AM) (Source: ESENT) (EventID: 453) (User: ) Description: Catalog Database1036Catalog Database: C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb220221220C:\Windows\system32\CatRoot2\edb000DC.logC:\Windows\system32\CatRoot2\edb.logC:\Windows\system32\CatRoot2\edb000DC.log Error: (08/14/2014 09:10:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -528 Error: (08/14/2014 09:10:14 PM) (Source: ESENT) (EventID: 455) (User: ) Description: Catalog Database1120Catalog Database: C:\Windows\system32\CatRoot2\edb000D3.log-1811 (0xfffff8ed) Error: (08/14/2014 08:56:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b175c01cfb7aa2a32e831C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla34f97b9-23a1-11e4-bf1c-0090f5ec7852 Error: (08/12/2014 01:40:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: NS3FB.exe1.0.0.752e221a1gameoverlayrenderer.dll2.32.45.153c5d201c00000050005fb6a18801cfb5731aa40a01C:\Program Files (x86)\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB.exeC:\Program Files (x86)\Steam\gameoverlayrenderer.dllc4997ac3-216d-11e4-bf1c-0090f5ec7852 Error: (08/12/2014 00:04:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -528 Error: (08/12/2014 00:04:53 AM) (Source: ESENT) (EventID: 455) (User: ) Description: Catalog Database1136Catalog Database: C:\Windows\system32\CatRoot2\edb000D3.log-1811 (0xfffff8ed) ==================== Memory info =========================== Processor: Intel® Core i7-4700MQ CPU @ 2.40GHz Percentage of memory in use: 12% Total physical RAM: 16308.53 MB Available physical RAM: 14264.18 MB Total Pagefile: 32692.53 MB Available Pagefile: 30411.44 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:910.84 GB) (Free:535.87 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 76980F45) Partition: GPT Partition Type. ==================== End Of Log ============================ -
Computer Freezes but mouse still moves
Dantini replied to Dantini's topic in Resolved Malware Removal Logs
yes this is still a problem and i still require help with it, hope you can get back to me soon, thanks. -
Hello. I have been having this issue since I purchased my laptop. Every now and then the screen will freeze, but the pointer will still be able to move around. Key shortcuts such as alt+tab and ctrl+alt+del are disabled, and the audio of any programs i was using either loops the sound it was making or cuts off completely (depending on which program i am using at the time). When I move the cursor around the screen, the screen is unresponsive, for example if i hover over an icon, it will not light up as it would have otherwise, and key/mouse clicks seem to do nothing. Recently this issue has become very frequent, often happening once every 30 minutes. After the freeze, the computer will often unfreeze after around 3-5 minutes, and audio will resume and any key shortcuts (ctrl+alt+del / alt+tab) i used during the freeze will go all at once. I've found the most simple fix to this issue is to restart my PC, but this only stops the freeze, the computer often freezes up soon after i re-boot it and i have to restart or wait again. The freeze often starts with a program becoming unresponsive (often 'mozilla firefox' or 'explorer.exe'). After the pc un-freezes these often come up with a 'process is not responding, do you wish to end this process?' box, to which pressing yes seems to end the freeze. My computer is running the following - (Speccy) Operating System Windows 8 64-bit CPU Intel Core i3/i5/i7 4xxx @ 2.40GHz 51 °C Haswell 22nm Technology RAM 16.0GB Dual-Channel DDR3 @ 798MHz (11-11-11-28) Motherboard GIGABYTE Q2556N (SOCKET 0) 14 °C Graphics Generic PnP Monitor (1366x768@60Hz) Intel HD Graphics 4600 (CLEVO/KAPOK Computer) 2048MB NVIDIA GeForce GT 740M (CLEVO/KAPOK Computer) 39 °C Storage 931GB TOSHIBA MQ01ABD100 (SATA) 36 °C Optical Drives DTSOFT Virtual CdRom Device TSSTcorp CDDVDW SN-208DB Audio VIA High Definition Audio I have run anti-virus software and cleaned my PC as much as I can, nothing seems to help. I believe the issue is malware, but i am unsure of the source or location. Hopefully we can get to the bottom of this together - Thankyou for your time - Dantini.