Jump to content

TheWarriorLord

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malwarebytes Log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 15/08/2014 Scan Time: 4:25:37 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.15.03 Rootkit Database: v2014.08.04.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: user Scan Type: Threat Scan Result: Completed Objects Scanned: 354823 Time Elapsed: 26 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 1 Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [c916b6102e4ddf5736260d9a18eab34d], Files: 1 Rogue.Multiple, C:\ProgramData\374311380\BIT97C1.tmp, Quarantined, [c916b6102e4ddf5736260d9a18eab34d], Physical Sectors: 0 (No malicious items detected) (end) Avast detected the file in this file path: C:\Windows\SoftwareDistribution\Download\ff3d7e45dddc214b13f2cb6179e31f668515ae2f It was given the malware name: Threat: Rootkit: Hidden File Please note Avast! wouldn't delete it within the antivirus, and I had to manually go to the file in it's file location to delete it.
  2. Downloaded a 3rd party windows program, got some trouble. Ran a few virus scans: MalwareBytes, MalwareBytes Rootkit Remover, Avast, Hitmanpro. First, Malwarebytes removed: Rogue.Multiple (Two of them) Second, Avast detected a rootkit, however gave an error "Access is denied (5)" and so I went to the file manually and deleted it myself. Third, Hitmanpro detected a trojan, and deleted it. Lastly, I took this scan. Here is the FRST first and the Addition second. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014Ran by user (administrator) on USER-PC on 15-08-2014 05:18:54Running from C:\Users\user\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Symantec Corporation) C:\Users\user\Downloads\NPE.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-07] (AVAST Software)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1306517869-1090174571-2485768853-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dllShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.msn.comSearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox:========FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ai0urp39.defaultFF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\user\AppData\Local\Roblox\Versions\version-b3ae331dfaef4117\\NPRobloxProxy.dll ( ROBLOX Corporation)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ai0urp39.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-15]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-16] Chrome: =======CHR HomePage: CHR StartupUrls: "hxxp://www.google.ca/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Extension: (Theme Creator) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-05-28]CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-28]CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]CHR Extension: (Roblox Group Enhancer by Merely) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddjfhkkpgfghimddaekfocbahebohdim [2014-02-24]CHR Extension: (avast! SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-07]CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-12]CHR Extension: (A Journey through Middle-earth) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2013-12-12]CHR Extension: (avast! Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-11]CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-07]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-07] (AVAST Software)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [345984 2014-07-07] ()S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-31] (BitRaider, LLC)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-15] ()S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-07] ()R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-07] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-07] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-07] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-07] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-07] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-07] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-07] ()S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-08-15] (Symantec Corporation)S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]S3 MFE_RR; \??\C:\Users\user\AppData\Local\Temp\mfe_rr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 05:18 - 2014-08-15 05:19 - 00016601 _____ () C:\Users\user\Downloads\FRST.txt2014-08-15 05:18 - 2014-08-15 05:18 - 02100224 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe2014-08-15 05:18 - 2014-08-15 05:18 - 00000000 ____D () C:\FRST2014-08-15 05:12 - 2014-08-15 05:12 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-08-15 05:12 - 2014-08-15 05:12 - 00000172 _____ () C:\Windows\system32\bootdelete.lst2014-08-15 04:48 - 2014-08-15 05:12 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-15 04:47 - 2014-08-15 04:47 - 11188736 _____ (SurfRight B.V.) C:\Users\user\Downloads\hitmanpro_x64.exe2014-08-15 04:36 - 2014-08-15 04:36 - 03077584 ____N (Symantec Corporation) C:\Users\user\Downloads\NPE.exe2014-08-15 04:36 - 2014-08-15 04:36 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS2014-08-15 04:36 - 2014-08-15 04:36 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat2014-08-15 04:36 - 2014-08-15 04:36 - 00000000 ____D () C:\Users\user\AppData\Local\NPE2014-08-15 04:34 - 2014-08-15 05:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-08-15 04:33 - 2014-08-15 05:13 - 00000000 ____D () C:\Users\user\Desktop\mbar2014-08-15 04:32 - 2014-08-15 04:33 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe2014-08-15 04:25 - 2014-08-15 04:34 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-15 04:25 - 2014-08-15 04:25 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-15 04:25 - 2014-08-15 04:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-15 04:25 - 2014-08-15 04:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-08-15 04:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-15 04:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-15 04:24 - 2014-08-15 04:25 - 00000310 _____ () C:\Users\user\Downloads\RootkitRemover_20140815_042406.log2014-08-15 04:24 - 2014-08-15 04:24 - 00783120 _____ (McAfee, Inc.) C:\Users\user\Downloads\rootkitremover.exe2014-08-15 04:22 - 2014-08-15 04:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe2014-08-15 02:22 - 2014-08-15 02:23 - 32239888 _____ () C:\Users\user\Downloads\Firefox Setup 31.0.exe2014-08-15 02:21 - 2014-08-15 02:21 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg2014-08-15 00:44 - 2014-08-15 00:45 - 00000000 ____D () C:\Program Files (x86)\ClearThink2014-08-15 00:44 - 2014-08-15 00:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\WSE_Astromenda2014-08-15 00:43 - 2010-08-27 21:38 - 00035048 _____ () C:\Users\user\Downloads\tokenanimationorb.bmp2014-08-15 00:08 - 2014-08-15 00:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla2014-08-15 00:08 - 2014-08-15 00:08 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla2014-08-15 00:08 - 2014-08-15 00:08 - 00000000 ____D () C:\ProgramData\Mozilla2014-08-15 00:07 - 2014-08-15 00:07 - 00244120 _____ () C:\Users\user\Downloads\Firefox Setup Stub 31.0.exe2014-08-13 02:44 - 2014-08-13 02:44 - 00000968 _____ () C:\Users\user\Desktop\Glyph.lnk2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\Users\user\AppData\Local\Glyph2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\ProgramData\Glyph2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\Program Files (x86)\Glyph2014-08-13 02:43 - 2014-08-13 02:43 - 31434864 _____ (Trion Worlds Inc.) C:\Users\user\Downloads\GlyphInstall.exe2014-08-07 23:21 - 2014-08-07 23:21 - 00196096 _____ () C:\Users\user\Downloads\User (1).htm2014-08-07 23:21 - 2014-08-07 23:21 - 00081260 _____ () C:\Users\user\Downloads\home (1).htm2014-08-07 12:27 - 2014-08-07 12:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-08-07 12:27 - 2014-08-07 12:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-08-06 15:14 - 2014-08-06 15:14 - 00082053 _____ () C:\Users\user\Downloads\home.htm2014-08-01 18:04 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-08-01 18:04 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-08-01 18:04 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-08-01 18:04 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-08-01 18:04 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2014-08-01 18:04 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2014-08-01 18:04 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2014-08-01 18:04 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-08-01 18:04 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-08-01 18:04 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-08-01 18:04 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-08-01 18:04 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-08-01 18:04 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-08-01 18:04 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-07-27 11:50 - 2014-08-07 12:53 - 00000466 _____ () C:\Users\user\SciTE.session2014-07-27 10:39 - 2014-07-28 15:16 - 00000000 ____D () C:\Users\user\Desktop\LUA Learning2014-07-27 10:36 - 2014-07-27 10:36 - 00001114 _____ () C:\Users\Public\Desktop\SciTE.lnk2014-07-27 10:36 - 2014-07-27 10:36 - 00000996 _____ () C:\Users\Public\Desktop\Lua.lnk2014-07-27 10:36 - 2014-07-27 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lua2014-07-27 10:35 - 2014-07-27 10:35 - 26279218 _____ (The Lua for Windows Project and Lua and Tecgraf, PUC-Rio ) C:\Users\user\Downloads\LuaForWindows_v5.1.4-46.exe2014-07-27 10:35 - 2014-07-27 10:35 - 00000000 ____D () C:\Program Files (x86)\Lua ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-15 05:19 - 2014-08-15 05:18 - 00016601 _____ () C:\Users\user\Downloads\FRST.txt2014-08-15 05:19 - 2013-05-28 18:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-15 05:18 - 2014-08-15 05:18 - 02100224 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe2014-08-15 05:18 - 2014-08-15 05:18 - 00000000 ____D () C:\FRST2014-08-15 05:13 - 2014-08-15 04:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-08-15 05:13 - 2014-08-15 04:33 - 00000000 ____D () C:\Users\user\Desktop\mbar2014-08-15 05:12 - 2014-08-15 05:12 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-08-15 05:12 - 2014-08-15 05:12 - 00000172 _____ () C:\Windows\system32\bootdelete.lst2014-08-15 05:12 - 2014-08-15 04:48 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-15 04:49 - 2013-06-03 19:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype2014-08-15 04:47 - 2014-08-15 04:47 - 11188736 _____ (SurfRight B.V.) C:\Users\user\Downloads\hitmanpro_x64.exe2014-08-15 04:43 - 2014-03-05 13:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-15 04:36 - 2014-08-15 04:36 - 03077584 ____N (Symantec Corporation) C:\Users\user\Downloads\NPE.exe2014-08-15 04:36 - 2014-08-15 04:36 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS2014-08-15 04:36 - 2014-08-15 04:36 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat2014-08-15 04:36 - 2014-08-15 04:36 - 00000000 ____D () C:\Users\user\AppData\Local\NPE2014-08-15 04:36 - 2011-10-11 13:59 - 00000000 ____D () C:\ProgramData\Norton2014-08-15 04:34 - 2014-08-15 04:25 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-15 04:33 - 2014-08-15 04:32 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe2014-08-15 04:25 - 2014-08-15 04:25 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-15 04:25 - 2014-08-15 04:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-15 04:25 - 2014-08-15 04:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-08-15 04:25 - 2014-08-15 04:24 - 00000310 _____ () C:\Users\user\Downloads\RootkitRemover_20140815_042406.log2014-08-15 04:25 - 2014-04-21 15:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-15 04:24 - 2014-08-15 04:24 - 00783120 _____ (McAfee, Inc.) C:\Users\user\Downloads\rootkitremover.exe2014-08-15 04:24 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-15 04:24 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-15 04:23 - 2014-08-15 04:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe2014-08-15 04:21 - 2013-05-24 13:42 - 01075429 _____ () C:\Windows\WindowsUpdate.log2014-08-15 04:18 - 2013-08-16 17:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-08-15 04:16 - 2014-01-17 16:55 - 00000000 ____D () C:\Program Files (x86)\Steam2014-08-15 04:16 - 2013-05-28 18:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-15 04:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-15 04:15 - 2010-11-20 23:47 - 00879964 _____ () C:\Windows\PFRO.log2014-08-15 04:15 - 2009-07-14 00:51 - 00100169 _____ () C:\Windows\setupact.log2014-08-15 02:40 - 2013-05-28 19:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\Xfire2014-08-15 02:40 - 2013-05-28 19:26 - 00000000 ____D () C:\ProgramData\Xfire2014-08-15 02:39 - 2013-05-28 19:26 - 00000000 ____D () C:\Program Files (x86)\Xfire22014-08-15 02:23 - 2014-08-15 02:22 - 32239888 _____ () C:\Users\user\Downloads\Firefox Setup 31.0.exe2014-08-15 02:21 - 2014-08-15 02:21 - 00007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg2014-08-15 02:07 - 2014-05-22 19:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Ventrilo2014-08-15 02:07 - 2013-12-27 22:56 - 00000000 ____D () C:\Users\user\Desktop\PokeGen_full2014-08-15 02:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing2014-08-15 02:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-15 02:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-08-15 02:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration2014-08-15 02:04 - 2013-06-10 23:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\SoftGrid Client2014-08-15 01:19 - 2011-10-11 13:57 - 00000000 ____D () C:\ProgramData\Adobe2014-08-15 01:17 - 2014-03-05 13:13 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe2014-08-15 01:17 - 2013-05-24 17:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe2014-08-15 00:45 - 2014-08-15 00:44 - 00000000 ____D () C:\Program Files (x86)\ClearThink2014-08-15 00:44 - 2014-08-15 00:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\WSE_Astromenda2014-08-15 00:08 - 2014-08-15 00:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla2014-08-15 00:08 - 2014-08-15 00:08 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla2014-08-15 00:08 - 2014-08-15 00:08 - 00000000 ____D () C:\ProgramData\Mozilla2014-08-15 00:07 - 2014-08-15 00:07 - 00244120 _____ () C:\Users\user\Downloads\Firefox Setup Stub 31.0.exe2014-08-14 01:16 - 2013-08-17 15:40 - 00001177 _____ () C:\Users\user\Desktop\ROBLOX Studio 2013.lnk2014-08-14 01:16 - 2013-08-08 22:46 - 00001358 _____ () C:\Users\user\Desktop\ROBLOX Player.lnk2014-08-14 01:16 - 2013-08-08 22:45 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2014-08-13 02:54 - 2013-05-28 18:49 - 00000000 ____D () C:\Users\user\AppData\Local\Warframe2014-08-13 02:44 - 2014-08-13 02:44 - 00000968 _____ () C:\Users\user\Desktop\Glyph.lnk2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\Users\user\AppData\Local\Glyph2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\ProgramData\Glyph2014-08-13 02:44 - 2014-08-13 02:44 - 00000000 ____D () C:\Program Files (x86)\Glyph2014-08-13 02:43 - 2014-08-13 02:43 - 31434864 _____ (Trion Worlds Inc.) C:\Users\user\Downloads\GlyphInstall.exe2014-08-11 13:51 - 2009-07-14 01:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-09 16:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-08-08 19:18 - 2013-10-04 20:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\.minecraft2014-08-08 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2014-08-07 23:21 - 2014-08-07 23:21 - 00196096 _____ () C:\Users\user\Downloads\User (1).htm2014-08-07 23:21 - 2014-08-07 23:21 - 00081260 _____ () C:\Users\user\Downloads\home (1).htm2014-08-07 12:55 - 2013-06-09 03:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-08-07 12:55 - 2013-06-09 03:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-08-07 12:53 - 2014-07-27 11:50 - 00000466 _____ () C:\Users\user\SciTE.session2014-08-07 12:28 - 2013-10-03 20:41 - 00001933 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-08-07 12:28 - 2013-08-16 17:05 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-08-07 12:27 - 2014-08-07 12:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-08-07 12:27 - 2014-08-07 12:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-08-07 12:27 - 2014-04-06 14:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-08-07 12:27 - 2013-08-16 17:05 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-08-07 12:27 - 2013-08-16 17:05 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-08-07 12:27 - 2013-08-16 17:05 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-08-07 12:27 - 2013-08-16 17:05 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-08-07 12:27 - 2013-08-16 17:05 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-08-07 12:27 - 2013-08-16 17:05 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-08-06 15:14 - 2014-08-06 15:14 - 00082053 _____ () C:\Users\user\Downloads\home.htm2014-07-29 14:58 - 2013-06-10 22:20 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client2014-07-28 15:16 - 2014-07-27 10:39 - 00000000 ____D () C:\Users\user\Desktop\LUA Learning2014-07-27 10:36 - 2014-07-27 10:36 - 00001114 _____ () C:\Users\Public\Desktop\SciTE.lnk2014-07-27 10:36 - 2014-07-27 10:36 - 00000996 _____ () C:\Users\Public\Desktop\Lua.lnk2014-07-27 10:36 - 2014-07-27 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lua2014-07-27 10:35 - 2014-07-27 10:35 - 26279218 _____ (The Lua for Windows Project and Lua and Tecgraf, PUC-Rio ) C:\Users\user\Downloads\LuaForWindows_v5.1.4-46.exe2014-07-27 10:35 - 2014-07-27 10:35 - 00000000 ____D () C:\Program Files (x86)\Lua2014-07-26 02:42 - 2013-11-02 11:02 - 00000000 ____D () C:\ProgramData\BitRaider2014-07-25 21:05 - 2013-06-09 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-23 18:10 - 2014-01-20 15:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2014-07-19 00:18 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-18 14:56 - 2013-05-28 18:45 - 00002150 _____ () C:\Users\Public\Desktop\Google Chrome.lnk Files to move or delete:====================C:\Users\user\jagex_cl_runescape_LIVE.datC:\Users\user\random.dat Some content of TEMP:====================C:\Users\user\AppData\Local\Temp\BRSVC_951237593_hlp.exeC:\Users\user\AppData\Local\Temp\Gw2.exeC:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\user\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\user\AppData\Local\Temp\NGMDll.dllC:\Users\user\AppData\Local\Temp\NGMResource.dllC:\Users\user\AppData\Local\Temp\SkypeSetup.exeC:\Users\user\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dllC:\Users\user\AppData\Local\Temp\unicows.dllC:\Users\user\AppData\Local\Temp\Uninstaller-8236.exeC:\Users\user\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-09 15:47 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014Ran by user at 2014-08-15 05:19:27Running from C:\Users\user\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)Backup Manager V3 (x32 Version: 3.0.0.90 - NTI Corporation) HiddenBattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.4 - BitRaider, LLC)Blockland (HKLM-x32\...\Steam App 250340) (Version: - Eric Hartman)Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3313.52 - CyberLink Corp.)CyberLink PowerDVD 10 (x32 Version: 10.0.3313.52 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.90 - NTI Corporation)Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Gateway Incorporated)Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3504 - Gateway Incorporated)Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0915.2011 - Gateway Incorporated)Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Gateway Incorporated)Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGuns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)Intel PROSet Wireless (Version: - ) HiddenIntel PROSet Wireless (x32 Version: - ) HiddenIntel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLua for Windows 5.1.4-46 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.46 - The Lua for Windows Project and Lua and Tecgraf, PUC-Rio)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) HiddenMicrosoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) HiddenMicrosoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) HiddenNero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) HiddenNero Core Components 10 (x32 Version: 2.0.18100.8.8 - Nero AG) HiddenNero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) HiddenNero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)Nero Express 10 Help (CHM) (x32 Version: 10.5.10200 - Nero AG) HiddenNero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) HiddenNero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)NVIDIA Control Panel 285.64 (Version: 285.64 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) HiddenNVIDIA Optimus 1.5.20 (Version: 1.5.20 - NVIDIA Corporation) HiddenNVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) HiddenPokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version: - "Pokemon Showdown")PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) HiddenROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)ROBLOX Player for user (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)ROBLOX Studio 2013 for user (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.6 - Bioware/EA)Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)Starbound (HKLM-x32\...\Steam App 211820) (Version: - )Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSystem Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)Video Web Camera (x32 Version: 1.0.1904 - CyberLink Corp.) HiddenWarframe (HKLM-x32\...\{854987EA-3270-40F3-8531-7425489F933B}) (Version: 1.0.0 - Digital Extremes)Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2200 - Broadcom Corporation)Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= Could not list Restore Points. Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0028C75B-4C05-4619-BF6A-DF3356D78639} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)Task: {3B2523D5-59DB-4AC1-A25C-4E5C8BCE7E6B} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2011-08-09] (Acer)Task: {47E07780-4FEB-4ED1-9DBF-65E6426AE691} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-07] (AVAST Software)Task: {71FB79B8-2415-4F5F-9B29-287561680BED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)Task: {DDD8BD33-A19E-4EF7-BBBA-B65F374282D4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F9F72918-0932-4A75-A733-CA7B63BD826F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-24 13:40 - 2011-10-16 07:44 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll2013-12-01 03:35 - 2013-12-15 13:48 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-08-07 12:27 - 2014-08-07 12:27 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-08-14 14:36 - 2014-08-14 14:36 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081401\algo.dll2014-08-15 04:18 - 2014-08-15 04:18 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-05-24 13:40 - 2011-10-16 07:44 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2014-05-22 17:43 - 2014-08-04 15:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll2014-04-25 22:56 - 2014-08-04 15:15 - 00441856 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll2013-12-12 15:19 - 2014-08-04 15:15 - 00332288 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll2013-12-12 15:04 - 2014-08-04 15:15 - 00769024 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-05-22 17:43 - 2014-08-13 18:31 - 02144448 _____ () C:\Program Files (x86)\Steam\video.dll2014-05-22 17:43 - 2014-08-04 15:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll2014-05-22 17:43 - 2014-07-30 23:47 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll2014-01-07 14:00 - 2014-08-13 18:30 - 00677056 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2011-03-09 13:13 - 2011-03-09 13:13 - 00465640 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll2011-03-09 13:12 - 2011-03-09 13:12 - 01081664 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll2011-03-09 13:12 - 2011-03-09 13:12 - 00125760 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll2014-08-07 12:27 - 2014-08-07 12:27 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2013-12-12 15:04 - 2014-08-13 02:27 - 34587328 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2014-02-23 15:30 - 2014-02-23 15:30 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ae685719bd599604bdf031cdad0ba38a\IsdiInterop.ni.dll2011-10-11 13:32 - 2011-04-30 03:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2014-07-18 14:56 - 2014-07-15 05:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-18 14:56 - 2014-07-15 05:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-18 14:56 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-18 14:56 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-18 14:56 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-07-18 14:56 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -kMSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exeMSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN TrayMSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeMSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exeMSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sMSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silentMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter MiniportDescription: avast! Firewall NDIS Filter MiniportClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: ALWIL SoftwareService: aswNdisProblem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors:==================Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000003f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000023DF280.72). hr = 0x80070005, Access is denied.. Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000360,(null),0,REG_BINARY,00000000073EE0C0.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {925973b4-67e0-46a7-8c26-d93dfa84e78b} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,000000000AA0E160.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {b7b3ddd2-dfe5-4f6e-baeb-c009720e842c} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000884,(null),0,REG_BINARY,000000000373E400.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8ad32303-716f-44a3-9c07-30911b4e3549} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000360,(null),0,REG_BINARY,00000000073EE0C0.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {925973b4-67e0-46a7-8c26-d93dfa84e78b} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,(null),0,REG_BINARY,0000000001DAE910.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {d8161033-3b93-4b4f-aecc-1c9f74e4e924} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,000000000AA0E160.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {b7b3ddd2-dfe5-4f6e-baeb-c009720e842c} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000200,(null),0,REG_BINARY,000000000247EC00.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {c30d9365-970c-4660-a22a-b229f237a54a} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000884,(null),0,REG_BINARY,000000000373E400.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8ad32303-716f-44a3-9c07-30911b4e3549} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001d0,(null),0,REG_BINARY,00000000033EF3E0.72). hr = 0x80070005, Access is denied.. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {2d23b73e-74ed-4dcd-a6f4-dfca1eedfaa9} System errors:=============Error: (08/15/2014 05:13:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 Error: (08/15/2014 04:48:35 AM) (Source: iaStor) (EventID: 9) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (08/15/2014 04:18:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/15/2014 02:13:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (08/15/2014 02:13:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (08/15/2014 02:10:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/15/2014 02:02:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Defender service terminated with the following error: %%-2147023781 Error: (08/15/2014 01:58:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/15/2014 01:07:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/15/2014 00:45:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Update ClearThink service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x000003f8,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00000000023DF280.72)0x80070005, Access is denied. Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x00000360,(null),0,REG_BINARY,00000000073EE0C0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {925973b4-67e0-46a7-8c26-d93dfa84e78b} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,000000000AA0E160.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {b7b3ddd2-dfe5-4f6e-baeb-c009720e842c} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x00000884,(null),0,REG_BINARY,000000000373E400.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8ad32303-716f-44a3-9c07-30911b4e3549} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x00000360,(null),0,REG_BINARY,00000000073EE0C0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {925973b4-67e0-46a7-8c26-d93dfa84e78b} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x000001c4,(null),0,REG_BINARY,0000000001DAE910.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {d8161033-3b93-4b4f-aecc-1c9f74e4e924} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x00000bf0,(null),0,REG_BINARY,000000000AA0E160.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {b7b3ddd2-dfe5-4f6e-baeb-c009720e842c} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x00000200,(null),0,REG_BINARY,000000000247EC00.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {c30d9365-970c-4660-a22a-b229f237a54a} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x00000884,(null),0,REG_BINARY,000000000373E400.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {8ad32303-716f-44a3-9c07-30911b4e3549} Error: (08/15/2014 05:13:08 AM) (Source: VSS) (EventID: 8193) (User: )Description: RegSetValueExW(0x000001d0,(null),0,REG_BINARY,00000000033EF3E0.72)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {2d23b73e-74ed-4dcd-a6f4-dfca1eedfaa9} ==================== Memory info =========================== Processor: Intel® Core i7-2670QM CPU @ 2.20GHzPercentage of memory in use: 36%Total physical RAM: 8043.86 MBAvailable physical RAM: 5122.77 MBTotal Pagefile: 16085.9 MBAvailable Pagefile: 13036 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:913.41 GB) (Free:743.25 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9230097F)Partition 1: (Not Active) - (Size=18 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=913 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.