ShadySands

Yup, everything seems to be in order now. Thanks again for your help Mr. Charlie, you're a godsend.

Here is the Checkup note Results of screen317's Security Check version 0.99.87 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java 8 Update 20 Adobe Flash Player 15.0.0.152 Adobe Reader XI Google Chrome 37.0.2062.103 Google Chrome 37.0.2062.120 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Thank you again for your help.

The MalwareBytes software did another scan this morning and it highlighted those 2 files you pointed out and after I quarantined them all of the ads and popups have gone away from my computer. Yesterday MalwareBytes found 3 potentially harmful files and today it found 173 and those 2 were part of the 173 and now that they are gone all of the adware and malware seems to be gone from my computer. I ran several other scans and there seems to be nothing now. I cant thank you enough Mr. Charlie, you really helped me out big time. Is there some other way I could maybe throw a couple bucks your way as I don't have a paypal, just as a thank you for your time, help, and patience? Thanks again, you were a lifesaver.

FRST Log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014Ran by alexi (administrator) on ALEXIPC on 19-09-2014 08:40:22Running from C:\Users\alexi\DownloadsPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Kaspersky Lab ZAO) C:\Users\alexi\AppData\Local\Temp\{F8C1EB69-ED6F-4A99-ADE4-D80EA0096312}.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Microsoft Corporation) C:\windows\System32\rundll32.exe(Lenovo) C:\windows\jmesoft\hotkey.exe(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-27] (Realtek Semiconductor)HKLM\...\Run: [uMonit] => C:\windows\SysWOW64\UMonit.exe [28672 2012-07-24] ()HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyHKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundHKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:falseStartup: C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.ProxyServer: 127.0.0.1:5050HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-22] Chrome: =======CHR Profile: C:\Users\alexi\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]CHR Extension: (Google Drive) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]CHR Extension: (Google Search) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]CHR Extension: (AdBlock) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-14]CHR Extension: (avast! Online Security) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02]CHR Extension: (Turn Off the Lights) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-05-02]CHR Extension: (Google Wallet) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]CHR Extension: (Gmail) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-03]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-03] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-03] (AVAST Software)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-05-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-03] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-03] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-03] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-03] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-03] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-03] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-03] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-03] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-03] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-03] ()R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-05] (GenesysLogic)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation )R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation )U3 TrueSight; C:\windows\System32\Drivers\TrueSight.sys [36456 2014-09-15] ()S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-18 22:41 - 2014-09-18 22:41 - 01530178 _____ () C:\Users\alexi\Desktop\TDSS.txt2014-09-18 22:34 - 2014-09-18 22:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\alexi\Downloads\tdsskiller.exe2014-09-16 22:24 - 2014-09-16 22:24 - 00207743 _____ () C:\Users\alexi\Desktop\DrDoomPose_1.jpeg2014-09-16 18:56 - 2014-09-16 18:57 - 00002996 _____ () C:\Users\alexi\Desktop\Rkill.txt2014-09-16 18:56 - 2014-09-16 18:56 - 00000000 ____D () C:\Users\alexi\Desktop\rkill2014-09-16 18:55 - 2014-09-16 18:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\alexi\Downloads\rkill.com2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe2014-09-16 13:45 - 2014-09-18 22:35 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe2014-09-16 13:18 - 2014-09-16 13:21 - 00000000 ____D () C:\AdwCleaner2014-09-16 13:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe2014-09-16 08:27 - 2014-09-19 00:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-09-15 23:11 - 2014-09-19 08:40 - 00019680 _____ () C:\Users\alexi\Downloads\FRST.txt2014-09-15 23:11 - 2014-09-16 14:37 - 00032566 _____ () C:\Users\alexi\Downloads\Addition.txt2014-09-15 23:10 - 2014-09-19 08:40 - 00000000 ____D () C:\FRST2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt2014-09-15 14:21 - 2014-09-19 07:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-15 14:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-09-15 14:21 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-09-15 14:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe2014-09-14 02:04 - 2014-09-18 11:54 - 00001024 _____ () C:\.rnd2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~12014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc2014-09-12 17:09 - 2014-09-12 17:10 - 00000000 ____D () C:\ProgramData\UAB2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support2014-09-11 16:48 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-09-11 16:48 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-09-11 16:48 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-09-11 16:48 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-11 16:48 - 2014-06-24 00:35 - 00010450 _____ () C:\windows\system32\autoconfig.cab2014-09-11 16:48 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll2014-09-11 16:48 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2014-09-11 16:48 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll2014-09-11 16:48 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll2014-09-11 16:48 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll2014-09-11 16:47 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll2014-09-11 16:47 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-11 16:47 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2014-09-11 16:47 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2014-09-10 20:38 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2014-09-10 20:38 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2014-09-10 20:38 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2014-09-10 20:38 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2014-09-10 20:38 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2014-09-10 20:38 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2014-09-10 20:38 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2014-09-10 20:38 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll2014-09-10 20:38 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll2014-09-10 20:38 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll2014-09-10 20:38 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll2014-09-10 20:37 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-09-10 20:37 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-09-10 20:37 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-09-10 20:37 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-09-10 20:37 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-09-10 20:37 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-09-10 20:37 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll2014-09-10 20:37 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll2014-09-10 20:37 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-09-10 20:37 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-09-10 20:37 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-09-10 20:37 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-09-10 20:36 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-09-10 20:36 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-09-10 20:36 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll2014-09-10 20:36 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-09-10 20:36 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-09-10 20:36 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-09-10 20:36 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-09-10 20:36 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-09-10 20:36 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-09-10 20:36 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-09-10 20:36 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2014-09-10 20:36 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-09-10 20:36 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-09-10 20:36 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-09-10 20:36 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-09-10 20:36 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-09-10 20:36 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-09-10 20:36 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-09-10 20:36 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2014-09-10 20:36 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-09-10 20:36 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-09-10 20:36 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-09-10 20:36 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll2014-09-10 20:36 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-09-10 20:36 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2014-09-10 20:36 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-09-10 20:36 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll2014-09-10 20:36 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-09-10 20:36 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-09-10 20:32 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe2014-09-10 20:32 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll2014-08-29 01:28 - 2014-08-29 01:29 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no2014-08-28 11:23 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 08:40 - 2014-09-15 23:11 - 00019680 _____ () C:\Users\alexi\Downloads\FRST.txt2014-09-19 08:40 - 2014-09-15 23:10 - 00000000 ____D () C:\FRST2014-09-19 08:40 - 2013-10-06 14:50 - 00000214 _____ () C:\Users\alexi\Documents\pms.xml2014-09-19 08:37 - 2014-06-23 18:33 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Skype2014-09-19 08:05 - 2013-10-06 15:30 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-19 08:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru2014-09-19 07:51 - 2014-04-28 14:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-09-19 07:36 - 2014-09-15 14:21 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-09-19 06:55 - 2013-02-20 04:16 - 01130631 _____ () C:\windows\WindowsUpdate.log2014-09-19 06:44 - 2013-10-06 15:33 - 00000000 ____D () C:\Program Files (x86)\Steam2014-09-19 06:43 - 2013-10-06 14:57 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243815903-1607662779-547259091-10012014-09-19 00:09 - 2014-09-16 08:27 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps2014-09-19 00:05 - 2013-10-06 15:30 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-18 22:41 - 2014-09-18 22:41 - 01530178 _____ () C:\Users\alexi\Desktop\TDSS.txt2014-09-18 22:36 - 2012-08-01 08:51 - 00099494 _____ () C:\windows\PFRO.log2014-09-18 22:36 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-09-18 22:35 - 2014-09-16 13:45 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg2014-09-18 22:35 - 2012-07-25 22:26 - 00524288 ___SH () C:\windows\system32\config\BBI2014-09-18 22:34 - 2014-09-18 22:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\alexi\Downloads\tdsskiller.exe2014-09-18 11:54 - 2014-09-14 02:04 - 00001024 _____ () C:\.rnd2014-09-16 22:24 - 2014-09-16 22:24 - 00207743 _____ () C:\Users\alexi\Desktop\DrDoomPose_1.jpeg2014-09-16 18:57 - 2014-09-16 18:56 - 00002996 _____ () C:\Users\alexi\Desktop\Rkill.txt2014-09-16 18:56 - 2014-09-16 18:56 - 00000000 ____D () C:\Users\alexi\Desktop\rkill2014-09-16 18:55 - 2014-09-16 18:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\alexi\Downloads\rkill.com2014-09-16 14:37 - 2014-09-15 23:11 - 00032566 _____ () C:\Users\alexi\Downloads\Addition.txt2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe2014-09-16 13:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\LiveKernelReports2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe2014-09-16 13:22 - 2012-08-01 09:50 - 00000000 ____D () C:\windows\Panther2014-09-16 13:22 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Speech2014-09-16 13:21 - 2014-09-16 13:18 - 00000000 ____D () C:\AdwCleaner2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt2014-09-15 14:31 - 2013-02-20 04:11 - 00000000 ____D () C:\Program Files (x86)\Amazon2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe2014-09-14 22:57 - 2013-12-16 21:18 - 00000000 ____D () C:\Users\alexi\Desktop\Wallpapers2014-09-14 15:33 - 2013-02-20 04:02 - 00000000 ____D () C:\temp2014-09-14 08:43 - 2013-10-10 17:31 - 00000000 ____D () C:\windows\system32\MRT2014-09-14 08:37 - 2013-10-10 17:31 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo2014-09-13 22:31 - 2014-08-07 19:51 - 00000000 ____D () C:\Users\alexi\Desktop\Avast2014-09-13 22:19 - 2013-02-20 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~12014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios2014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios2014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael2014-09-12 17:27 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI2014-09-12 17:24 - 2012-07-26 00:21 - 00409495 _____ () C:\windows\setupact.log2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc2014-09-12 17:21 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Resources2014-09-12 17:10 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\UAB2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support2014-09-12 08:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore2014-09-12 02:45 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp2014-09-10 20:39 - 2013-10-10 16:56 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-09 10:51 - 2014-04-28 14:08 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-09-06 22:19 - 2014-02-12 22:58 - 00000000 ____D () C:\ProgramData\Origin2014-09-06 22:18 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files (x86)\Origin Games2014-09-06 21:17 - 2014-08-13 18:22 - 00000000 ____D () C:\Users\alexi\Documents\FIFA World2014-09-06 21:08 - 2013-11-24 12:24 - 00213818 _____ () C:\windows\DirectX.log2014-09-06 20:58 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files (x86)\Origin2014-09-02 12:32 - 2013-11-15 22:38 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-09-02 12:32 - 2013-11-15 22:38 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-08-31 11:51 - 2014-08-03 21:11 - 00427008 _____ () C:\windows\system32\FNTCACHE.DAT2014-08-29 01:29 - 2014-08-29 01:28 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no2014-08-29 01:24 - 2014-08-07 19:50 - 00000000 ____D () C:\Users\alexi\Desktop\WS Fixer2014-08-28 04:34 - 2014-09-10 20:38 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2014-08-27 23:05 - 2014-09-10 20:38 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2014-08-27 23:05 - 2014-09-10 20:38 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2014-08-27 23:05 - 2014-09-10 20:38 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2014-08-27 23:05 - 2014-09-10 20:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2014-08-27 23:02 - 2014-09-10 20:38 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2014-08-27 23:01 - 2014-09-10 20:38 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2014-08-27 23:01 - 2014-09-10 20:38 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb2014-08-25 12:47 - 2014-06-23 18:33 - 00000000 ____D () C:\ProgramData\Skype2014-08-24 01:08 - 2014-07-20 11:39 - 00000000 ____D () C:\Program Files (x86)\Java2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games2014-08-22 23:47 - 2014-08-28 11:23 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-08-22 23:24 - 2014-07-20 11:39 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-08-22 23:24 - 2014-07-20 11:39 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-08-22 23:24 - 2014-05-04 15:34 - 00000000 ____D () C:\ProgramData\Oracle2014-08-22 14:56 - 2014-08-08 00:38 - 00000003 _____ () C:\windows\system32\HRUPPROG.TXT2014-08-20 16:40 - 2014-09-11 16:48 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-08-20 10:05 - 2014-09-11 16:48 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-08-20 10:05 - 2014-09-11 16:47 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll2014-08-20 10:05 - 2014-09-11 16:47 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-08-20 10:02 - 2014-09-11 16:48 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-08-20 10:02 - 2014-09-11 16:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll Some content of TEMP:====================C:\Users\alexi\AppData\Local\Temp\BackupSetup.exeC:\Users\alexi\AppData\Local\Temp\nss1D8C.tmp.exeC:\Users\alexi\AppData\Local\Temp\oi_{CE03D37B-D558-4E0C-B4B1-C442C10DAC00}.exeC:\Users\alexi\AppData\Local\Temp\Quarantine.exeC:\Users\alexi\AppData\Local\Temp\SRLDetectionLibrary408831142462744779.dllC:\Users\alexi\AppData\Local\Temp\swt-win32-3349.dllC:\Users\alexi\AppData\Local\Temp\Uninstall.exeC:\Users\alexi\AppData\Local\Temp\vcredist_x64.exeC:\Users\alexi\AppData\Local\Temp\{F8C1EB69-ED6F-4A99-ADE4-D80EA0096312}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-14 08:37 ==================== End Of Log ============================ Addition Log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014Ran by alexi at 2014-09-19 08:40:45Running from C:\Users\alexi\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) HiddenAdobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) HiddenAdobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Archeblade (HKLM-x32\...\Steam App 207230) (Version: - CodeBrush Games)avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)Devil May Cry 3: Special Edition (HKLM-x32\...\Steam App 6550) (Version: - CAPCOM Co., Ltd.)Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version: - Capcom)Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenInterstellar Marines (HKLM-x32\...\Steam App 236370) (Version: - Zero Point Software)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) HiddenJunk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenKilling Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version: - Big Huge Games)League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)League of Legends (x32 Version: 3.0.0 - Riot Games) HiddenLeft 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG)Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) HiddenLenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) HiddenLenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenNether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games)Nihilumbra (HKLM-x32\...\Steam App 252670) (Version: - Beautifun Games)NVIDIA Control Panel 305.93 (Version: 305.93 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenPortal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)SpaceEngine version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version: - Capcom)System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version: - Zombie Panic Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 04-09-2014 21:43:26 Scheduled Checkpoint07-09-2014 04:06:35 Installed DirectX11-09-2014 03:35:15 Windows Update13-09-2014 22:27:49 Removed Hi-Rez Studios Games19-09-2014 05:33:57 RestorePoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {79ACCC34-5F16-4FA7-9664-1ABEE0CC976F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)Task: {82B28FDF-AD8B-4F09-8C80-23EF5608A142} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)Task: {9751432C-603E-4DF6-A326-6D42248DFAAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {AFD0099A-7E09-46CE-B7DE-1F2E297C87FD} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()Task: {BF8C0DFE-9E7A-4A64-8D3C-947D35A36C69} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {D7E81082-5AF5-4F78-9104-752998B68FF9} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)Task: {DE4B03D7-AD75-4A06-AED4-A478B7C6C9D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {E3DC12E4-03A3-456C-880B-7C256BF17446} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-03] (AVAST Software)Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {F2DF6FEE-D79A-438C-9340-3E14218773BF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-14] (Microsoft Corporation)Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-10 17:48 - 2014-09-10 17:48 - 00154112 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe2013-10-06 15:08 - 2013-10-06 15:09 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2014-08-03 18:14 - 2014-08-03 18:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-09-18 15:09 - 2014-09-18 15:09 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091804\algo.dll2014-09-19 07:36 - 2014-09-19 07:36 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091900\algo.dll2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-09-10 17:48 - 2014-09-10 17:48 - 00070656 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node2014-09-12 15:06 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll2014-09-12 15:06 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll2014-09-12 15:06 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll2014-09-12 15:06 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll2014-09-12 15:06 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll2014-08-03 18:14 - 2014-08-03 18:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2013-02-20 04:03 - 2012-06-24 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-08-29 01:24 - 2014-08-21 11:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2013-08-21 14:18 - 2014-08-20 15:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-05-22 12:54 - 2014-08-28 04:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2013-09-21 10:35 - 2014-08-28 04:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-09-10 14:20 - 2014-08-20 15:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2014-08-18 12:38 - 2014-08-20 15:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\windows:nlsPreferences ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86358319.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86358319.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "UMonit"HKLM\...\StartupApproved\Run32: => "HP Software Update"HKLM\...\StartupApproved\Run32: => "mcui_exe"HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"HKLM\...\StartupApproved\Run32: => "jmesoft"HKCU\...\StartupApproved\Run: => "Driver Support" ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (09/19/2014 00:09:45 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Exception code: 0xc000041dFault offset: 0x00012767Faulting process id: 0x940Faulting application start time: 0xLitModeSwitch.exe0Faulting application path: LitModeSwitch.exe1Faulting module path: LitModeSwitch.exe2Report Id: LitModeSwitch.exe3Faulting package full name: LitModeSwitch.exe4Faulting package-relative application ID: LitModeSwitch.exe5 Error: (09/19/2014 00:09:44 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Exception code: 0xc0000005Fault offset: 0x00012767Faulting process id: 0x940Faulting application start time: 0xLitModeSwitch.exe0Faulting application path: LitModeSwitch.exe1Faulting module path: LitModeSwitch.exe2Report Id: LitModeSwitch.exe3Faulting package full name: LitModeSwitch.exe4Faulting package-relative application ID: LitModeSwitch.exe5 Error: (09/18/2014 10:38:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: ALEXIPC)Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/18/2014 10:16:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: ALEXIPC)Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/18/2014 10:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e1Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464baException code: 0xc0000005Fault offset: 0x0000000000005491Faulting process id: 0xe58Faulting application start time: 0xLiveComm.exe0Faulting application path: LiveComm.exe1Faulting module path: LiveComm.exe2Report Id: LiveComm.exe3Faulting package full name: LiveComm.exe4Faulting package-relative application ID: LiveComm.exe5 Error: (09/17/2014 11:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: steamwebhelper.exe, version: 2.37.82.33, time stamp: 0x53ff038bFaulting module name: steamwebhelper.exe, version: 2.37.82.33, time stamp: 0x53ff038bException code: 0xc0000409Fault offset: 0x000c4b42Faulting process id: 0x46cFaulting application start time: 0xsteamwebhelper.exe0Faulting application path: steamwebhelper.exe1Faulting module path: steamwebhelper.exe2Report Id: steamwebhelper.exe3Faulting package full name: steamwebhelper.exe4Faulting package-relative application ID: steamwebhelper.exe5 Error: (09/17/2014 03:20:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Exception code: 0xc000041dFault offset: 0x00012767Faulting process id: 0x1600Faulting application start time: 0xLitModeSwitch.exe0Faulting application path: LitModeSwitch.exe1Faulting module path: LitModeSwitch.exe2Report Id: LitModeSwitch.exe3Faulting package full name: LitModeSwitch.exe4Faulting package-relative application ID: LitModeSwitch.exe5 Error: (09/17/2014 03:20:35 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Exception code: 0xc0000005Fault offset: 0x00012767Faulting process id: 0x1600Faulting application start time: 0xLitModeSwitch.exe0Faulting application path: LitModeSwitch.exe1Faulting module path: LitModeSwitch.exe2Report Id: LitModeSwitch.exe3Faulting package full name: LitModeSwitch.exe4Faulting package-relative application ID: LitModeSwitch.exe5 Error: (09/16/2014 08:10:35 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LiveComm.exe, version: 17.0.1119.516, time stamp: 0x519504e1Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464baException code: 0xc0000005Fault offset: 0x0000000000005491Faulting process id: 0xdf0Faulting application start time: 0xLiveComm.exe0Faulting application path: LiveComm.exe1Faulting module path: LiveComm.exe2Report Id: LiveComm.exe3Faulting package full name: LiveComm.exe4Faulting package-relative application ID: LiveComm.exe5 Error: (09/16/2014 03:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33Exception code: 0xc000041dFault offset: 0x00012767Faulting process id: 0x1194Faulting application start time: 0xLitModeSwitch.exe0Faulting application path: LitModeSwitch.exe1Faulting module path: LitModeSwitch.exe2Report Id: LitModeSwitch.exe3Faulting package full name: LitModeSwitch.exe4Faulting package-relative application ID: LitModeSwitch.exe5 System errors:=============Error: (09/19/2014 06:43:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )Description: The LitModeCtrl service has reported an invalid current state 32. Error: (09/19/2014 06:43:42 AM) (Source: Service Control Manager) (EventID: 7016) (User: )Description: The LitModeCtrl service has reported an invalid current state 32. Error: (09/19/2014 00:44:32 AM) (Source: Service Control Manager) (EventID: 7016) (User: )Description: The LitModeCtrl service has reported an invalid current state 32. Error: (09/18/2014 10:36:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126 Error: (09/18/2014 10:35:58 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)Description: 0xc000014d0 Error: (09/18/2014 10:15:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126 Error: (09/18/2014 10:14:44 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)Description: 0xc000014d0 Error: (09/18/2014 10:05:45 PM) (Source: Service Control Manager) (EventID: 7016) (User: )Description: The LitModeCtrl service has reported an invalid current state 32. Error: (09/18/2014 10:05:35 PM) (Source: Service Control Manager) (EventID: 7016) (User: )Description: The LitModeCtrl service has reported an invalid current state 32. Error: (09/18/2014 05:35:26 PM) (Source: Service Control Manager) (EventID: 7016) (User: )Description: The LitModeCtrl service has reported an invalid current state 32. Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Core i7-3770 CPU @ 3.40GHzPercentage of memory in use: 25%Total physical RAM: 12248.3 MBAvailable physical RAM: 9096.11 MBTotal Pagefile: 15192.3 MBAvailable Pagefile: 10348.46 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:1836.32 GB) (Free:1552.41 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 1863 GB) (Disk ID: 5DC6B6F5) Partition: GPT Partition Type. ==================== End Of Log ============================

Here is the report from TDSS. The option to cure was not available, it had skip, copy to quarantine, and delete but as you said not to do that unless instructed do I didnt. TDSS.txt

Whenever I use my web browser there are little boxes that appear on the sides of the screen advertising products at several stores such as walmart or target, and they all have a small annotation that says "Provided by Savifier". On sites such as Amazon that are dedicated towards buying products only the main picture advertising the product loads up and I cannot zoom in on the image. There is also a yellow bar on images that says search and when I roll the mouse over it, it shows similar produtcs at other outlets. Finaly on some websites I use, such as Wikipedia, IGN, Imgur, etc. the site does not display properly it just shows the site as a wall of text with whatever image is meant to accompany it, the websites more or less look plain.

Followed what you said but unfortunately its still there. Boy I really screwed up huh?

The RKill log Rkill 2.6.8 by Lawrence Abrams (Grinler)http://groovorio.com...cr=22013098&ir=SearchScopes: HKLM-x32 - {EDBC395F-1B01-4A89-A5B3-5E80FF8440CF} URL = http://groovorio.com...cr=22013098&ir=CHR Extension: (avast! SafePrice) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key deleted successfully."HKCR\CLSID\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key deleted successfully."HKCR\CLSID\{EDBC395F-1B01-4A89-A5B3-5E80FF8440CF}" => Key not found.C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => Moved successfully. ==== End of Fixlog ==== I also followed the steps you provided for the developer mode and extensions for chrome but nothing has changed.

The Avast-Browser Cleanup says that everything is fine. The only browser that I know is affected is Google Chrome as that is the only one I use The FRST note Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014Ran by alexi (administrator) on ALEXIPC on 16-09-2014 14:36:42Running from C:\Users\alexi\DownloadsPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Microsoft Corporation) C:\windows\System32\rundll32.exe(Lenovo) C:\windows\jmesoft\hotkey.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe(AVAST Software) C:\Users\alexi\AppData\Local\Temp\7zSDF39.tmp\BrowserCleanup.exe(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-27] (Realtek Semiconductor)HKLM\...\Run: [uMonit] => C:\windows\SysWOW64\UMonit.exe [28672 2012-07-24] ()HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyHKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-03-31] (Lenovo)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundHKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)HKU\S-1-5-21-4243815903-1607662779-547259091-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:falseStartup: C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No FileShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.ProxyServer: 127.0.0.1:5050HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mysearch.avg.com?cid={F727D246-84D7-4755-94EB-55DC4737B28A}&mid=d3206d3a932f47d29dc2057438bbf4c0-892a8d59c4c470602b34a8b6a5bd3e9b82d31d15〈=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-02-23 21:29:12&v=17.3.1.91&pid=safeguard&sg=&sap=hp http://lenovo13.msn.comhttp://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comSearchScopes: HKLM - {EDBC395F-1B01-4A89-A5B3-5E80FF8440CF} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight_14_18&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyD0FtC0DtAtAyC0A0EyCtN0D0Tzu0SzyzzyCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StC0AzzzyyDtDtCyEtG0FyDyEtCtGtCzzyBtBtGyCtBtB0DtGtA0EyDtD0B0FzytB0D0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyDyByB0E0CzytGyC0Czy0AtGyE0Fzz0FtG0A0C0D0BtGyEyEtAyE0DyE0A0B0B0DyE0F2Q&cr=22013098&ir=SearchScopes: HKLM-x32 - {EDBC395F-1B01-4A89-A5B3-5E80FF8440CF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - {EDBC395F-1B01-4A89-A5B3-5E80FF8440CF} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight_14_18&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyD0FtC0DtAtAyC0A0EyCtN0D0Tzu0SzyzzyCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StC0AzzzyyDtDtCyEtG0FyDyEtCtGtCzzyBtBtGyCtBtB0DtGtA0EyDtD0B0FzytB0D0D0EyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EyDyByB0E0CzytGyC0Czy0AtGyE0Fzz0FtG0A0C0D0BtGyEyEtAyE0DyE0A0B0B0DyE0F2Q&cr=22013098&ir=BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-22] Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=498&aid=100&itype=n&ver=12386&tm=334&src=hmp"CHR DefaultSearchKeyword: Default -> 9D83097550950CBD6DB4F000A37C8763346F49374063953A4BC3BE2D45D7CD01CHR DefaultSearchURL: Default -> CBF086CC0534A4F9222D0329E1B42A8CD8B92CB80F561C901242AEA5D79B6593CHR Profile: C:\Users\alexi\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]CHR Extension: (Google Drive) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]CHR Extension: (Google Search) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]CHR Extension: (avast! SafePrice) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-14]CHR Extension: (AdBlock) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-14]CHR Extension: (avast! Online Security) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-02]CHR Extension: (Turn Off the Lights) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\labjanboighjienkhiabgpefblkbmemd [2014-05-02]CHR Extension: (Google Wallet) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]CHR Extension: (Gmail) - C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-03]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-03] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-03] (AVAST Software)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo) [File not signed]R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154112 2014-09-10] () [File not signed]S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-05-19] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-03] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-03] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-03] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-03] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-03] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-03] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-03] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-03] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-03] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-03] ()R3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [60928 2012-07-05] (GenesysLogic)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation )R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation )U3 TrueSight; C:\windows\System32\Drivers\TrueSight.sys [36456 2014-09-15] ()S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe2014-09-16 13:45 - 2014-09-16 13:45 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg2014-09-16 13:34 - 2014-09-16 13:34 - 00000690 _____ () C:\Users\alexi\Desktop\JRT.txt2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe2014-09-16 13:18 - 2014-09-16 13:21 - 00000000 ____D () C:\AdwCleaner2014-09-16 13:18 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe2014-09-16 08:27 - 2014-09-16 08:27 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-09-15 23:11 - 2014-09-16 14:37 - 00022056 _____ () C:\Users\alexi\Downloads\FRST.txt2014-09-15 23:11 - 2014-09-15 23:12 - 00041046 _____ () C:\Users\alexi\Downloads\Addition.txt2014-09-15 23:10 - 2014-09-16 14:36 - 00000000 ____D () C:\FRST2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt2014-09-15 14:21 - 2014-09-16 14:23 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-15 14:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-09-15 14:21 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-09-15 14:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe2014-09-14 02:04 - 2014-09-15 03:20 - 00001024 _____ () C:\.rnd2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~12014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc2014-09-12 17:09 - 2014-09-12 17:10 - 00000000 ____D () C:\ProgramData\UAB2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support2014-09-11 16:48 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-09-11 16:48 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-09-11 16:48 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-09-11 16:48 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-11 16:48 - 2014-06-24 00:35 - 00010450 _____ () C:\windows\system32\autoconfig.cab2014-09-11 16:48 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll2014-09-11 16:48 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2014-09-11 16:48 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll2014-09-11 16:48 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll2014-09-11 16:48 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll2014-09-11 16:47 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll2014-09-11 16:47 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-11 16:47 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2014-09-11 16:47 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2014-09-10 20:38 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2014-09-10 20:38 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2014-09-10 20:38 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2014-09-10 20:38 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2014-09-10 20:38 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2014-09-10 20:38 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2014-09-10 20:38 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2014-09-10 20:38 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2014-09-10 20:38 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll2014-09-10 20:38 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll2014-09-10 20:38 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll2014-09-10 20:38 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll2014-09-10 20:37 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-09-10 20:37 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-09-10 20:37 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-09-10 20:37 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-09-10 20:37 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-09-10 20:37 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-09-10 20:37 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll2014-09-10 20:37 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll2014-09-10 20:37 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-09-10 20:37 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-09-10 20:37 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-09-10 20:37 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-09-10 20:36 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-09-10 20:36 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-09-10 20:36 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll2014-09-10 20:36 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-09-10 20:36 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-09-10 20:36 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-09-10 20:36 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-09-10 20:36 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-09-10 20:36 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-09-10 20:36 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-09-10 20:36 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2014-09-10 20:36 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-09-10 20:36 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-09-10 20:36 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-09-10 20:36 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-09-10 20:36 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-09-10 20:36 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-09-10 20:36 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-09-10 20:36 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2014-09-10 20:36 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-09-10 20:36 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-09-10 20:36 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-09-10 20:36 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll2014-09-10 20:36 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-09-10 20:36 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-09-10 20:36 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2014-09-10 20:36 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-09-10 20:36 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll2014-09-10 20:36 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-09-10 20:36 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-09-10 20:32 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe2014-09-10 20:32 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll2014-08-29 01:28 - 2014-08-29 01:29 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no2014-08-28 11:23 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-16 14:37 - 2014-09-15 23:11 - 00022056 _____ () C:\Users\alexi\Downloads\FRST.txt2014-09-16 14:37 - 2013-10-06 14:50 - 00000214 _____ () C:\Users\alexi\Documents\pms.xml2014-09-16 14:36 - 2014-09-15 23:10 - 00000000 ____D () C:\FRST2014-09-16 14:35 - 2014-09-16 14:35 - 02953520 _____ (AVAST Software) C:\Users\alexi\Downloads\avast-browser-cleanup.exe2014-09-16 14:24 - 2014-06-23 18:33 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Skype2014-09-16 14:23 - 2014-09-15 14:21 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-09-16 14:05 - 2013-10-06 15:30 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-16 14:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru2014-09-16 13:51 - 2014-04-28 14:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-09-16 13:51 - 2013-10-06 14:57 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243815903-1607662779-547259091-10012014-09-16 13:50 - 2013-10-06 15:33 - 00000000 ____D () C:\Program Files (x86)\Steam2014-09-16 13:46 - 2013-10-06 15:30 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-16 13:46 - 2012-08-01 08:51 - 00098518 _____ () C:\windows\PFRO.log2014-09-16 13:46 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-09-16 13:45 - 2014-09-16 13:45 - 00000008 _____ () C:\Users\alexi\Documents\lmscfg2014-09-16 13:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\LiveKernelReports2014-09-16 13:45 - 2012-07-25 22:26 - 00524288 ___SH () C:\windows\system32\config\BBI2014-09-16 13:34 - 2014-09-16 13:34 - 00000690 _____ () C:\Users\alexi\Desktop\JRT.txt2014-09-16 13:28 - 2014-09-16 13:28 - 00000000 ____D () C:\windows\ERUNT2014-09-16 13:27 - 2014-09-16 13:27 - 01016035 _____ (Thisisu) C:\Users\alexi\Downloads\JRT.exe2014-09-16 13:26 - 2014-09-16 13:26 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner (1).exe2014-09-16 13:22 - 2013-02-20 04:16 - 02082433 _____ () C:\windows\WindowsUpdate.log2014-09-16 13:22 - 2012-08-01 09:50 - 00000000 ____D () C:\windows\Panther2014-09-16 13:22 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Speech2014-09-16 13:21 - 2014-09-16 13:18 - 00000000 ____D () C:\AdwCleaner2014-09-16 13:17 - 2014-09-16 13:17 - 01373475 _____ () C:\Users\alexi\Downloads\AdwCleaner.exe2014-09-16 08:27 - 2014-09-16 08:27 - 00000000 ____D () C:\Users\alexi\AppData\Local\CrashDumps2014-09-15 23:14 - 2014-09-15 23:14 - 05429848 _____ () C:\Users\alexi\Downloads\RogueKillerX64.exe2014-09-15 23:14 - 2014-09-15 23:14 - 00036456 _____ () C:\windows\system32\Drivers\TrueSight.sys2014-09-15 23:14 - 2014-09-15 23:14 - 00000000 ____D () C:\ProgramData\RogueKiller2014-09-15 23:12 - 2014-09-15 23:11 - 00041046 _____ () C:\Users\alexi\Downloads\Addition.txt2014-09-15 23:10 - 2014-09-15 23:10 - 02105856 _____ (Farbar) C:\Users\alexi\Downloads\FRST64.exe2014-09-15 22:05 - 2014-09-15 22:05 - 00001683 _____ () C:\Users\alexi\Desktop\pop.txt2014-09-15 14:31 - 2013-02-20 04:11 - 00000000 ____D () C:\Program Files (x86)\Amazon2014-09-15 14:21 - 2014-09-15 14:21 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-15 14:21 - 2014-09-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-15 14:20 - 2014-09-15 14:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\alexi\Downloads\mbam-setup-2.0.2.1012.exe2014-09-15 03:20 - 2014-09-14 02:04 - 00001024 _____ () C:\.rnd2014-09-14 22:57 - 2013-12-16 21:18 - 00000000 ____D () C:\Users\alexi\Desktop\Wallpapers2014-09-14 15:33 - 2013-02-20 04:02 - 00000000 ____D () C:\temp2014-09-14 08:43 - 2013-10-10 17:31 - 00000000 ____D () C:\windows\system32\MRT2014-09-14 08:37 - 2013-10-10 17:31 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-09-14 01:11 - 2014-09-14 01:11 - 00000299 _____ () C:\Users\alexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk2014-09-14 00:46 - 2014-09-14 00:46 - 00000000 ___HD () C:\Lenovo2014-09-13 22:31 - 2014-08-07 19:51 - 00000000 ____D () C:\Users\alexi\Desktop\Avast2014-09-13 22:19 - 2013-02-20 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-09-13 22:18 - 2014-09-13 22:18 - 00000000 ____D () C:\Users\ADMINI~12014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios2014-09-13 15:28 - 2014-04-01 18:48 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios2014-09-12 18:22 - 2014-09-12 18:22 - 00000046 _____ () C:\Users\alexi\AppData\Roaming\WB.CFG2014-09-12 17:36 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\alexi\AppData\Roaming\Mael2014-09-12 17:27 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI2014-09-12 17:24 - 2012-07-26 00:21 - 00409495 _____ () C:\windows\setupact.log2014-09-12 17:23 - 2014-09-12 17:23 - 00000000 ____D () C:\Users\alexi\AppData\Local\Daring_Development_Inc2014-09-12 17:21 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Resources2014-09-12 17:10 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\UAB2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\Users\alexi\AppData\Local\PC_Drivers_Headquarters2014-09-12 17:09 - 2014-09-12 17:09 - 00000000 ____D () C:\ProgramData\Driver Support2014-09-12 08:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData2014-09-12 02:46 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore2014-09-12 02:45 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp2014-09-10 20:39 - 2013-10-10 16:56 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-09 10:51 - 2014-04-28 14:08 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-09-06 22:19 - 2014-02-12 22:58 - 00000000 ____D () C:\ProgramData\Origin2014-09-06 22:18 - 2014-02-12 22:59 - 00000000 ____D () C:\Program Files (x86)\Origin Games2014-09-06 21:17 - 2014-08-13 18:22 - 00000000 ____D () C:\Users\alexi\Documents\FIFA World2014-09-06 21:08 - 2013-11-24 12:24 - 00213818 _____ () C:\windows\DirectX.log2014-09-06 20:58 - 2014-02-12 22:58 - 00000000 ____D () C:\Program Files (x86)\Origin2014-09-02 12:32 - 2013-11-15 22:38 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-09-02 12:32 - 2013-11-15 22:38 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-08-31 11:51 - 2014-08-03 21:11 - 00427008 _____ () C:\windows\system32\FNTCACHE.DAT2014-08-29 01:29 - 2014-08-29 01:28 - 00000000 ____D () C:\Users\alexi\Desktop\Yeah...no2014-08-29 01:24 - 2014-08-07 19:50 - 00000000 ____D () C:\Users\alexi\Desktop\WS Fixer2014-08-28 04:34 - 2014-09-10 20:38 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2014-08-27 23:05 - 2014-09-10 20:38 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2014-08-27 23:05 - 2014-09-10 20:38 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2014-08-27 23:05 - 2014-09-10 20:38 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2014-08-27 23:05 - 2014-09-10 20:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2014-08-27 23:02 - 2014-09-10 20:38 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2014-08-27 23:01 - 2014-09-10 20:38 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2014-08-27 23:01 - 2014-09-10 20:38 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2014-08-27 23:01 - 2014-09-10 20:38 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll2014-08-26 08:51 - 2014-08-26 08:51 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb2014-08-25 12:47 - 2014-06-23 18:33 - 00000000 ____D () C:\ProgramData\Skype2014-08-24 01:08 - 2014-07-20 11:39 - 00000000 ____D () C:\Program Files (x86)\Java2014-08-23 00:08 - 2014-08-23 00:08 - 00000920 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk2014-08-23 00:08 - 2014-08-23 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine2014-08-23 00:05 - 2014-08-23 00:05 - 00000000 ____D () C:\Games2014-08-22 23:47 - 2014-08-28 11:23 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-08-22 23:24 - 2014-07-20 11:39 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-08-22 23:24 - 2014-07-20 11:39 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-08-22 23:24 - 2014-07-20 11:39 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-08-22 23:24 - 2014-05-04 15:34 - 00000000 ____D () C:\ProgramData\Oracle2014-08-22 14:56 - 2014-08-08 00:38 - 00000003 _____ () C:\windows\system32\HRUPPROG.TXT2014-08-20 16:40 - 2014-09-11 16:48 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe2014-08-20 10:05 - 2014-09-11 16:48 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll2014-08-20 10:05 - 2014-09-11 16:47 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll2014-08-20 10:05 - 2014-09-11 16:47 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-08-20 10:02 - 2014-09-11 16:48 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll2014-08-20 10:02 - 2014-09-11 16:48 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll Some content of TEMP:====================C:\Users\alexi\AppData\Local\Temp\BackupSetup.exeC:\Users\alexi\AppData\Local\Temp\nss1D8C.tmp.exeC:\Users\alexi\AppData\Local\Temp\oi_{CE03D37B-D558-4E0C-B4B1-C442C10DAC00}.exeC:\Users\alexi\AppData\Local\Temp\Quarantine.exeC:\Users\alexi\AppData\Local\Temp\SRLDetectionLibrary408831142462744779.dllC:\Users\alexi\AppData\Local\Temp\swt-win32-3349.dllC:\Users\alexi\AppData\Local\Temp\Uninstall.exeC:\Users\alexi\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-14 08:37 ==================== End Of Log ============================ And the Addition note Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014Ran by alexi at 2014-09-16 14:37:15Running from C:\Users\alexi\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) HiddenAdobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) HiddenAdobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Archeblade (HKLM-x32\...\Steam App 207230) (Version: - CodeBrush Games)avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)Devil May Cry 3: Special Edition (HKLM-x32\...\Steam App 6550) (Version: - CAPCOM Co., Ltd.)Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version: - Capcom)Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0815 - Lenovo)Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.1.0 - Genesys Logic)Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenInterstellar Marines (HKLM-x32\...\Steam App 236370) (Version: - Zero Point Software)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) HiddenJunk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenKilling Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version: - Big Huge Games)League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)League of Legends (x32 Version: 3.0.0 - Riot Games) HiddenLeft 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG)Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) HiddenLenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) HiddenLenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenNether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games)Nihilumbra (HKLM-x32\...\Steam App 252670) (Version: - Beautifun Games)NVIDIA Control Panel 305.93 (Version: 305.93 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 305.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.93 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenPortal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0704 - Lenovo)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6649 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version: - )Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Source Filmmaker (HKLM-x32\...\Steam App 1840) (Version: - Valve)Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)SpaceEngine version 0.9.7.1 (HKLM-x32\...\{53E413B3-2417-4BD1-984D-8C92C81C231F}_is1) (Version: 0.9.7.1 - SpaceEngine)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)Super Street Fighter IV: Arcade Edition (HKLM-x32\...\Steam App 45760) (Version: - Capcom)System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenWinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version: - Zombie Panic Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4243815903-1607662779-547259091-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\alexi\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 04-09-2014 21:43:26 Scheduled Checkpoint07-09-2014 04:06:35 Installed DirectX11-09-2014 03:35:15 Windows Update13-09-2014 22:27:49 Removed Hi-Rez Studios Games ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {59E3036C-1158-41D1-A7E6-54226CDEFCFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-09-14] (Microsoft Corporation)Task: {79ACCC34-5F16-4FA7-9664-1ABEE0CC976F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)Task: {82B28FDF-AD8B-4F09-8C80-23EF5608A142} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)Task: {9751432C-603E-4DF6-A326-6D42248DFAAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {AFD0099A-7E09-46CE-B7DE-1F2E297C87FD} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()Task: {BF8C0DFE-9E7A-4A64-8D3C-947D35A36C69} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {D7E81082-5AF5-4F78-9104-752998B68FF9} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)Task: {DE4B03D7-AD75-4A06-AED4-A478B7C6C9D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {E3DC12E4-03A3-456C-880B-7C256BF17446} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-03] (AVAST Software)Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-10 17:48 - 2014-09-10 17:48 - 00154112 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe2013-10-06 15:08 - 2013-10-06 15:09 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2014-08-03 18:14 - 2014-08-03 18:14 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-09-16 13:21 - 2014-09-16 13:21 - 02863104 _____ () C:\Program Files\AVAST Software\Avast\defs\14091601\algo.dll2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-09-10 17:48 - 2014-09-10 17:48 - 00070656 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node2014-08-29 01:24 - 2014-08-21 11:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2013-08-21 14:18 - 2014-08-20 15:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2014-05-22 12:54 - 2014-08-28 04:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2014-08-29 01:24 - 2014-08-21 11:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2013-09-21 10:35 - 2014-08-28 04:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2009-12-04 17:59 - 2009-12-04 17:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll2009-12-04 18:04 - 2009-12-04 18:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll2014-08-03 18:14 - 2014-08-03 18:14 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-09-12 15:06 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll2014-09-12 15:06 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll2014-09-12 15:06 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll2014-09-12 15:06 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll2014-09-12 15:06 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll2013-09-10 14:20 - 2014-08-20 15:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2014-08-18 12:38 - 2014-08-20 15:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll2013-02-20 04:03 - 2012-06-24 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-09-12 15:06 - 2014-09-03 20:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\windows:nlsPreferences ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "UMonit"HKLM\...\StartupApproved\Run32: => "HP Software Update"HKLM\...\StartupApproved\Run32: => "mcui_exe"HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"HKLM\...\StartupApproved\Run32: => "jmesoft"HKCU\...\StartupApproved\Run: => "Driver Support" ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:================== System errors:=============Error: (09/16/2014 01:46:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dllError Code: 126 Error: (09/16/2014 01:45:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)Description: 0xc000014d0 Microsoft Office Sessions:========================= ==================== Memory info =========================== Processor: Intel® Core i7-3770 CPU @ 3.40GHzPercentage of memory in use: 29%Total physical RAM: 12248.3 MBAvailable physical RAM: 8618.25 MBTotal Pagefile: 15320.3 MBAvailable Pagefile: 11074.53 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:1836.32 GB) (Free:1552.99 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 1863 GB) (Disk ID: 5DC6B6F5) Partition: GPT Partition Type. Thanks for your help as well, sorry about the trouble.

Here is the AdwCleaner report # AdwCleaner v3.310 - Report created 16/09/2014 at 13:21:45# Updated 12/09/2014 by Xplode# Operating System : Windows 8 (64 bits)# Username : alexi - ALEXIPC# Running from : C:\Users\alexi\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** [#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222Service Deleted : netfilter64 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BrowserFolder Deleted : C:\Users\alexi\AppData\Roaming\SystweakFolder Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigckFile Deleted : C:\Users\alexi\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorageFile Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journalFile Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorageFile Deleted : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** Task Deleted : Driver Support-RTMRulesTask Deleted : Driver Support-RTMScanTask Deleted : Driver Support-RTMScanRunOnceTask Deleted : Driver Support-RTMUpdater ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}Key Deleted : HKCU\Software\LinkeyKey Deleted : HKCU\Software\systweakKey Deleted : HKLM\SOFTWARE\systweak ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Google Chrome v37.0.2062.120 [ File : C:\Users\alexi\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [startup_urls] : hxxp://www.default-search.net?sid=498&aid=100&itype=n&ver=12386&tm=334&src=hmpDeleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhmDeleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck ************************* AdwCleaner[R0].txt - [3178 octets] - [16/09/2014 13:18:18]AdwCleaner[s0].txt - [2960 octets] - [16/09/2014 13:21:45] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3020 octets] ########## and here is the JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.5 (09.16.2014:1)OS: Windows 8 x64Ran by ALEX on Tue 09/16/2014 at 13:28:18.33~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 09/16/2014 at 13:34:41.15End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I still have the savifier ads popping up.

Here is the report from RogueKiller RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : alexi [Admin rights]Mode : Scan -- Date : 09/15/2014 23:21:58 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 32 ¤¤¤[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:5050 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{423DE53F-7782-46DD-9F9F-3CC1A4FB9CF8} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57562B2C-96D7-4AF7-831E-175576B4F8EA} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{423DE53F-7782-46DD-9F9F-3CC1A4FB9CF8} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{57562B2C-96D7-4AF7-831E-175576B4F8EA} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4243815903-1607662779-547259091-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[suspicious.Path] \\OFFICE2010ACT -- C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST2000DM001-9YN164 +++++--- User ---[MBR] ee1f918680f51e0f9488e42c78536b6d[bSP] 82c5d9403d15c0280f717b1ad3ddf8dc : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKUser = LL2 ... OK and I have the 2 files attached below.Addition.txt FRST.txt

I somehow downloaded a program called 'Savifier' which pops up ads on every page I visit comparing prices of things so I can get it for cheaper. I don't want this and I cant get rid of it. I've run Malwarebytes and it cleared a bunch of stuff but the savifier is still there on the webpages. I also checked the Control Panel to see if I could uninstall it from there but the program doesn't show up. I hope someone may be able to help me.